ECE Prof. John A. Copeland fax Office: Klaus 3362 MWF after class; or call for office visit Chapter 5a - Pretty Good Privacy (PGP) (aka GPG or GnuPG - Gnu Privacy Guard)

Electronic Mail In 1982, ARPANET proposals were published as RFC 821 ( and RFC 822 services since are based on these RFC's (+ many later) CCITT X.400 & ISO MOTIS grew and waned as competitors "User Agents" UA, and "Message Transfer Agents" MTA Three parts to an message: Envelope - information used to forward the contents Header - standard strings, some added in route. >To: Cc: Bcc: From: Sender: >Received: (added in route), Return-Path: (by final MTA) >MIME headers added by RFC 1341 and 1521 > A. S. Tanenbaum, "Computer Networks," (3rd ed.) p.651 2

MIME Headers Multipurpose Internet Mail Extensions (MIME) RFC 1341 and RFC 1521 MIME -Version:version number Content-Description: human-readable string Content-ID:unique identifier Content-Transfer-Encoding:body encoding >ASCII (Plain, quoted-printable, or Richtext) >Binary (base64) Content-Type:nature of the message >Image (gif, jpeg), Video (mpeg), >Application (Postscript, octet-stream) > A.S.Tanenbaum, "Computer Networks," (3rd ed.) p.653 3

Received: from didier.ee.gatech.edu (didier.ee.gatech.edu [ ]) by eagle.gcatt.gatech.edu (8.8.8+Sun/8.7.1) with ESMTP id UAA00818 for ; Fri, 30 Jul :00: (EDT) Received: from bwnewsletter.com (gw2.mcgraw-hill.com [ ]) by didier.ee.gatech.edu (8.9.0/8.9.0) with ESMTP id UAA16500 for Fri, 30 Jul :00: (EDT) Received: from NOP ( ) by bwnewsletter.com with SMTP (Eudora Internet Mail Server 2.1); Fri, 30 Jul :24: Message-Id: X-Sender: (Unverified) X-Mailer: Windows Eudora Light Version (32) Mime-Version: 1.0 Date: Fri, 30 Jul :21: To: (note: I was on a Bcc: list) From: BW Online Subject: BUSINESS WEEK ONLINE INSIDER -- July 30 Content-Type: text/plain; charset="us-ascii" Content-Length:

$ nslookup -q=MX ee.gatech.edu (nslookup -> host) ee.gatech.edu preference = 10, mail exchanger = mail.ee.gatech.edu ee.gatech.edu nameserver = eeserv.ee.gatech.edu ee.gatech.edu nameserver = duchess.ee.gatech.edu ee.gatech.edu nameserver = didier.ee.gatech.edu mail.ee.gatech.edu internet address = eeserv.ee.gatech.edu internet address = duchess.ee.gatech.edu internet address = didier.ee.gatech.edu internet address =

$ nslookup -q=mx mcgraw-hill.com Non-authoritative answer: mcgraw-hill.com preference = 20, mail exchanger = interlock.mgh.com Authoritative answers can be found from: mcgraw-hill.com nameserver = NS-01A.ANS.NET mcgraw-hill.com nameserver = NS-01B.ANS.NET mcgraw-hill.com nameserver = NS-02A.ANS.NET mcgraw-hill.com nameserver = NS-02B.ANS.NET NS-01A.ANS.NET internet address = NS-01B.ANS.NET internet address = NS-02A.ANS.NET internet address = NS-02B.ANS.NET internet address =

$ nslookup [can also use “host” or “dig”] Name: gw2.mcgraw-hill.com Address: $ nslookup *** can't find : Non-existent host/domain $ traceroute [on MS Windows, open DOS, type “tracert”] ( ): 17ms 2 stn-mtn-rtrb.atl.mediaone.net. ( ): 18ms ( ): 20ms ( ): 17ms ( ): 25ms 6 sgarden-sa-gsr.carolina.rr.com. ( ): 26ms 7 roc-gsr-greensboro-gsr.carolina. ( ): 29ms ( ): 38ms 9 sjbrt01-vnbrt01.rr.com. ( ): 41ms 10 pnbrt01-vnbrt01.rr.com. ( ): 42ms 11 p217.t3.ans.net. ( ): 51ms 12 h13-1.t32-0.new-york.t3.ans.net. ( ): 49ms 13 f0-0.cnss33.new-york.t3.ans.net. ( ): 53ms 14 s0.enss3339.t3.ans.net. ( ): 61ms 15 * * * 16 * * * 7

$ whois OrgName: McGraw Hill, Inc OrgID: MCGRAW Address: 148 Princeton Htstown Rd City: Hightstown StateProv: NJ PostalCode: Country: US NetRange: CIDR: /16 NetName: MHP-NET NameServer: AUTH111.NS.UU.NET NameServer: AUTH120.NS.UU.NET Comment: RegDate: Updated: RTechHandle: MW1053-ARIN RTechName: Weyman, Mike RTechPhone: RTech RTechHandle: JGE8-ARIN RTechName: Gervasio, John RTechPhone: RTech OrgTechHandle: HOSTM339-ARIN OrgTechName: hostmaster OrgTechPhone: OrgTech # ARIN WHOIS database, last updated :10 # Enter ? for additional hints on searching ARIN's WHOIS database. 8

