….for authentication and confidentiality PGP

Slides:



Advertisements
Similar presentations
Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Advertisements

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security
Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Cryptography 101 Frank Hecker
Electronic Mail Security
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
Electronic mail security. Outline Pretty good privacy S/MIME.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Network Security Essentials Chapter 7 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Chapter 15: Electronic Mail Security
1 Electronic Mail Security Outline Pretty good privacy S/MIME Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.
Pretty Good Privacy (PGP) Security for Electronic .
CSCE 815 Network Security Lecture 11 Security PGP February 25, 2003.
SECURITY – Chapter 15 SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General.
NETWORK SECURITY.
Security PGP IT352 | Network Security |Najwa AlGhamdi 1.
PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.
1 Electronic Mail Security Behzad Akbari Fall 2009 In the Name of the Most High.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Prof. Wenguo Wang Network Information Security Prof. Wenguo Wang Tel College of Computer Science QUFU NORMAL UNIVERSITY.
1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME.
Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.
第五章 电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.
Electronic mail security. Outline Pretty good privacy S/MIME.
Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Electronic mail security
K. U. Khimani Asst. Prof. IT Dept. VVP Engineering College
Security is one of the most widely used and regarded network services
Chapter 15 – Electronic Mail Security
By Marwan Al-Namari Author: William Stallings
Security Pretty Good Privacy (PGP)
CSE565: Computer Security Lectures 19, 20 Electronic Mail Security
Selected Research Topics Electronic Mail Security
Electronic Mail Security
MAIL AND SECURITY PERTEMUAN 13
Cryptography and Network Security Chapter 15
Cryptography and Network Security
University of Houston Network Security Datacom II Lecture 8
Security at the Application Layer: PGP and S/MIME
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
Cryptography and Network Security Chapter 15
Electronic Mail Security
Cryptography and Network Security Chapter 15
Cryptography and Network Security Chapter 15
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Cryptography and Network Security Chapter 18
Cryptography and Network Security
Electronic Mail Security
Cryptography and Network Security
Presentation transcript:

E-MAIL SECURITY – Chapter 15 ….for authentication and confidentiality PGP Uses best algorithms as building blocks General purpose Package/source code free Low-cost commercial version No government

PGP CRYPTOGRAPHIC FUNCTIONS

Confidentiality Compression e-mail Segmentation PGP for……. Authentication Confidentiality Compression e-mail Segmentation

DIGITAL SIGNATURES (fig 15.1a) SHA-1 with RSA  Signature (RSA, KUa)  KRa (H, KRa)  Signed (alternative – DSS/SHA-1)

- Separate Transmission - separate log detect virus DETACHED SIGNATURES instead of….. Attached Signatures use….. Detached Signatures - Separate Transmission - separate log detect virus many signatures – one doc

CONFIDENTIALITY (fig 15.1b) CAST or IDEA or 3DES : CFB – 64 Key Distribution: RSA/Diffie-Hellman/El Gamal Symmetric Key used once/message Random  128-bit key, Ks : key sent with message

SYMMETRIC/PUBLIC COMBINATION Faster than just PUBLIC PUBLIC solves key distribution No protocol – one-time message No handshaking One-time keys strengthen security (weakest link is public)

CONFIDENTIALITY and AUTHENTICATION (fig 15.c) Authentication - plaintext mess. stored third-party can verify signature without needing to know secret key Compression Confidentiality

COMPRESSION - why? Benefit - efficiency Why, Signature then Compression then Confidentiality ? Sign Uncompressed Message - off-line storage No need for single compression algorithm Encryption after compression is stronger

E-Mail COMPATIBILITY e-mail uses ASCII PGP(8-bit)  ASCII Base-64: 3x8  4 x ASCII + CRC 33% Expansion !! (fig 15.2)

RADIX-64 FORMAT

Tx and Rx of PGP Messages

SEGMENTATION / REASSEMBLY Max length restriction e.g. internet = 50,000 x 8-bits PGP Segments automatically but, One session key,signature/message

} PGP KEYS one-time session : use random number gen. 2. public 3. private 4. passphrase-based } key id file of key pairs for all users multiple pairs

SESSION-KEY GENERATION CAST / IDEA / 3DES in CFB mode 64 64 plaintext - user key strokes K K – user key strokes and old session key 128 64 64 } New Session Key

each public key has key ID (least 64 bits) KEY IDENTIFIERS Which public key? each public key has key ID (least 64 bits) With high prob., no key ID collision

Message,m [data, filename, timestamp] signature (optional) MESSAGE FORMAT (fig 15.3) Message,m [data, filename, timestamp] signature (optional) includes digest = hash(m(data)||T) therefore signature is: [T, EKRa(digest),2x8(digest), KeyID] session key (optional) [key, IDKUb]

MESSAGE FORMAT

store public/private pairs of node A Public Key Ring KEY RINGS (fig 15.4) Private Key Ring store public/private pairs of node A Public Key Ring store public keys of all other nodes

KEY RINGS

ENCRYPTED PRIVATE KEYS on PRIVATE KEY-RING User passphrase System asks user for passphrase Passphrase  160-bit hash Ehash(private key) subsequent access requires passphrase

PGP MESSAGE GENERATION

PGP MESSAGE RECEPTION

PUBLIC KEY MANAGEMENT Problem: need tamper-resistant public-keys (e.g. in case A thinks KUc is KUb) Two threats: C  A (forge B’s signature) A  B (decrypt by C) solution: Key-Revoking

PGP TRUST MODEL EXAMPLE

ZIP freeware (c) : UNIX, PKZIP : Windows LZ77 (Ziv,Lempel) Repetitions  short code (on the fly) codes re-used algorithm MUST be reversible

ZIP (example) (Fig 15.9) char  9 bits = 1 bit + 8-bit ascii look for repeated sequences continue until repetition ends e.g. the brown fox  8-bit pointer, 4-bit length, 00  12-bit pointer, 6-bit length, 01 then ’ jump’  ptr + length, ind compressed to 35x9-bit + two codes = 343 bits Compression Ratio = 424/343 = 1.24

ZIP (example)

COMPRESSION ALGORITHM Sliding History Buffer – last N chars Look-Ahead Buffer – next N chars Algorithm tries to match chars from 2. to 1. if no match, 9 bits LAB  9 bits SHB else if match found output: indicator for length K string, ptr, length K bits LAB  K bits SHB

COMPRESSION ALGORITHM

PGP RANDOM NUMBER GENERATION

S/MIME (Secure/Multipurpose Mail Extension) S/MIME - commercial PGP - private S/MIME - based on MIME (designed for RFC822) RFC822 - traditional text-mail internet standard Envelope + Contents

CRYPTO ALGORITHMS USED in S/MIME (Table 15.6) Sender/Recipients must agree on common encryption algorithm S/MIME secures MIME entity with signature and/or encryption MIME entity entire message subpart of message

SECURING a MIME ENTITY WRAPPED in PREPARE S/MIME MIME security data PKCS OBJECT S/MIME

S/MIME CERTIFICATE PROCESSING Hybrid of X.509 certification authority and PGP’s ”web of trust” Configure each client  Trusted Keys Certification Revocation List

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.