Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic mail security PGP & S/MIME

Published byDaniela Osborne Modified over 9 years ago

Similar presentations

Presentation on theme: "Electronic mail security PGP & S/MIME"— Presentation transcript:

1 Electronic mail security PGP & S/MIME
Chapter 5 Electronic mail security PGP & S/MIME Khushbu Shah

2 Electronic Mail Security Agenda:
Introduction to PGP 5 PGP Services Key Management Use of Trust Demo Of PGP In Use Khushbu Shah

3 Pretty Good Privacy 1991 – Creation of a single person, Phil Zimmermann Provides confidentiality and authentication services for electronic mail and file storage applications Khushbu Shah

4 Introduction PGP is an open source freely available software package for security Provides Authentication -use of digital signature confidentiality-use of symmetric block encryption compression –ZIP algorithm compatibility –radix-64 encoding scheme, Segmentation and reassembly to accommodate long s Khushbu Shah

5 Pretty Good Privacy Selected best available cryptographic algorithms
Integrated these algorithms into a general purpose application Source code and doc freely available on the net Agreement with company (Viacrypt) for low cost commercial version Khushbu Shah

6 Notation KS = session key used in conventional encryption
KRa = private key of user A, used in public key encryption KUa = public key of user A, used in public key encryption EP = public-key encryption DP = public-key decryption EC = conventional encryption DC = conventional decryption H = hash function || = concatenation Z = compression using ZIP algorithm R64 = conversion to radix 64 ASCII format Khushbu Shah

7 Summary of 5 PGP Services
authentication Khushbu Shah

8 Recall One Way Hash Function
Digital signature No key distribution Less computation since message does not have to be encrypted Khushbu Shah

9 Recall SHA-1 Secure Hash Function
Developed by NIST in 1995 Input is processed in 512-bit blocks Produces as output a 160-bit message digest Every bit of the hash code is a function of every bit of the input Very secure – so far! Khushbu Shah

10 Authentication Sender creates a message
Generate a hash code with SHA-1 Using sender’s private key and RSA, encrypt the hash code and prepend to the message Receiver uses sender’s public key to decrypt and recover the hash code Receiver generates a new hash code for the message and compares with the decrypted hash code. If matching, then message is authentic Khushbu Shah

11 PGP Cryptographic Functions
Khushbu Shah

12 Recall Other Public Key Algorithms
Digital Signature Standard (DSS) – makes use of SHA-1 and presents a new digital signature algorithm (DSA) Only used for digital signatures not encryption or key exchange Khushbu Shah

13 Authentication Other alternatives can be used, e.g., DSS
Detached signatures are supported-stored and transmitted separate signature log of all message sent or received. Good for executables and multi-party signatures (legal contract). Khushbu Shah

14 Summary of 5 PGP Services
authentication confidentiality Khushbu Shah

15 Encryption algorithm-CAST-128
1997, Entrust Technologies RFC 2144 Extensively reviewed Variable key length, bits Used in PGP Khushbu Shah

16 Recall Conventional Encryption Algorithms
We have choices in PGP for confidentiality! Khushbu Shah

17 Confidentiality Sender creates a message and random 128bit number for session key Message encrypted using CAST-128 with the session key Session key encrypted with recipient’s public key and prepended to the message Receiver uses it’s private key to decrypt and recover the session key Session key is used to decrypt the message Khushbu Shah

18 PGP Cryptographic Functions
Khushbu Shah

19 Confidentiality Alternatives of RSA, Diffie-Hellman (ElGamal) can used
Conventional algorithms are much faster Each message is a one time independent event with its own key PGP provides large key range (DSS key limited to 1024 bits) 768  key size  3072 Khushbu Shah

20 Confidentiality & Authentication
Both services can be used for the same message First, signature is generated for plaintext and prepended Message is encrypted with a session key Session key(one time use only) is encrypted with recipient’s public key Khushbu Shah

21 PGP Cryptographic Functions
Khushbu Shah

22 Summary of 5 PGP Services
authentication confidentiality Khushbu Shah

23 Compression – Save Space
PGP compresses (ZIP) the message after applying the signature but before encryption (default) Better to sign an uncompressed message (otherwise either compressed message for later verification or to recompress message when verification is required) PGP’s compression algorithm is non-deterministic Security is greater if message is encrypted after compression Khushbu Shah

