Top Banner
1 Pretty Good Privacy (PGP) Security for Electronic Email
29

1 Pretty Good Privacy (PGP) Security for Electronic Email.

Mar 28, 2015

Download

Documents

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

1

Pretty Good Privacy (PGP)

Security for Electronic Email

Page 2: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

2

There are two main schemes which are especially designed to provide confidentiality and authentication for electronic mail systems. These are:

PGP(Pretty Good Privacy)

S/MIME(Secure/Multipurpose Internet Mail Extension)

Page 3: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

3

S/MIME

S/MIME uses public key certificates conforming to standard X.509 and signed by a certification agency. In other respects, S/MIME is quite similar to PGP.S/MIME is not studied in any detail on this course and is not examinable.Details of the scheme are available in Chapter 5 of Stalling if you are interested.

Page 4: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

4

PGP

• Developed by Phil Zimmerman in 1995.• Documentation and source code is freely

available.• The package is independent of operating

system and processor.• PGP does not rely on the “establishment”

and it’s popularity and use have grown extensively since 1995.

Page 5: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

5

• PGP combines the best available cryptographic algorithms to achieve secure e-mail communication.

• It is assumed that all users are using public key cryptography and have generated a private/public key pair.

• Either RSA (with RSA digital signatures) or El Gamel (with DSA) can be used.

• All users also use a symmetric key system such as triple DES or Rijndael.

Page 6: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

6

What does PGP do?

PGP offers 5 services:

1. Authentication

2. Confidentiality

3. Compression

4. E-mail compatibility

5. Segmentation

Page 7: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

7

PGP Authentication

This is a digital signature scheme with hashing.

1. Alice has (private/public) key pair (Ad/Ae) and she wants to send a digitally signed message m to Bob.

2. Alice hashes the message using SHA-1 to obtain SHA(m).

Page 8: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

8

3. Alice encrypts the hash using her private key Ad to obtain ciphertext c given by

c=pk.encryptAd(SHA(m))

4. Alice sends Bob the pair (m,c)

5. Bob receives (m,c) and decrypts c using Alice's public key Ae to obtain signature s

s=pk.decryptAe(c)

Page 9: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

9

6. He computes the hash of m using SHA-1 and if this hash value is equal to s then the message is authenticated.

Bob is sure that the message is correct and that is does come from Alice. Furthermore Alice cannot later deny sending the message since only Alice has access to her private key Ad which works in conjunction with the public key Ae.

Page 10: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

10

PGP Confidentiality

1. Alice wishes to send Bob a confidential message m.

2. Alice generates a random session key k for a symmetric cryptosystem.

3. Alice encrypts k using Bob’s public key Be to get

k’ = pk.encryptBe(k)

Page 11: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

11

4. Alice encrypts the message m with the session key k to get ciphertext c

c=sk.encryptk(m)

5. Alice sends Bob the values (k’,c)

6. Bob receives the values (k’,c) and decrypts k’ using his private key Bd to obtain k

k=pk.decryptBd(k’)

Page 12: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

12

7. Bob uses the session key k to decrypt the ciphertext c and recover the message m

m=sk.decryptk(c)

Public and symmetric key cryptosystems are combined in this way to provide security for key exchange and then efficiency for encryption. The session key k is used only to encrypt message m and is not stored for any length of time.

Page 13: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

13

PGP Authenticaton and Confidentiality (at the same time)

The schemes for authentication and confidentiality can be combined so that Alice can sign a confidential message which is encrypted before transmission. The steps required are as follows:

1. Alice generates a signature c for her message m as in the Authentication scheme

c=pk.encryptAd(SHA(m))

Page 14: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

14

2. Alice generates a random session key k and encrypts the message m and the signature c using a symmetric cryptosystem to obtain ciphertext C

C=sk.encryptk(m,c)4. She encrypts the session key k using

Bob’s public key

k’ = pk.encryptBe(k)

5. Alice sends Bob the values (k’,C)

Page 15: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

15

6. Bob recieves k’ and C and decrypts k’ using his private key Bd to obtain the session key k

k=pk.decryptBd(k’)

7. Bob decrypts the ciphertext C using the session key k to obtain m and c

(m,c) = sk.decryptk(C)

Page 16: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

16

8. Bob now has the message m. In order to authenticate it he uses Alice’s public key Ae to decrypt the signature c and hashes the message m using SHA-1.