Security Services for Privacy - only read by intended recipient (confidentiality, access, authorization) Authentication - confidence in ID of sender Integrity - assurance of no data alteration Non-repudiation - proof that sender sent it (attribution) Less Common: Proof of submission - was sent to server Proof of delivery - was received by addressee 9

10 Investigating You Receive Look at “Raw” or “Source” Message to see: Headers HTML Links Investigate Source (who sent it) - “Lowest Received:” header Active Links in, {text} Image Links in Programs to Use nslookup - IP from URL, or URL from IP whois - Register of domain (not URL) traceroute - path of packets through routers

Privacy Establishing Keys Public Key Certification Exchange Public Keys Multiple Recipients Encrypt message m with session key, S Encrypt S with each recipient's key Send: {S; Kbob}, {S; Kann},..., {m; S} Authentication of Source Hash (MD4, MD5, SHA1) of message, encrypt with private key (provides ciphertext/plaintext pair) Secret Key K: MIC is hash of K+m, or CBC residue with K (assuming message not encrypted with K). 11

Message Integrity The source authentication methods that include a hash of the message provide MIC Non-repudiation Private-key signing provides non-repudiation. Secret-key method requires a "Notary" to "Sign" a time-stamp + hash of the message Proof of Delivery Acknowledge before reading - can't prove m was read. Acknowledge after - may have read without signing. 12

Names and Addresses X.500 Name (ISO standard) ?/C=US/O=CIA/OU=drugs/PN='Manny Norriega' Internet Name using the alias "mail" lets mail server program be moved from one host to another in gatech.edu domain, "mail" is an alias for "vip1.ecc". Old message - later Non-reputiation Need Notary to sign hash of message, Certificate used to authenticate Public Key, and current CRL 13

From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., 14 PGP Sign (optional) before Encryption (also optional)

From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., 15 with signature attached if there is one R64 Encoding How PGP Encryption Works

16 1. ZIP Compress 2. Encrypt with Session Key 3. Encode to text with R64 PGP Format Public key Private key Sender

17 PGP Receiver Public Key Ring Private Key Ring p ed.3 Typed Passphrase R64 Decode to binary ZIP Decompress Receiver’s Private Key Session Key Sender’s Public Key Check Signature Message H - Hash DC - Symmetric Decryption DP - Pub./Priv. Decryption

R64 Encode: Every 3 bytes split into 4 6-bit numbers n = 0 to 63 printable characters a-z A-Z / in a received message, “=“, “>”, CR, LF,... are ignored * for most 6-bit inputs, R64(n) just adds 64 (puts an “01” in front) *

19 ASCII Characters used for R64 Encoding

To: ”Jim Jones" From: John Copeland Subject: ECE8813 : PGP Endeavor... Cc: Bcc: X-Attachments: -----BEGIN PGP MESSAGE----- Version: PGPfreeware for non-commercial qANQR1DBwU4D6cjDU+QAxCwQB/9IZFOIuDSIIQbwa28SQ63DDioFb4bH4bmKfopX cvdDVQ1X53fSJzyLt12RslfQToje8YxRNidYMNg1zDTT7CR9q7LRFoAwBFVtQhWJ jFNXn1+aE8oePReMi6vS0DXSSDfgDuUb1R+c8htHoeik6Oebe9R90J3d51yyCojV AHT01kWlpvJIZGKyT3PdCh9wlr1hQsUGto10t32fBGsJCXew/EClb554AnyYSzP8 KAjuw1NdKOBlze0DCiO6Z5z+DAxAwlqTxcm42tthF5zFbTk4UKV6ORzIuHmRO7xR 5Io5nlM7T11PDaWqsjLr2ttrSySzARt5fAJ9l1mOH+hSl1YebRjZPaxWw+bsYuqN a0GYr2UdwgE1u5HQuhZ+bOIbSliShfKiNuDGHe6VJrchROHnC9Po2JWAOD7wMFq6 STZ/MPGzViaCUaaWPLSKleiURUh4Ly5/LaNYkaumO9vh+241FPqtZKqRVmHRg6dY UdgoI3yfc3JrvepFQT1yeRjEVrLQiUtyhcwdVoLjofgerGAfe3YuDCxM6wLIuCf7 Ro9edu01qTiXJj25cXHxeNMdA1txLxR3ontbExow+ML5kxs= =68Hd -----END PGP MESSAGE----- Radix-64 encoding of a binary (all 8-bit bytes) message 6-bits at a time into 64 printable ASCII characters (A-Z, a-z, 0-9, +, / bytes 65-90, , 48-57, 47, 43) pad with =. 20

21

Public Key Information - PGP Commercial 22

PGP Certificates Anyone can issue a Certificate to anyone, including themselves. Certificates can be revoked by the issuer, if a Certificate-Server is used with a Revocation Database. Where PEM expands data into canonical form, (+33% for text, +78% after encryption) PGP compresses data using ZIP(-50%), encrypts, then (optionally) converts to base64 (+33%) Privacy Enhanced Mail, another standard 23

Things of which to be aware Neither PEM nor PGP encodes mail headers Subject can give away useful info To and From give an intruder traffic analysis info PGP gives recipient the original file name and modification date PEM may be used in a local system with unknown trustworthyness of certificates Certificates often verify that sender is "John Smith" but he may not be the "John Smith" you think (PGP allows pictures in certificates) 24