24 PGP Cryptographic Functions
Khushbu Shah

25 Summary of 5 PGP Services
authentication confidentiality Khushbu Shah

26 Compatibility Part or all of block consists of a stream of arbitrary 8-bit octets Many systems only allow ASCII text PGP converts raw binary stream to a stream of printable ASCII characters Radix-64 conversion – Blindly convert input stream to radix-64 format regardless of contents(if input is ASCII text even though) So if message is signed but not encrypted, conversion applied to entire block ,so output is unreadable to casual users gives certain level of confidentiality Khushbu Shah

27 Summary of 5 PGP Services
authentication confidentiality Khushbu Shah

28 Segmentation Maximum message length restrictions in e- mail
(example Internet impose max length of 50,000 octets) PGP automatically subdivides a large message into segments small enough to mail separately PGP reassembles entire original block at the receiving end Khushbu Shah

29 Summary of 5 PGP Services
Authentication Confidentiality Compression Compatibility Segmentation Khushbu Shah

30 PGP Cryptographic Keys
One-time Session symmetric keys Conventional Keys Public Keys Private Keys Pass phrase-Based Conventional Khushbu Shah

31 Key Requirements A means of generating unpredictable session keys (section “session key generation”) Allow users to have multiple public/private key pairs (need some kind of identity) (section “key identifiers”) Each PGP entity must maintain a file of its and its correspondents public/private pairs (section “key rings”) Khushbu Shah

32 Khushbu Shah

33 Session Key Generation
Random 128-bit numbers are generated using CAST- 128 Input is a stream of 128-bit randomized numbers based on keystroke input from the user (both keystroke timing and actual keys struck are used to generate randomize stream) Using Cipher feedback mode,CAST-128 encrypter produce two 64-bit block concatenated to form 128 bit session key. Produces a sequence of session keys that is effectively unpredictable Khushbu Shah 33 33

34 Key Identifiers How does receiver know which public key to use?
Encrypted form of session key is used for message encryption. Session key is it self encrypted by recipient's public key. We have requirement that any given user may have multiple public/private key pairs. How does receiver know which public key to use? One solution is to transmit public keys with message but unnecessary wastage of space. Other solution is to associate an identifier with each public key that is unique within user.(combination of userID and KeyID) so only shorter KeyID would need to transmit. It raises management and overhead problem The solution adopted by PGP assigns a key ID to each public key It has a high probability of being unique within a user ID – 64-bit KeyID is of least significant 64 bit of public key(Pua mod 264 ) Khushbu Shah 34 34

35 What Does A Transmitted Message Look Like?
Message component – actual data to be stored or transmitted plus filename and timestamp specify time of creation. Signature component – ts, E(PRa,(MD)), leading 2 octets, ID of PUa Timestamp-creation time of signature Message digest-160 bit SHA-1 digest encrypted by sender’s private key. Leading two octets of MD (checksum)-to enable recipient to determine if correct public key was used to decrypt MD for authentication Key ID of sender’s public key- Identifies public key that should be used to decrypt digest. hence, identifies private key used for encryption Both components are optional and compress by ZIP and may be encrypted by session key Session key component – Ks, ID of PUb session key plus ID of recipient’s public key used to encrypt the session key Khushbu Shah 35 35

36 PGP Format Khushbu Shah 36 36

37 Key Rings PGP provides a pair of data structures at each node – pub/priv key pairs owned by node & public keys of other users Private-Key Ring and Public-Key Ring Can view the ring as a table – each row represents one of the pub/priv key pairs Khushbu Shah 37 37

38 Private key ring Private key ring can be indexed by either userID or KeyID Private key is encrypted by CAST-128.The procedure is as follow 1 User selects a passphrase to be used for encrypt private keys. 2 When system generates new pub/pri key pairs using RSA, ask user for passphrase. Using SHA-1,160 bit hash code is generated from passphrase then it is discarded. 3 System encrypts private key using CAST-128 with 128 bit hash code as a key When user accesses the private key ring to retrieve private key, he must supply passphrase. PGP will retrieve encrypted private key ,generate hash code of passphrase and decrypt the encrypted private key using CAST-128 with hash code. Khushbu Shah 38