If SHA(m) = pk.decryptAe(c)

Then the message is authenticated.

Page 17: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

17

PGP Compression

PGP can also compress the message if desired. The compression algorithm is ZIP and the decompression algorithm is UNZIP.

1. The original message m is signed as before to obtain

c=pk.encryptAd(SHA(m))

Page 18: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

18

2. Now the original message m is compressed to obtain

M=ZIP(m)

3. Alice generates a session key k and encrypts the compressed message and the signature using the session key

C=sk.encryptk(M,c)

4. The session key is encrypted using Bob’s public key as before.

Page 19: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

19

5. Alice sends Bob the encrypted session key and ciphertext C.

6. Bob decrypts the session key using his private key and then uses the session key to decrypt the ciphertext C to obtain M and c

(M,c) = sk.decryptk(C)7. Bob decompresses the message M to obtain

the original message mm=UNZIP(M)

Page 20: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

20

8. Now Bob has the original message m and signature c. He verifies the signature using SHA-1 and Alice’s public key as before.

Note that the compression is applied after signing (due to implementation of ZIP) but before encryption (this strengthens the security of the scheme since the message has less redundancy after compression)

Page 21: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

21

PGP E-Mail Compatibility

Many electronic mail systems can only transmit blocks of ASCII text. This can cause a problem when sending encrypted data since ciphertext blocks might not correspond to ASCII characters which can be transmitted.

PGP overcomes this problem by using radix-64 conversion.

Page 22: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

22

Radix-64 conversion

Suppose the text to be encrypted has been converted into binary using ASCII coding and encrypted to give a ciphertext stream of binary.

Radix-64 conversion maps arbitrary binary into printable characters as follows:

Page 23: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

23

Radix-64 conversion

1. The binary input is split into blocks of 24 bits (3 bytes).

2. Each 24 block is then split into four sets each of 6-bits.

3. Each 6-bit set will then have a value between 0 and 26-1 (=63).

4. This value is encoded into a printable character.

Page 24: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

24

6 bit value

Character

encoding

6 bit value

Character

encoding

6 bit value

Character

encoding

6 bit value

Character

encoding

0

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

Q

R

S

T

U

V

W

X

Y

Z

a

b

c

d

e

f

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

(pad)

w

x

y

z

0

1

2

3

4

5

6

7

8

9

+

/

=

Page 25: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

25

PGP Segmentation

Another constraint of e-mail is that there is usually a maximum message length.

PGP automatically blocks an encrypted message into segments of an appropriate length.

On receipt, the segments must be re-assembled before the decryption process.

Page 26: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

26

Key Issues

1. Key Generation

Recall that a new session key is required each time a message is encrypted. How are these keys generated?

PGP uses the timing of key strokes and key patterns to generate random numbers.

Page 27: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

27

2. Key Identifiers

PGP allows users to have more than one public/private key pair

To increase security To ease the key changeover period

So how does Bob know which set of keys he should be using?

Page 28: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

28

• In the case of encryption, (Alice uses Bob’s public key) Alice can send Bob the public key with the message since this is not secret (in fact Alice only sends the 64 least significant bits so that Bob can identify the key).

• In the case of digital signatures Alice uses her private key and Bob uses Alice’s corresponding public key. Alice cannot send Bob her private key, but she can look up the corresponding public key and send the 64 least significant bits of that.

Page 29: 1 Pretty Good Privacy (PGP) Security for Electronic Email.

29

So a PGP message might consist of:

• Message component – the actual data to be transmitted + a filename + a timestamp;

• Signature component – timestamp + hash of message and timestamp + first part of message (so user can check that they are decrypting correctly) + Key ID of sender’s public key

• Session Key component – session key + key ID of recipient’s public key