PKI2001(TIFR,Mumbai) PGP Pretty Good Privacy Designed for secure transfer of e-mails with off-line or out of band key distribution.

Slides:



Advertisements
Similar presentations
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
Advertisements

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
PGP Overview 2004/11/30 Information-Center meeting peterkim.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Public Key Infrastructure (PKI) Jerad Bates University of Maryland, Baltimore County December 2007.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
WSU A Symphony in Four Movements. A Century of Controlled Flight.
... Jesús Almansa and Marco Carbone 4th April 2002 { jfa,
Using Digital Credentials On The World-Wide Web M. Winslett.
21 June 2006Copyright 2006 University of Kent1 Delegation of Authority (DyVOSE project) David Chadwick University of Kent.
Optimistic Synchronous Multi-Party Contract Signing N. Asokan, Baum-Waidner, M. Schunter, M. Waidner Presented By Uday Nayak Advisor: Chris Lynch.
Introduction To Windows NT ® Server And Internet Information Server.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Security Jonathan Calazan December 12, 2005.
By Xiaoheng Wu1 Cryptography Tool PGP. 2 Introduction Why PGP? History of PGP –First version released by Philip Zimmermann in 1991 Politics issue (Senate.
PRISM-PROOF Phillip Hallam-Baker Comodo Group Inc.
Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Trusted Key Server OpenPKSD TKS Hironobu SUZUKI IWFST 2005 International Workshop on Future Software Technology.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Trusted Key Server OpenPKSD TKS Hironobu SUZUKI IWFST 2005 International Workshop on Future Software Technology.
Bitcoin (what, why and how?)
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
Digital Inheritance of Personal and Commercial Content Using DRM H. Li, NXP Research M. Petkovic, Philips Research CCNC’07 DRM workshop, Jan
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
SIMDAT Authentification and Autorisation Matteo Dell’Acqua ET-CTS meeting, Toulouse, May 2008.
Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.
Cryptography. Introduction Encryption  The art (or science) of putting messages into a code, and the study of those coding techniques. Decryption  The.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Deepnet Unified Authentication for Outlook Anywhere.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
SECURE WEB APPLICATIONS VIA AUTOMATIC PARTITIONING S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, X. Zheng Cornell University.
Pretty Good Privacy (PGP) Security for Electronic .
Security PGP IT352 | Network Security |Najwa AlGhamdi 1.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
Student Experience It’s your education Type the web site address into the browser given to you by your junior high or high school Select “I am a student”
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
Using Public Key Cryptography Key management and public key infrastructures.
Digital Signatures and Digital Certificates Monil Adhikari.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 10: Certificates and Hashes.
2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME.
第五章 电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.
Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Key management issues in PGP
Performing Risk Analysis and Testing: Outsource or In-house
Security is one of the most widely used and regarded network services
Public Key Infrastructure
Certificates An increasingly popular form of authentication
God Gives 2 – 12 Faith is like a muscle
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Procedure for adding a Trusted Site
Set 8 first ran where new pretty call too him three after.
Presentation transcript:

PKI2001(TIFR,Mumbai) PGP Pretty Good Privacy Designed for secure transfer of s with off-line or out of band key distribution.

PKI2001(TIFR,Mumbai) Introduction n PGP users maintain their own list of public keys, called keyring. n PGP allows users to exchange keyrings. n Each user fully trusts the others they meet outside of the Internet.

PKI2001(TIFR,Mumbai) One Simple Example

PKI2001(TIFR,Mumbai) Alice Bob Chris Elvis Alice Bob Chris Elvis Bob Chris Bob Elvis Bob  Chris Elvis Alice  Bob Chris Elvis

PKI2001(TIFR,Mumbai) Web Of Trust n By Bob  Chris, Bob and Chris exchanged their keyrings, and they fully trust each other. n But what about Chris  Elvis, when “Elvis” is an impersonator of real Elvis ? n This means Chris has been fooled and ultimately Bob and Alice too. Since Alice  Bob

PKI2001(TIFR,Mumbai) Individual Trust Policy n PGP allows the user to assign one of four following attributes while adding a new key to the keyring a Completely trusted a Marginally trusted a Untrusted a Unknown.

PKI2001(TIFR,Mumbai) n The attributes attached with each key helps the keyring owner to decide how much trust he should put in the key. n The keyring owner can tune PGP’s criteria for accepting key. n For example, one can tell PGP to accept a key if it has been signed by F 2 completely trusted keys or F at least 3 marginally trusted keys, F 1 completely and 2 marginally trusted keys etc.

PKI2001(TIFR,Mumbai)

Conclusion “In God we trust, all others pay cash” n A cliché “In God we trust, all others pay cash” n PGP does have very strong security if the keyring owners have checked the trust relation between the users contained in the keyring very strictly but it is a matter of trust at last. n If a single user cheats to other who puts full faith in him; the whole web faces the serious security threat. n So it is useful for a small domain of trusted users.