39 Private key stored encrypted with passphrase
Private key ring (“my” key-pairs) information: Private key stored encrypted with passphrase “Private Key Ring” also contains “my” public keys Khushbu Shah

40 Key Ring Structure The owner’s public key(s) appear on both key rings
Khushbu Shah 40 40

41 PGP Message Generation & Transmission
Khushbu Shah 41 41

42 PGP Message Generation & Transmission has following steps
Signing the message Encrypting the message PGP Message receptions has following steps Decrypting the message Authenticating the message Khushbu Shah 42 42

43 PGP Message Reception Khushbu Shah 43 43

44 Public Key Management PGP contains clever, efficient, interlocking set of function and formats to provide confidentiality and authentication Approaches to public key Management A want to obtain reliable public key of B Physically get the key from B Verify a key by telephone or Obtain B’s public key from a mutually trusted individual friend D Obtain B’s public key from a trusted certifying authority For cases 3 and 4, Alice would already have a copy of the introducer’s public key and trust that this key is valid. Ultimately, it is up to Alice to assign a degree of trust to anyone who is to act as an introducer. Khushbu Shah 44 44

45 Use of Trust Associated with each public key is a
key legitimacy field – extent that PGP will trust that this is a valid public key (high level of trust , stronger is binding of this user ID to this key, zero or more signature collected by key ring owner) Field derived from collection of signature trust fields in entry. Signature trust field – degree to which PGP user trusts the signer to certify public keys Owner trust field – degree to which this public key is trusted to sign other public-key certificates Level of trust assigned by user. Contained in a structure referred to as a trust flag byte Khushbu Shah 45 45

46 PGP provides a convenient means of using trust.
Use of Trust PGP provides a convenient means of using trust. Earlier, when Alice entered a new key in her public-key ring, PGP asked her to assign a level of trust to the owner of this key (if it’s her own public key, value is ultimate trust). This was entered in the Owner Trust field and will be used if Alice later receives keys signed by this person. Khushbu Shah

47 When Alice enters another new public key, one or more signatures may be attached (in the Signature(s) field). Alice’s PGP will search her public-key ring to see if the author of this signature is already on her key ring. If so PGP will copy her earlier assessment of this person’s trust into the Signature Trust field for this person (otherwise the value of this field will be unknown user). PGP will compute the weighted average of the Signature Trust values and assign this to the Key Legitimacy field. This field summarized the confidence that Alice can have that this public key actually belongs to the person in the UserID field. Khushbu Shah

48 Dealing with public key ring of user A.
Describes the operation of trust processing as follows: 1) When A insert new public key on public key ring, PGP must assign value to trust flag associated with owner of this public key. If owner is A, then this public key also appears in private key ring, value of ultimate trust is automatically assigned to trust field. Otherwise PGP ask A for this assessment of trust to be assigned to the owner of this key, and A must enter the desired level. User can specify that owner is unknown ,untrusted, marginally trusted, completely trusted etc. Khushbu Shah

49 Contd… 2) When new public key is entered, one or more signatures may attached to it. When signature is inserted into entry, PGP searches public key ring to see if the author of signature is among known public key owner If so, OWNERTRUST value for this owner is assigned to SIGNTRUST field for this signature. If not, unknown user value assigned 3) The value of key legitimacy field is calculated on basis of signature fields present in entry. If at least one signature has signature trust value of ultimate, key legitimacy field value is set to complete, Otherwise PGP computes weighted sum of trust values. Khushbu Shah

50 Trust Flag Byte Contents
Khushbu Shah

51 PGP Trust Model Example
Khushbu Shah

52 PGP Trust Model 1 All keys whose owners are fully or partially trusted by this user have been signed by this(YOU) user except node L. Even though E’s key is already signed by trusted F, user chose to sign E’s key directly. 2 Two partially trusted signatures are sufficient to certify a key. Key for user H is deemed legitimate by PGP because it is signed by A and B, partially trusted. 3 Key may be legitimate because it is signed by one fully trusted or two partially trusted signatories. But its user may not be trusted to sign other keys. Example-N’s key is legitimate because sign by E, whom this user trusts, but N is not trusted user to sign others key because this user has not assigned trust value to N. R’s key is signed by N but PGP does not consider R’s key as legitimate. 4 Detached orphan node S with two unknown signatures. Such key may have been acquired from key server. PGP can’t assume that this key is legitimate key. User must declare key legitimate by signing it or by telling PGP to willingly trust one of key signatories. Khushbu Shah

