CSCE 815 Network Security Lecture 11 Email Security PGP February 25, 2003.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security Chapter 18
Advertisements

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Data & Network Security
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security
Electronic mail security -- Pretty Good Privacy.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Electronic Mail Security
Cryptography and Network Security Chapter 18
Chap 81 Electronic mail security. Chap 82 Outline Pretty good privacy S/MIME Recommended web sites.
Electronic mail security. Outline Pretty good privacy S/MIME.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Essentials Chapter 7 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
1 Firewalls. 2 What is a firewall? Device that provides secure connectivity between networks (internal/external; varying levels of trust) Used to implement.
1 Electronic mail security Ola Flygt Växjö University, Sweden
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Chapter 15: Electronic Mail Security
1 Electronic Mail Security Outline Pretty good privacy S/MIME Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.
Pretty Good Privacy (PGP) Security for Electronic .
SECURITY – Chapter 15 SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General.
NETWORK SECURITY.
Security PGP IT352 | Network Security |Najwa AlGhamdi 1.
NSP 02 - Electronic Mail Security1 Electronic Mail Security Ch 15 of Cryptography and Network Security - Third Edition by William Stallings Modified from.
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.
Authentication Applications 1. Kerberos 2. Key Management and Distribution 3. X.509 Directory Authentication service 4. Public Key Infrastructure 5. Electronic.
1 Electronic Mail Security Behzad Akbari Fall 2009 In the Name of the Most High.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
Prof. Wenguo Wang Network Information Security Prof. Wenguo Wang Tel College of Computer Science QUFU NORMAL UNIVERSITY.
1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME.
Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.
第五章 电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.
Electronic mail security. Outline Pretty good privacy S/MIME.
Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Electronic mail security
Security is one of the most widely used and regarded network services
Chapter 15 – Electronic Mail Security
By Marwan Al-Namari Author: William Stallings
Security Pretty Good Privacy (PGP)
CSE565: Computer Security Lectures 19, 20 Electronic Mail Security
Selected Research Topics Electronic Mail Security
Electronic Mail Security
MAIL AND SECURITY PERTEMUAN 13
Cryptography and Network Security Chapter 15
NET 536 Network Security Networks and Communication Department
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
Cryptography and Network Security Chapter 15
Cryptography and Network Security Chapter 15
Cryptography and Network Security Chapter 15
Cryptography and Network Security Chapter 18
Electronic Mail Security
Cryptography and Network Security
Presentation transcript:

CSCE 815 Network Security Lecture 11 Security PGP February 25, 2003

– 2 – CSCE 815 Sp 03 Security is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by suitably privileged users on destination system

– 3 – CSCE 815 Sp 03 Overview SMTP – Simple Mail Transfer Protocol

– 4 – CSCE 815 Sp 03 Overview SMTP – runs on top of TCP/IP Port 25 SMTP Commands  HELO – identifies the client machine  MAIL – identifies the originator of the message  RCPT – identifies the recipient  DATA – the message  QUIT  RSET – abort  VRFY - to verify a recipients address  EXPN - expands a mailing list  TURN – client plays server Parts of message: envelope, headers, body

– 5 – CSCE 815 Sp 03 Overview SMTP Session  HELO erdos.cse.sc.edu  MAIL  RCPT To:  DATA – the message (max 1000 bytes  segmenttation)  QUIT Each message 4 byte command, operand, terminates with \r\n Each message is acknowledged with 3 digit reply-code Spoofing telnet to a machine with port 25 type in “SMTP” packets changing From Does not change IP address so there is a good trail (SMTP tutor.)

– 6 – CSCE 815 Sp 03 Security Enhancements confidentiality protection from disclosureauthentication of sender of message message integrity protection from modification non-repudiation of origin protection from denial by sender

– 7 – CSCE 815 Sp 03 Pretty Good Privacy (PGP) widely used de facto secure developed by Phil Zimmermann selected best available cryptography algorithms integrated into a single program available on Unix, PC, Macintosh and Amiga systems originally free, now have commercial versions available also

– 8 – CSCE 815 Sp 03 PGP Operation – Authentication 1.sender creates a message 2.SHA-1 used to generate 160-bit hash code of message 3.hash code is encrypted with RSA using the sender's private key, and result is attached to message 4.receiver uses RSA or DSS with sender's public key to decrypt and recover hash code 5.receiver generates new hash code for message and compares with decrypted hash code, if match, message is accepted as authentic From the strengths of RSA and SHA-1 the recipient is assured that only the possessor of the private key could generate the signature.

