Presentation is loading. Please wait.

Presentation is loading. Please wait.

….for authentication and confidentiality PGP

Published byอดิศักดิ์ บุตโต Modified over 5 years ago

Similar presentations

Presentation on theme: "….for authentication and confidentiality PGP"— Presentation transcript:

1 E-MAIL SECURITY – Chapter 15
….for authentication and confidentiality PGP Uses best algorithms as building blocks General purpose Package/source code free Low-cost commercial version No government

2 PGP CRYPTOGRAPHIC FUNCTIONS

3 Confidentiality Compression e-mail Segmentation PGP for…….
Authentication Confidentiality Compression Segmentation

4 DIGITAL SIGNATURES (fig 15.1a)
SHA-1 with RSA  Signature (RSA, KUa)  KRa (H, KRa)  Signed (alternative – DSS/SHA-1)

5 - Separate Transmission - separate log detect virus
DETACHED SIGNATURES instead of….. Attached Signatures use….. Detached Signatures - Separate Transmission - separate log detect virus many signatures – one doc

6 CONFIDENTIALITY (fig 15.1b)
CAST or IDEA or 3DES : CFB – 64 Key Distribution: RSA/Diffie-Hellman/El Gamal Symmetric Key used once/message Random  128-bit key, Ks : key sent with message

7 SYMMETRIC/PUBLIC COMBINATION
Faster than just PUBLIC PUBLIC solves key distribution No protocol – one-time message No handshaking One-time keys strengthen security (weakest link is public)

8 CONFIDENTIALITY and AUTHENTICATION (fig 15.c)
Authentication - plaintext mess. stored third-party can verify signature without needing to know secret key Compression Confidentiality

9 COMPRESSION - why? Benefit - efficiency Why,
Signature then Compression then Confidentiality ? Sign Uncompressed Message - off-line storage No need for single compression algorithm Encryption after compression is stronger

10 COMPATIBILITY uses ASCII PGP(8-bit)  ASCII Base-64: 3x8  4 x ASCII + CRC 33% Expansion !! (fig 15.2)

11 RADIX-64 FORMAT

12 Tx and Rx of PGP Messages

13 SEGMENTATION / REASSEMBLY
Max length restriction e.g. internet = 50,000 x 8-bits PGP Segments automatically but, One session key,signature/message

14 } PGP KEYS one-time session : use random number gen. 2. public
3. private 4. passphrase-based } key id file of key pairs for all users multiple pairs

15 SESSION-KEY GENERATION
CAST / IDEA / 3DES in CFB mode 64 64 plaintext - user key strokes K K – user key strokes and old session key 128 64 64 } New Session Key

16 each public key has key ID (least 64 bits)
KEY IDENTIFIERS Which public key? each public key has key ID (least 64 bits) With high prob., no key ID collision

17 Message,m [data, filename, timestamp] signature (optional)
MESSAGE FORMAT (fig 15.3) Message,m [data, filename, timestamp] signature (optional) includes digest = hash(m(data)||T) therefore signature is: [T, EKRa(digest),2x8(digest), KeyID] session key (optional) [key, IDKUb]

18 MESSAGE FORMAT

19 store public/private pairs of node A Public Key Ring
KEY RINGS (fig 15.4) Private Key Ring store public/private pairs of node A Public Key Ring store public keys of all other nodes

20 KEY RINGS

21 ENCRYPTED PRIVATE KEYS on PRIVATE KEY-RING
User passphrase System asks user for passphrase Passphrase  160-bit hash Ehash(private key) subsequent access requires passphrase

22 PGP MESSAGE GENERATION

23 PGP MESSAGE RECEPTION

24 PUBLIC KEY MANAGEMENT Problem: need tamper-resistant public-keys (e.g. in case A thinks KUc is KUb) Two threats: C  A (forge B’s signature) A  B (decrypt by C) solution: Key-Revoking

25 PGP TRUST MODEL EXAMPLE

26 ZIP freeware (c) : UNIX, PKZIP : Windows LZ77 (Ziv,Lempel)
Repetitions  short code (on the fly) codes re-used algorithm MUST be reversible

27 ZIP (example) (Fig 15.9) char  9 bits = 1 bit + 8-bit ascii look for repeated sequences continue until repetition ends e.g. the brown fox  8-bit pointer, 4-bit length, 00  12-bit pointer, 6-bit length, 01 then ’ jump’  ptr + length, ind compressed to 35x9-bit + two codes = 343 bits Compression Ratio = 424/343 = 1.24

28 ZIP (example)

29 COMPRESSION ALGORITHM
Sliding History Buffer – last N chars Look-Ahead Buffer – next N chars Algorithm tries to match chars from 2. to 1. if no match, 9 bits LAB  9 bits SHB else if match found output: indicator for length K string, ptr, length K bits LAB  K bits SHB

30 COMPRESSION ALGORITHM

31 PGP RANDOM NUMBER GENERATION

32 S/MIME (Secure/Multipurpose Mail Extension) S/MIME - commercial
PGP private S/MIME - based on MIME (designed for RFC822) RFC traditional text-mail internet standard Envelope + Contents

33 CRYPTO ALGORITHMS USED in S/MIME
(Table 15.6) Sender/Recipients must agree on common encryption algorithm S/MIME secures MIME entity with signature and/or encryption MIME entity entire message subpart of message

34 SECURING a MIME ENTITY WRAPPED in PREPARE S/MIME MIME security data
PKCS OBJECT S/MIME

35 S/MIME CERTIFICATE PROCESSING
Hybrid of X.509 certification authority and PGP’s ”web of trust” Configure each client  Trusted Keys Certification Revocation List

Download ppt "….for authentication and confidentiality PGP"

Similar presentations

Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Lecture 12 e-mail Security. Summary  PEM  secure email  PGP  S/MIME.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Cryptography 101 Frank Hecker

Cryptography 101 Frank Hecker
Electronic Mail Security

Electronic Mail Security
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
Electronic mail security. Outline Pretty good privacy S/MIME.

Electronic mail security. Outline Pretty good privacy S/MIME.
Email Security.  email is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Network Security Essentials Chapter 7 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)

Network Security Essentials Chapter 7 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)

Similar presentations

Ads by Google