Secure e-mail How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
PGP Overview 2004/11/30 Information-Center meeting peterkim.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
Electronic mail security -- Pretty Good Privacy.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
Electronic Mail Security
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Chapter 15: Electronic Mail Security
1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
NETWORK SECURITY.
Security PGP IT352 | Network Security |Najwa AlGhamdi 1.
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME.
Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.
Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.
第五章 电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.
Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Key management issues in PGP
Electronic mail security
K. U. Khimani Asst. Prof. IT Dept. VVP Engineering College
Security is one of the most widely used and regarded network services
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Cryptography Why Cryptography Symmetric Encryption
Computer Communication & Networks
e-Health Platform End 2 End encryption
Basic Network Encryption
Selected Research Topics Electronic Mail Security
Electronic Mail Security
MAIL AND SECURITY PERTEMUAN 13
Digital Signatures Last Updated: Oct 14, 2017.
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Keys Campbell R. Harvey Duke University, NBER and
Campbell R. Harvey Duke University and NBER
Security at the Application Layer: PGP and S/MIME
Pooja programmer,cse department
ELECTRONIC MAIL SECURITY
Campbell R. Harvey Duke University and NBER
Secure Electronic Transaction (SET) University of Windsor
ELECTRONIC MAIL SECURITY
Protocol ap1.0: Alice says “I am Alice”
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Electronic Mail Security
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Basic Network Encryption
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Security: Integrity, Authentication, Non-repudiation
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Electronic Mail Security
Chapter 8 roadmap 8.1 What is network security?
Cryptography and Network Security
….for authentication and confidentiality PGP
Presentation transcript:

Secure e-mail How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys, then straightforward. Can use public-key cryptography to distribute keys. But users do not want to hassle with certificate authority.

Secure e-mail: PGP PGP = Pretty Good Privacy It is availiable free on a variety of platforms. inventor, Phil Zimmerman, was target of 3-year federal investigation. Based on well known algorithms. Not developed or controlled by government or standards organizations

Sender Authentication and Message Integrity Alice wants to provide sender authentication message integrity. H( ) . KA( ) - + H(m ) KA(H(m)) m KA Internet compare Alice digitally signs message. sends both message (in the clear) and digital signature.

PGP Hash: Public key cryptography: SHA-1 160 bits Public key cryptography: RSA Question: Why digital signatures for authentication? Why not a MAC? Could use public-key crypto to get a shared key. But if there are 100 recipients? Need to distribute 100 MAC keys.

. Confidentiality - Alice: Alice wants to send confidential e-mail, m, to Bob. KS( ) . KB( ) + - KS(m ) KB(KS ) m KS KB Internet Alice: generates random symmetric key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key. sends both KS(m) and KB(KS) to Bob.

. Confidentiality - Bob: Alice wants to send confidential e-mail, m, to Bob. KS( ) . KB( ) + - KS(m ) KB(KS ) m KS KB Internet Bob: uses private key to obtain KS uses KS to decrypt KS(m)

Confidentiality: PGP Session key: 128 bits Symmetric encryption: CAST-128 or IDEA or 3DES Public key encryption RSA

Secure e-mail: Confidentiality and Authentication Alice wants to provide secrecy, sender authentication, message integrity. KA - H( ) . KA( ) . - KA(H(m)) - m KS KS( ) . + + m Internet KB( ) . + KS KB(KS ) + KB + Alice uses three keys: her private key, Bob’s public key, newly created symmetric key

PGP key rings Each node has two key rings: Public/private key pairs owned by that node Public key of other users For the keys of other users, for each key track: user id: e-mail address, name, address, etc. public key timestamp: date when key was generated key ID key legitimacy signatures

Format of PGP Message Users may have multiple key pairs Key ID’s: last 64 bits of public key Message component Signature component Timestamp Key ID of Mess digest: Leading two octets in clear, to verify correct key is being used Session key component key ID of KB Session key: KS KA + KA(H(m)) - +

PGP Trust No certificate authority How does Alice obtain Bob’s public key? Alice physically gets key from Bob Or from phone conversation Or gets Bob’s key from Claire, who Alice may or may not trust For a key in your key ring: Can you trust that key really belongs to the person defined by the user-id? Can you trust that user-id to vouch for other keys? For each key on ring: Key legitimacy field indicates how much you trust this key to be valid for the associated user. Determined by PGP algorithm Signatures for key. Each signature signed with private key of some user Also, key ring includes trust values for owners of keys in key ring Determined by you.

Public key management: example Suppose Alice inserts new public key in key ring. If Alice is owner, trust assigned to Alice is ultimate. Otherwise, Alice must assign trust value to owner of key: unknown untrusted marginally trusted completely trusted. New public key may come with signatures vouching for the key. For each signature, PGP searches ring to see if author of signature is in key ring. Key legitimacy = legit if one signature completely trusted. Otherwise, determined from formula based on trust of signatures: above threshold, key is considered legit

Example You first assign trust levels to users legit and trusted 2) PGP estimates which keys are legit legit and trusted legit, not trusted

Example You first assign trust levels to users legit and trusted 2) PGP estimates which keys are legit legit and trusted legit, not trusted

PGP summary PGP provides security at the application layer to a single application Provides: Authentication, integrity, confidentiality Public key verification Web of trust