Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pertemuan #12 Pretty Good Privacy (Pretty Good Privacy) Kuliah Pengaman Jaringan.

Published byFlorence O’Brien’ Modified over 8 years ago

Similar presentations

Presentation on theme: "Pertemuan #12 Pretty Good Privacy (Pretty Good Privacy) Kuliah Pengaman Jaringan."— Presentation transcript:

1 Pertemuan #12 Pretty Good Privacy (Pretty Good Privacy) Kuliah Pengaman Jaringan

2 Overview of PGP Stands for Pretty Good Privacy Public key encryption program Originally written by Phil Zimmerman in 1991 Available in many different platforms, such as Windows, Unix, MS-DOS, OS/2, Mac-Intosh Freeware & commercial versions are available Primarily used for encrypting email Combines conventional & public key cryptography, called “hybrid cryptosystem”

3 PGP Encryption

4 1. Compress the plaintext 2. Create a random session key 3. Plaintext is encrypted with the new session key, the result is ciphertext 4. Session key is encrypted to the recipient’s public key 5. Public-key-encrypted session key and the ciphertext are transmitted to the recipient

5 PGP Decryption

6 1. Recipient’s private key is used to open (decrypt) temporary session key 2. The decrypted session key is used to decrypt the conventionally-decrypted ciphertext 3. The result is the original message (plaintext)

7 Keys Basically really really big numbers Public key size & conventional cryptography’s secret key size are totally unrelated A conventional 80-bit key has the equivalent strength of a 1024-bit public key Bigger the key, harder to be derived, but also needs more computational power and time to use it for encrypting & decrypting PGP stores keys in encrypted form, in 2 files called “keyrings” (1 for public keys and 1 for private keys)

8 Digital Signatures Provides:  Authentication  Data integrity  Non-repudation Serves the same purpose as handwritten signature But it’s nearly impossible to counterfeit Some people tend to use signatures more than they use encryption

9 Simple Digital Signatures

10 Hash Functions The system explained previously  It is slow  Produces enormous volume of data An improvement is the addition of one-way hash function in the process Takes variable-length input, produces fixed-length output, say 160 bits Change in the information will entirely produce different hash function output

11 Secure Digital Signatures

12 Digital Certificates Included with a person’s public key Help others verify that a key is genuine or valid Consists of three things:  A public key  Certificate information Identity information about the user such as name, user ID and so on  One or more digital signatures

13 Anatomy Of A Certificate

14 Validity & Trust Validity is confidence that a public key certificate belongs to its purported owner You must constantly establish whether or not a particular certificate is authentic Some companies designate one or more Certificate Authorities CA checks the validity of all the certificates in the org and signs the good ones

15 Checking Validity Manually check the certificate’s fingerprint  PGP cert’s fingerprint is unique  It is a hash of the user’s cert, appears as one of cert properties  You may call and ask the owner to read his/her fingerprint, but can you trust the voice if you don’t know his/her?  Some people put their key’s fingerprint on their business card Trust a 3 rd individual has gone through the process of validating it, such as the CA  Anyone who trust the CA will automatically consider any certs validated by the CA to be valid

16 Establishing Trust You validate keys You trust people More specifically, you trust people to validate other people’s keys Typically, unless the owner hands you the certificate, you have to go by someone’s word that it is valid

17 Meta & Trusted Introducers People completely trust the CA to establish certs’ validity Everyone relies upon the CA to manually validate for them CA can’t handle all of their validation process Therefore adding other validators to the system is necessary

18 Meta & Trusted Introducers Meta-introducer bestows not only key’s validity, but also bestows the ability to trust keys upon others, enable others to act as “trusted introducers” Trusted-introducers can validate keys to the same effect as that of meta-introducer But they can’t create new trusted-introducers

19 Trust Models In closed systems, it’s easy to trace a path of trust back to the root CA In real world users must often communicate with people outside, including some whom they’ve never met Establishing line of trust to those who haven’t been explicitly trusted a CA is difficult There are 3 different trust models

20 Model #1, Direct Trust Simplest trust model A user trusts a key is valid because he/she knows where it came from Example in web browser, CA’s keys are directly trusted because they were shipped by the manufacturer in the browser

21 Model #2, Hierarchical Trust There are numbers of “root” certificates from which trust extends Consider a big trust “tree” The “leaf” cert’s validity is verified by tracing backward from its certifier, to other certifier, until a directly trusted root certificate is found

22 Model #3, Web Of Trust Encompasses both of other models A cert might be trusted directly, or trusted in some chain going back to a directly trusted root certificate (the meta-introducer), or by some group of introducers

23 Trust Model Used in PGP PGP uses web of trust Any user can act as a certifying authority Any PGP user can validate another PGP user’s pub-key cert However, such cert is only valid to another user if recognizes the validator as a trusted introducer

24 What Is A Passphrase? Longer version of password & more secure Typically composed of multiple words The priv-key is encrypted on your disk using a hash of your passphrase as the secret key You use the passphrase to decrypt and use your priv-key If you forget the passphrase, you’re out of luck, since the priv-key is totally useless!

25 Key Splitting Secret is not a secret if known to more than one person Sharing a private key is necessary at times Given an example: Corporate Signing Keys  It’s worthwhile for members to have access to the private key  But this means any single person can act fully on behalf of the company

26 Key Splitting So it’s wise to split the key among multiple people More than one or two people will have to present a piece of the key in order to reconstitute it to a usable condition If too few pieces of the key are available, then the key is unusable If a secure network connection is used, the key’s shareholders need not be physically present to rejoin the key

Download ppt "Pertemuan #12 Pretty Good Privacy (Pretty Good Privacy) Kuliah Pengaman Jaringan."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Public Key Cryptography July 2011. Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.

Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.
Electronic Mail Security

Electronic Mail Security
Masud Hasan 03-60-475 SecueEmail VS Hushmail Project 2.

Masud Hasan Secue VS Hushmail Project 2.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Email Security.  email is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures

Similar presentations

Ads by Google