53 PGP “Web of Trust” The idea behind the various trust fields in the public key ring is to establish a “Web of Trust” among a community of users. PGP “Web of Trust” The idea behind the various trust fields in the public key ring is to establish a “Web of Trust” among a community of users. If Alice trusts only Abe to sign certificates, then she won’t believe certificates from Martha or Emily are genuine. If she also trusts Bob’s judgment about signing certificates, she can trust Emily’s certificate; if she also trusts Carl, she can trust everyone’s certificate. Khushbu Shah

54 S/MIME Khushbu Shah

55 S/MIME includes a secure development of RFC 822/ MIME
Secure/Multipurpose Internet Mail Extension-Secure enhancement to MIME - - Internet format standard S/MIME will probably emerge as the industry standard for commercial and organizational use. PGP use for personal security Overview of The message is constructed under RFC 822, then passed to SMTP (RFC 821) for transmission. S/MIME includes a secure development of RFC 822/ MIME Khushbu Shah

56 Simple Mail Transfer Protocol (SMTP, RFC 822)
MIME is extension to RFC 822 framework that is intended to address some of problem and limitation to use of SMTP SMTP Limitations - Can not transmit, or has a problem with: executable files, or other binary files (jpeg image) “national language” characters- represnted as 8 bit codes with values of 128 decimal. SMTP limited to 7-bit ASCII Reject mail messages over a certain size ASCII to EBCDIC translation problems (not consistent mapping) lines longer than a certain length (72 to 254 characters) Khushbu Shah

57 S/MIME MIME is compatible to existing RFC 822 implementation
Specification provided in RFC 2045 through 2049 Five new message header fields are defined provides information about body of message. Number of content formats are defined Transfer encoding is defined that enables conversion to any format Khushbu Shah

58 ■ contain readable text (ASCII) ■ are divided into lines
Headers ■ contain readable text (ASCII) ■ are divided into lines ■ each line of form <keyword> : <value> Keywords To and From are required, others optional Khushbu Shah

59 RFC 822 states that the message can consist only of ASCII text.
MIME – Multipurpose Internet Mail Extensions (RFC 1521, 1993) In the body of the message we would like to be able to include items such as: ■ messages in languages with accents ■ Messages in non-Latin alphabets (Arabic, Russian, Hebrew) ■ Messages in languages without alphabets (Chinese and Japanese) ■ Messages not containing any kind of text (audio and video) Such material may contain an arbitrary bit string. Sender must “disguise”(mask or hide) non-ASCII information as ASCII This will be reversed by the receiver, to give the bit string. Khushbu Shah

60 From point of view of receiver:
If you receive this ASCII message how do you know what it is? Example: Content-Transfer-Encoding says “radix-64 conversion” Now you know that the message is a bit string that the sender has converted to radix-64 – you can recover the bit string, but you still don’t know what it is (image? Audio?) MIME header: Content-Type says “image/jpeg” which tells you how to process the received message. Khushbu Shah

61 Header fields in MIME MIME-Version: Must be value “1.0” ->conforms to RFC 2045, RFC 2046 Content-Type: More types being added by developers. Describes data contained in the body with sufficient detail Content-Transfer-Encoding: How message has been encoded (radix-64).Type of transformation used to represent data to users Content-ID: Unique identifying character string. Content Description: Needed when content is not readable text (e.g.,mpeg) Khushbu Shah

62 Header fields in MIME Khushbu Shah

63 S/MIME will add new subtypes to Application and Multipart
Khushbu Shah

64 Khushbu Shah

65 S/MIME Functions Enveloped Data: Encrypted content and encrypted session keys for recipients. Signed Data: Message Digest encrypted with private key of “signer.” Clear-Signed Data: Signed but not encrypted. message ASCII only, signature with radix-64 (recipients without S/MIME can view message, but cannot verify the signature) Signed and Enveloped Data: Various orderings for encrypting and signing. Khushbu Shah

