SECURITY – Chapter 15 SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General purpose 3.Package/source code free 4.Low-cost commercial version 5.No government

PGP CRYPTOGRAPHIC FUNCTIONS

PGP for……. PGP for……. Authentication Confidentiality Compression Segmentation

DIGITAL SIGNATURES (fig 15.1a) DIGITAL SIGNATURES (fig 15.1a) SHA-1 with RSA  Signature (RSA, KU a )  KR a (H, KR a )  Signed (alternative – DSS/SHA-1)

DETACHED SIGNATURES DETACHED SIGNATURES instead of….. Attached Signatures use….. Detached Signatures - Separate Transmission - separate log detect virus many signatures – one doc

CONFIDENTIALITY (fig 15.1b) CONFIDENTIALITY (fig 15.1b) CAST or IDEA or 3DES : CFB – 64 Key Distribution: RSA/Diffie-Hellman/El Gamal Symmetric Key used once/message Random  128-bit key, K s : key sent with message

SYMMETRIC/PUBLIC COMBINATION SYMMETRIC/PUBLIC COMBINATION Faster than just PUBLIC PUBLIC solves key distribution No protocol – one-time message No handshaking One-time keys strengthen security (weakest link is public)

CONFIDENTIALITY and AUTHENTICATION (fig 15.c) Authentication - plaintext mess. stored third-party can verify signature without needing to know secret key Compression Confidentiality

COMPRESSION - why? COMPRESSION - why? Benefit - efficiency Why, Signature then Compression then Confidentiality ? Sign Uncompressed Message - off-line storage No need for single compression algorithm Encryption after compression is stronger

COMPATIBILITY COMPATIBILITY uses ASCII PGP(8-bit)  ASCII Base-64: 3x8  4 x ASCII + CRC 33% Expansion !! (fig 15.2)

RADIX-64 FORMAT

Tx and Rx of PGP Messages

SEGMENTATION / REASSEMBLY SEGMENTATION / REASSEMBLY Max length restriction e.g. internet = 50,000 x 8-bits PGP Segments automatically but, One session key,signature/message

PGP KEYS PGP KEYS 1. one-time session : use random number gen. 2. public 3. private 4. passphrase-based } multiple pairs key id file of key pairs for all users

SESSION-KEY GENERATION SESSION-KEY GENERATION CAST / IDEA / 3DES in CFB mode } New Session Key plaintext - user key strokes K K – user key strokes and old session key

KEY IDENTIFIERS KEY IDENTIFIERS Which public key? each public key has key ID (least 64 bits) With high prob., no key ID collision

MESSAGE FORMAT (fig 15.3) MESSAGE FORMAT (fig 15.3) Message,m [data, filename, timestamp] signature (optional) includes digest = hash(m(data)||T) therefore signature is: [T, E KR a (digest),2x8(digest), KeyID] session key (optional) [key, ID KU b ]

MESSAGE FORMAT

KEY RINGS (fig 15.4) KEY RINGS (fig 15.4) Private Key Ring store public/private pairs of node A Public Key Ring store public keys of all other nodes

KEY RINGS

ENCRYPTED PRIVATE KEYS on PRIVATE KEY-RING ENCRYPTED PRIVATE KEYS on PRIVATE KEY-RING 1.User passphrase 2.System asks user for passphrase 3.Passphrase  160-bit hash 4.E hash (private key) subsequent access requires passphrase

PGP MESSAGE GENERATION

PGP MESSAGE RECEPTION

PUBLIC KEY MANAGEMENT PUBLIC KEY MANAGEMENT Problem: need tamper-resistant public-keys (e.g. in case A thinks KU c is KU b ) Two threats: C  A (forge B’s signature) A  B (decrypt by C) solution: Key-Revoking

PGP TRUST MODEL EXAMPLE

ZIP ZIP freeware (c) : UNIX, PKZIP : Windows LZ77 (Ziv,Lempel) Repetitions  short code (on the fly) codes re-used algorithm MUST be reversible

ZIP (example) ZIP (example) (Fig 15.9) char  9 bits = 1 bit + 8-bit ascii look for repeated sequences continue until repetition ends e.g. the brown fox  8-bit pointer, 4-bit length, 00  12-bit pointer, 6-bit length, 01 then ’ jump’  ptr + length, ind compressed to 35x9-bit + two codes = 343 bits Compression Ratio = 424/343 = 1.24

ZIP (example)

COMPRESSION ALGORITHM COMPRESSION ALGORITHM 1.Sliding History Buffer – last N chars 2.Look-Ahead Buffer – next N chars Algorithm tries to match chars from 2. to 1. if no match, 9 bits LAB  9 bits SHB else if match found output: indicator for length K string, ptr, length K bits LAB  K bits SHB

COMPRESSION ALGORITHM

PGP RANDOM NUMBER GENERATION

S/MIME S/MIME (Secure/Multipurpose Mail Extension) S/MIME - commercial PGP - private S/MIME - based on MIME (designed for RFC822) RFC822 - traditional text-mail internet standard Envelope + Contents

CRYPTO ALGORITHMS USED in S/MIME CRYPTO ALGORITHMS USED in S/MIME (Table 15.6) Sender/Recipients must agree on common encryption algorithm S/MIME secures MIME entity with signature and/or encryption MIME entity entire message subpart of message

SECURING a MIME ENTITY SECURING a MIME ENTITY MIME ENTITY MIME PREPARE S/MIME WRAPPED in MIME PKCS OBJECT security data

S/MIME CERTIFICATE PROCESSING S/MIME CERTIFICATE PROCESSING Hybrid of X.509 certification authority and PGP’s ”web of trust” Configure each client  Trusted Keys Certification Revocation List