Presentation is loading. Please wait.

Presentation is loading. Please wait.

NETWORK SECURITY.

Published byErnest Mason Modified over 9 years ago

Similar presentations

Presentation on theme: "NETWORK SECURITY."— Presentation transcript:

1 NETWORK SECURITY

2 Overview Need for E-Mail security Threats to E-Mail
Pretty good privacy Recommended web sites

3 Need for E-Mail Security
is necessary for E-Commerce Daily communication is also very public, allowing for access at each point form the sender’s computer to the recipient’s screen.

4 Pretty Good Privacy 1991 – Creation of a single person, Phil Zimmermann Provides confidentiality and authentication services for electronic mail and file storage applications

5 Pretty Good Privacy Selected best available cryptographic algorithms
Integrated these algorithms into a general purpose application Source code and doc freely available on the net Agreement with company (Viacrypt) for low cost commercial version

6 Phil Zimmermann “PGP has spread like a prairie fire, fanned by countless people who fervently want their privacy restored in the information age” Phil Zimmermann, 1996

7 Why Is PGP Popular? It is availiable free on a variety of platforms.
Based on well known algorithms. Wide range of applicability Not developed or controlled by governmental or standards organizations

8 Operational Description
PGP Consists of five services: Authentication Confidentiality Compression compatibility Segmentation and Reassembly The last three are transparent to the user

9 PGP: Authentication steps
Sender: Creates a message Hashes it to 160-bits using SHA1 Encrypts the hash code using her private key, forming a signature PGP prompts the user for the passphrase to recover the private key Attaches the signature to message

10 PGP: Authentication steps
Receiver: Decrypts attached signature using sender’s public key and recovers hash code Recomputes hash code using message and compares with the received hash code’ If they match, accepts the message

11 Authentication steps M = original message H = hash function | | = concatenation (join) Z = compression Z-1= decompression EP = public key encryption DP = public key decryption KRa = A’s private key KUa = A’s public key

12 PGP: Confidentiality Sender:
Generates message and a random number (session key) only for this message Encrypts message with the session key using AES, 3DES, IDEA or CAST-128 Encrypts session key itself with recipient’s public key using RSA Attaches it to message

13 PGP: Confidentiality Receiver:
Recovers session key by decrypting using his private key PGP prompts the user for the passphrase to recover the private key Decrypts message using the session key.

14 EC = symmetric encryption
DC = symmetric decryption Ks = session key Z = compression Z-1 = Decompression Confidentiality

15 Confidentiality & Authentication
Authentication and confidentiality can be combined A message can be both signed and encrypted That is called authenticated confidentiality Encryption/Decryption process is “nested” within the process shown for authentication alone

16 Confidentiality & Authenticity

17

18 Compression PGP compresses the message after applying the signature but before encryption Saves space for transmission and storage To speed up the process (less data to encrypt) The placement of the compression algorithm is critical. The compression algorithm used is ZIP (described in appendix 5A)

19 PGP Email compatibility
PGP is designed to be compatible with all systems Output of encryption and compression functions is divided into 6-bit blocks Each block is mapped onto an ASCII Character This is called RADIX-64 encoding Has the side-effect of increasing the size of the data by about 33%

20 E-mail Compatibility The scheme used is radix-64 conversion
The use of radix-64 expands the message by 33%. 8 8 8 6 6 6 6 8 8 8 8

21 RADIX-64 encoding

22

23 Summary of PGP Services

24 Cryptographic Keys and Key Rings
PGP makes use of 4 types of keys: One-time seeeion symmetric keys Public keys Private Keys Passphrase-based symmetric Keys

25 Key Requirements A Means of generating unpredictable session keys is needed A user is allowed to have multiple public/private key pairs and there must be a way to indetify particular keys Each PGP entity must maintain a file of its own public/private key pair as well as those of its correspondents (通信者)

26 PGP Key Identifiers What is a key identifier Consider this:
A user may have many public/private key pairs He wishes to encrypt or sign a message using one of his keys How does he let the other party know which key he has used? Attaching the whole public key every time is inefficient Solution: Generate a key identifier (least significant 64-bits of the key)

27 PGP Key Rings PGP uses key rings to identify the key pairs that a user owns or trusts Private-key ring contains public/private key pairs of keys he owns Public-key ring contains public keys of others he trusts

28 PGP Public key management
Key rings are different from certificate chains used in X.509 There the user only trusts CAs and the people signed by the CAs Here he or she can trust anyone and can add others signed by people he trusted Thus, users do not rely on external CAs A user is his/her own CA

29 PGP Public key management
Approaches to minimize the risk that user’s public key ring contains false public keys: A physically gets key from B Verify key by phone Get B’s public key from mutually trusted individual Obtain B’s key from trusted certifying authority

Download ppt "NETWORK SECURITY."

Similar presentations

1 Pretty Good Privacy (PGP) Security for Electronic Email.

1 Pretty Good Privacy (PGP) Security for Electronic .
Pretty Good Privacy “ To PGP or not to PGP? “ Phil Zimmermann.

Pretty Good Privacy “ To PGP or not to PGP? “ Phil Zimmermann.
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
03/21/06 Hofstra University – Network Security Course, CSC290A 1 Assignment 1 Pick sun.com and one other site. Using whois and ARIN, get as much information.

03/21/06 Hofstra University – Network Security Course, CSC290A 1 Assignment 1 Pick sun.com and one other site. Using whois and ARIN, get as much information.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Cryptographic Technologies

Cryptographic Technologies
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Electronic Mail Security

Electronic Mail Security
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Similar presentations

Ads by Google