66 S/MIME Functionality - continued
► Enveloped data: encrypted content plus encryption keys PGP equivalent: plus radix-64 conversion Radix-64 conversion Khushbu Shah

67 Radix-64 conversion after compression
S/MIME Functionality - continued ► Signed data: message plus digital signature (can be viewed only by recipient with S/MIME capability) PGP equivalent: plus radix-64 conversion Radix-64 conversion after compression ► Clear-signed data function: only the digital signature is converted to radix-64; the message is “in the clear” Khushbu Shah

68 S/MIME Functionality - continued
► Signed and enveloped data PGP equivalent: Khushbu Shah

69 Algorithms Used Message Digesting: SHA-1 and MDS
Digital Signatures: DSS Secret-Key Encryption: Triple-DES, RC2/40 (exportable) Public-Private Key Encryption: RSA with key sizes of 512 and 1024 bits, and Diffie-Hellman (for session keys). Khushbu Shah

70 Cryptographic Algorithms Used in S/MIME
Khushbu Shah

71 S/MIME Message Type Enveloped Data Signed Data Clear Signing
Registration Request-Application or user will apply to certification authority for public-key certificate-Include certificationInfo block followed by identifier of public key Certification-Only Message-Message containing only certificate or CRL list in response to Registration request. Khushbu Shah

72 S/MIME Certificate Processing
S/MIME uses X.509 version 3 “Hybrid between a strict X.509 hierarchy and PGP’s web of trust.” S/MIME does not set up a global system like the Domain Name System, to retrieve public-key certificates with minimal effort. Rather, each user, or user group, takes responsibility for obtaining the certificates of individuals with whom they want to correspond securely. Khushbu Shah

73 User Agent Role S/MIME uses Public-Key Certificates - X.509 version 3 signed by Certification Authority Several key management Functions: Key Generation – MUST-Diffie-Hellman, DSS, and SHOULD- RSA key-pairs. Registration – user’s Public keys must be registered with X.509 CA. Certificate Storage - Local (as in browser application) for different services. On behalf of user some local administrative entity maintained the certification list. Signed and Enveloped Data - Various orderings for encrypting and signing. Khushbu Shah

74 Verisign Certificates
Several companies provides CA (certification Authority) services Nortel provides S/MIME support Internet based CAs-Verisign, GTE, U.S. Portal Service Verisign is mostly used for CA service compatible with S/MIME and other applications. Issue certificate with product name Verisign Digital ID. DigitalID contains Owner’s public key Owner’s name or alias Expiration date of digitalID Serial no of DigitalID Name of CA that issued DigitalID And Signature of CA Also contain user supplied info Address, Address, basic Registration info Khushbu Shah

75 User Agent Role Example: Verisign (www.verisign.com)
Class-1: Buyer’s address confirmed by ing vital info. Digital ID is sent as well as PIN is sent. Class-2: Automated comparison with online database Postal address is confirmed as well, and data checked against directories. DigitalID is sent to postal address. Class-3: Buyer must appear in person, or send notarized documents. Khushbu Shah

76 Table 7.8 Verisign Public-Key Certificate Classes
Khushbu Shah

77 Khushbu Shah

Download ppt "Electronic mail security PGP & S/MIME"

Similar presentations

Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
03/21/06 Hofstra University – Network Security Course, CSC290A 1 Assignment 1 Pick sun.com and one other site. Using whois and ARIN, get as much information.

03/21/06 Hofstra University – Network Security Course, CSC290A 1 Assignment 1 Pick sun.com and one other site. Using whois and ARIN, get as much information.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Chapter 7 – Electronic Mail Security

Chapter 7 – Electronic Mail Security
Electronic Mail Security

Electronic Mail Security
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.

1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.
Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: Klaus 3362 .

Prof. John A. Copeland fax Office: Klaus
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
Chap 81 Electronic mail security. Chap 82 Outline Pretty good privacy S/MIME Recommended web sites.

Chap 81 Electronic mail security. Chap 82 Outline Pretty good privacy S/MIME Recommended web sites.

Similar presentations

Ads by Google