Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-MAIL SECURITY – Chapter 15 E-MAIL SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General.

Published bySusan Wilcox Modified over 9 years ago

Similar presentations

Presentation on theme: "E-MAIL SECURITY – Chapter 15 E-MAIL SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General."— Presentation transcript:

1 E-MAIL SECURITY – Chapter 15 E-MAIL SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General purpose 3.Package/source code free 4.Low-cost commercial version 5.No government

2 PGP CRYPTOGRAPHIC FUNCTIONS

3 PGP for……. PGP for……. Authentication Confidentiality Compression e-mail Segmentation

4 DIGITAL SIGNATURES (fig 15.1a) DIGITAL SIGNATURES (fig 15.1a) SHA-1 with RSA  Signature (RSA, KU a )  KR a (H, KR a )  Signed (alternative – DSS/SHA-1)

5 DETACHED SIGNATURES DETACHED SIGNATURES instead of….. Attached Signatures use….. Detached Signatures - Separate Transmission - separate log detect virus many signatures – one doc

6 CONFIDENTIALITY (fig 15.1b) CONFIDENTIALITY (fig 15.1b) CAST or IDEA or 3DES : CFB – 64 Key Distribution: RSA/Diffie-Hellman/El Gamal Symmetric Key used once/message Random  128-bit key, K s : key sent with message

7 SYMMETRIC/PUBLIC COMBINATION SYMMETRIC/PUBLIC COMBINATION Faster than just PUBLIC PUBLIC solves key distribution No protocol – one-time message No handshaking One-time keys strengthen security (weakest link is public)

8 CONFIDENTIALITY and AUTHENTICATION (fig 15.c) Authentication - plaintext mess. stored third-party can verify signature without needing to know secret key Compression Confidentiality

9 COMPRESSION - why? COMPRESSION - why? Benefit - efficiency Why, Signature then Compression then Confidentiality ? Sign Uncompressed Message - off-line storage No need for single compression algorithm Encryption after compression is stronger

10 E-Mail COMPATIBILITY E-Mail COMPATIBILITY e-mail uses ASCII PGP(8-bit)  ASCII Base-64: 3x8  4 x ASCII + CRC 33% Expansion !! (fig 15.2)

11 RADIX-64 FORMAT

12 Tx and Rx of PGP Messages

13 SEGMENTATION / REASSEMBLY SEGMENTATION / REASSEMBLY Max length restriction e.g. internet = 50,000 x 8-bits PGP Segments automatically but, One session key,signature/message

14 PGP KEYS PGP KEYS 1. one-time session : use random number gen. 2. public 3. private 4. passphrase-based } multiple pairs key id file of key pairs for all users

15 SESSION-KEY GENERATION SESSION-KEY GENERATION CAST / IDEA / 3DES in CFB mode } New Session Key 64 128 plaintext - user key strokes K K – user key strokes and old session key

16 KEY IDENTIFIERS KEY IDENTIFIERS Which public key? each public key has key ID (least 64 bits) With high prob., no key ID collision

17 MESSAGE FORMAT (fig 15.3) MESSAGE FORMAT (fig 15.3) Message,m [data, filename, timestamp] signature (optional) includes digest = hash(m(data)||T) therefore signature is: [T, E KR a (digest),2x8(digest), KeyID] session key (optional) [key, ID KU b ]

18 MESSAGE FORMAT

19 KEY RINGS (fig 15.4) KEY RINGS (fig 15.4) Private Key Ring store public/private pairs of node A Public Key Ring store public keys of all other nodes

20 KEY RINGS

21 ENCRYPTED PRIVATE KEYS on PRIVATE KEY-RING ENCRYPTED PRIVATE KEYS on PRIVATE KEY-RING 1.User passphrase 2.System asks user for passphrase 3.Passphrase  160-bit hash 4.E hash (private key) subsequent access requires passphrase

22 PGP MESSAGE GENERATION

23 PGP MESSAGE RECEPTION

24 PUBLIC KEY MANAGEMENT PUBLIC KEY MANAGEMENT Problem: need tamper-resistant public-keys (e.g. in case A thinks KU c is KU b ) Two threats: C  A (forge B’s signature) A  B (decrypt by C) solution: Key-Revoking

25 PGP TRUST MODEL EXAMPLE

26 ZIP ZIP freeware (c) : UNIX, PKZIP : Windows LZ77 (Ziv,Lempel) Repetitions  short code (on the fly) codes re-used algorithm MUST be reversible

27 ZIP (example) ZIP (example) (Fig 15.9) char  9 bits = 1 bit + 8-bit ascii look for repeated sequences continue until repetition ends e.g. the brown fox  8-bit pointer, 4-bit length, 00  12-bit pointer, 6-bit length, 01 then ’ jump’  ptr + length, ind compressed to 35x9-bit + two codes = 343 bits Compression Ratio = 424/343 = 1.24

28 ZIP (example)

29 COMPRESSION ALGORITHM COMPRESSION ALGORITHM 1.Sliding History Buffer – last N chars 2.Look-Ahead Buffer – next N chars Algorithm tries to match chars from 2. to 1. if no match, 9 bits LAB  9 bits SHB else if match found output: indicator for length K string, ptr, length K bits LAB  K bits SHB

30 COMPRESSION ALGORITHM

31 PGP RANDOM NUMBER GENERATION

32 S/MIME S/MIME (Secure/Multipurpose Mail Extension) S/MIME - commercial PGP - private S/MIME - based on MIME (designed for RFC822) RFC822 - traditional text-mail internet standard Envelope + Contents

33 CRYPTO ALGORITHMS USED in S/MIME CRYPTO ALGORITHMS USED in S/MIME (Table 15.6) Sender/Recipients must agree on common encryption algorithm S/MIME secures MIME entity with signature and/or encryption MIME entity entire message subpart of message

34 SECURING a MIME ENTITY SECURING a MIME ENTITY MIME ENTITY MIME PREPARE S/MIME WRAPPED in MIME PKCS OBJECT security data

35 S/MIME CERTIFICATE PROCESSING S/MIME CERTIFICATE PROCESSING Hybrid of X.509 certification authority and PGP’s ”web of trust” Configure each client  Trusted Keys Certification Revocation List

Download ppt "E-MAIL SECURITY – Chapter 15 E-MAIL SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General."

Similar presentations

Pretty Good Privacy “ To PGP or not to PGP? “ Phil Zimmermann.

Pretty Good Privacy “ To PGP or not to PGP? “ Phil Zimmermann.
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Data & Network Security

Data & Network Security
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Lecture 12 e-mail Security. Summary  PEM  secure email  PGP  S/MIME.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Electronic Mail Security

Electronic Mail Security
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Cryptography and Network Security Chapter 18

Cryptography and Network Security Chapter 18

Similar presentations

Ads by Google