Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 815 Network Security Lecture 11 Email Security PGP February 25, 2003.

Published byMelanie Benson Modified over 8 years ago

Similar presentations

Presentation on theme: "CSCE 815 Network Security Lecture 11 Email Security PGP February 25, 2003."— Presentation transcript:

1 CSCE 815 Network Security Lecture 11 Email Security PGP February 25, 2003

2 – 2 – CSCE 815 Sp 03 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by suitably privileged users on destination system

3 – 3 – CSCE 815 Sp 03 Email Overview SMTP – Simple Mail Transfer Protocol

4 – 4 – CSCE 815 Sp 03 Email Overview SMTP – runs on top of TCP/IP Port 25 SMTP Commands  HELO – identifies the client machine  MAIL – identifies the originator of the message  RCPT – identifies the recipient  DATA – the message  QUIT  RSET – abort  VRFY - to verify a recipients address  EXPN - expands a mailing list  TURN – client plays server Parts of email message: envelope, headers, body

5 – 5 – CSCE 815 Sp 03 Email Overview SMTP Session  HELO erdos.cse.sc.edu  MAIL From:matthews@erdos.cse.sc.edu matthews@erdos.cse.sc.edu  RCPT To: CSCE815-001@cse.sc.edu  DATA – the message (max 1000 bytes  segmenttation)  QUIT Each message 4 byte command, operand, terminates with \r\n Each message is acknowledged with 3 digit reply-code Email Spoofing telnet to a machine with port 25 type in “SMTP” packets changing From Does not change IP address so there is a good trail http://raddist.rad.com/networks/1998/smtp/smtp.htmhttp://raddist.rad.com/networks/1998/smtp/smtp.htm (SMTP tutor.) http://raddist.rad.com/networks/1998/smtp/smtp.htm

6 – 6 – CSCE 815 Sp 03 Email Security Enhancements confidentiality protection from disclosureauthentication of sender of message message integrity protection from modification non-repudiation of origin protection from denial by sender

7 – 7 – CSCE 815 Sp 03 Pretty Good Privacy (PGP) widely used de facto secure email developed by Phil Zimmermann selected best available cryptography algorithms integrated into a single program available on Unix, PC, Macintosh and Amiga systems originally free, now have commercial versions available also

8 – 8 – CSCE 815 Sp 03 PGP Operation – Authentication 1.sender creates a message 2.SHA-1 used to generate 160-bit hash code of message 3.hash code is encrypted with RSA using the sender's private key, and result is attached to message 4.receiver uses RSA or DSS with sender's public key to decrypt and recover hash code 5.receiver generates new hash code for message and compares with decrypted hash code, if match, message is accepted as authentic From the strengths of RSA and SHA-1 the recipient is assured that only the possessor of the private key could generate the signature.

9 – 9 – CSCE 815 Sp 03 PGP Operation – Confidentiality 1.sender generates message and random 128-bit number to be used as session key for this message only. 2.message is encrypted, using CAST-128 / IDEA/3DES with session key using 64 bit CFB(cipher feedback) 3.session key is encrypted using RSA with recipient's public key, then attached to message 4.receiver uses RSA with its private key to decrypt and recover session key 5.session key is used to decrypt message Option to RSA – Diffie-Hellman variant E1Gamal

10 – 10 – CSCE 815 Sp 03 PGP Operation – Confidentiality & Authentication uses both services on same message create signature & attach to message encrypt both message & signature attach RSA encrypted session key

11 – 11 – CSCE 815 Sp 03

12 – 12 – CSCE 815 Sp 03 Notation for Figure 5.1 K s session key used in symmetric encryption scheme KR a = private key of user A KU a = public key of user A EP = Encryption Public Key DP = Decryption Public Key EP = Symmetric Encryption DP = Symmetric Decryption H hash function, || concatenation Z compression using ZIP R64 = conversion to radix 64 ASCII format

13 – 13 – CSCE 815 Sp 03 PGP Operation – Compression by default PGP compresses message after signing but before encrypting so can store uncompressed message & signature for later verification & because compression is non deterministic (tradeoffs speed vs compression ratio) uses ZIP compression algorithm

14 – 14 – CSCE 815 Sp 03 PGP Operation – Email Compatibility when using PGP will have binary data to send (encrypted message etc) however email was designed only for text hence PGP must encode raw binary data into printable ASCII characters uses radix-64 algorithm maps 3 bytes to 4 printable chars also appends a CRC PGP also segments messages if too big

15 – 15 – CSCE 815 Sp 03 PGP Operation – Summary

16 – 16 – CSCE 815 Sp 03 Summary of PGP Services

17 – 17 – CSCE 815 Sp 03 E-mail Compatibility The scheme used is radix-64 conversion (see appendix 5B). The use of radix-64 expands the message by 33%.

18 – 18 – CSCE 815 Sp 03 Segmentation and Reassembly Often restricted to a maximum message length of 50,000 octets. Longer messages must be broken up into segments. PGP automatically subdivides a message that is to large. The receiver strip of all e-mail headers and reassemble the block.

19 – 19 – CSCE 815 Sp 03 Format of PGP Message

20 – 20 – CSCE 815 Sp 03

21 – 21 – CSCE 815 Sp 03

22 – 22 – CSCE 815 Sp 03

23 – 23 – CSCE 815 Sp 03 PGP Session Keys need a session key for each message of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES generated using ANSI X12.17 mode uses random inputs taken from previous uses and from keystroke timing of user

24 – 24 – CSCE 815 Sp 03 PGP Public & Private Keys since many public/private keys may be in use, need to identify which is actually used to encrypt session key in a message could send full public-key with every message but this is inefficient rather use a key identifier based on key is least significant 64-bits of the key will very likely be unique also use key ID in signatures

25 – 25 – CSCE 815 Sp 03 PGP Key Rings each PGP user has a pair of keyrings: public-key ring contains all the public-keys of other PGP users known to this user, indexed by key ID private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted keyed from a hashed passphrase

26 – 26 – CSCE 815 Sp 03 PGP Key Management rather than relying on certificate authorities in PGP every user is own CA can sign keys for users they know directly forms a “web of trust” trust keys have signed can trust keys others have signed if have a chain of signatures to them key ring includes trust indicators users can also revoke their keys

27 – 27 – CSCE 815 Sp 03 The Use of Trust Key legitimacy field Signature trust field Owner trust field See Table 5.2 (W. Stallings)

28 – 28 – CSCE 815 Sp 03

29 – 29 – CSCE 815 Sp 03 Revoking Public Keys The owner issue a key revocation certificate. Normal signature certificate with a revote indicator. Corresponding private key is used to sign the certificate.

30 – 30 – CSCE 815 Sp 03 Recommended Web Sites PGP home page: www.pgp.com MIT distribution site for PGP S/MIME Charter S/MIME Central: RSA Inc.’s Web Site

Download ppt "CSCE 815 Network Security Lecture 11 Email Security PGP February 25, 2003."

Similar presentations

Cryptography and Network Security Chapter 18

Cryptography and Network Security Chapter 18
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Data & Network Security

Data & Network Security
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Electronic Mail Security

Electronic Mail Security
Cryptography and Network Security Chapter 18

Cryptography and Network Security Chapter 18
Chap 81 Electronic mail security. Chap 82 Outline Pretty good privacy S/MIME Recommended web sites.

Chap 81 Electronic mail security. Chap 82 Outline Pretty good privacy S/MIME Recommended web sites.
Electronic mail security. Outline Pretty good privacy S/MIME.

Electronic mail security. Outline Pretty good privacy S/MIME.
Email Security.  email is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google