– 9 – CSCE 815 Sp 03 PGP Operation – Confidentiality 1.sender generates message and random 128-bit number to be used as session key for this message only. 2.message is encrypted, using CAST-128 / IDEA/3DES with session key using 64 bit CFB(cipher feedback) 3.session key is encrypted using RSA with recipient's public key, then attached to message 4.receiver uses RSA with its private key to decrypt and recover session key 5.session key is used to decrypt message Option to RSA – Diffie-Hellman variant E1Gamal

– 10 – CSCE 815 Sp 03 PGP Operation – Confidentiality & Authentication uses both services on same message create signature & attach to message encrypt both message & signature attach RSA encrypted session key

– 11 – CSCE 815 Sp 03

– 12 – CSCE 815 Sp 03 Notation for Figure 5.1 K s session key used in symmetric encryption scheme KR a = private key of user A KU a = public key of user A EP = Encryption Public Key DP = Decryption Public Key EP = Symmetric Encryption DP = Symmetric Decryption H hash function, || concatenation Z compression using ZIP R64 = conversion to radix 64 ASCII format

– 13 – CSCE 815 Sp 03 PGP Operation – Compression by default PGP compresses message after signing but before encrypting so can store uncompressed message & signature for later verification & because compression is non deterministic (tradeoffs speed vs compression ratio) uses ZIP compression algorithm

– 14 – CSCE 815 Sp 03 PGP Operation – Compatibility when using PGP will have binary data to send (encrypted message etc) however was designed only for text hence PGP must encode raw binary data into printable ASCII characters uses radix-64 algorithm maps 3 bytes to 4 printable chars also appends a CRC PGP also segments messages if too big

– 15 – CSCE 815 Sp 03 PGP Operation – Summary

– 16 – CSCE 815 Sp 03 Summary of PGP Services

– 17 – CSCE 815 Sp 03 Compatibility The scheme used is radix-64 conversion (see appendix 5B). The use of radix-64 expands the message by 33%.

– 18 – CSCE 815 Sp 03 Segmentation and Reassembly Often restricted to a maximum message length of 50,000 octets. Longer messages must be broken up into segments. PGP automatically subdivides a message that is to large. The receiver strip of all headers and reassemble the block.

– 19 – CSCE 815 Sp 03 Format of PGP Message

– 20 – CSCE 815 Sp 03

– 21 – CSCE 815 Sp 03

– 22 – CSCE 815 Sp 03

– 23 – CSCE 815 Sp 03 PGP Session Keys need a session key for each message of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES generated using ANSI X12.17 mode uses random inputs taken from previous uses and from keystroke timing of user

– 24 – CSCE 815 Sp 03 PGP Public & Private Keys since many public/private keys may be in use, need to identify which is actually used to encrypt session key in a message could send full public-key with every message but this is inefficient rather use a key identifier based on key is least significant 64-bits of the key will very likely be unique also use key ID in signatures

– 25 – CSCE 815 Sp 03 PGP Key Rings each PGP user has a pair of keyrings: public-key ring contains all the public-keys of other PGP users known to this user, indexed by key ID private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted keyed from a hashed passphrase

– 26 – CSCE 815 Sp 03 PGP Key Management rather than relying on certificate authorities in PGP every user is own CA can sign keys for users they know directly forms a “web of trust” trust keys have signed can trust keys others have signed if have a chain of signatures to them key ring includes trust indicators users can also revoke their keys

– 27 – CSCE 815 Sp 03 The Use of Trust Key legitimacy field Signature trust field Owner trust field See Table 5.2 (W. Stallings)

– 28 – CSCE 815 Sp 03

– 29 – CSCE 815 Sp 03 Revoking Public Keys The owner issue a key revocation certificate. Normal signature certificate with a revote indicator. Corresponding private key is used to sign the certificate.

– 30 – CSCE 815 Sp 03 Recommended Web Sites PGP home page: MIT distribution site for PGP S/MIME Charter S/MIME Central: RSA Inc.’s Web Site

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.