Top Banner

of 26

IS_UNIT-III_Sam

Jun 02, 2018

Download

Documents

Siligam Pranitha
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript

  • 8/10/2019 IS_UNIT-III_Sam

    1/26

    IS_Unit-III_Sam 1

    Unit-IIIElectronic mail

    security

  • 8/10/2019 IS_UNIT-III_Sam

    2/26

    IS_Unit-III_Sam 2

    Outline of Unit-III

    Pretty good privacy

    S/MIME

    Recommended web sites

  • 8/10/2019 IS_UNIT-III_Sam

    3/26

    IS_Unit-III_Sam 3

    Pretty Good Privacy

    Philip R. Zimmerman is the creator ofPGP.

    PGP provides a confidentiality andauthentication service that can beused for electronic mail and file

    storage applications.

  • 8/10/2019 IS_UNIT-III_Sam

    4/26

    IS_Unit-III_Sam 4

    Why Is PGP Popular?

    It is availiable free on a variety ofplatforms.

    Based on well known algorithms. Wide range of applicability

    Not developed or controlled bygovernmental or standardsorganizations

  • 8/10/2019 IS_UNIT-III_Sam

    5/26

    IS_Unit-III_Sam 5

    Operational Description

    Consist of five services: Authentication

    Confidentiality Compression

    E-mail compatibility

    Segmentation

  • 8/10/2019 IS_UNIT-III_Sam

    6/26

    IS_Unit-III_Sam 6

  • 8/10/2019 IS_UNIT-III_Sam

    7/26

    IS_Unit-III_Sam 7

    Compression

    PGP compresses the message afterapplying the signature but before

    encryption The placement of the compression

    algorithm is critical.

    The compression algorithm used isZIP (described in appendix 5A)

  • 8/10/2019 IS_UNIT-III_Sam

    8/26

    IS_Unit-III_Sam 8

    E-mail Compatibility

    The scheme used is radix-64 conversion(see appendix 5B).

    The use of radix-64 expands the message

    by 33%.

  • 8/10/2019 IS_UNIT-III_Sam

    9/26

    IS_Unit-III_Sam 9

    Segmentation and

    Reassembly Often restricted to a maximum

    message length of 50,000 octets.

    Longer messages must be broken upinto segments.

    PGP automatically subdivides a

    message that is to large. The receiver strip of all e-mail

    headers and reassemble the block.

  • 8/10/2019 IS_UNIT-III_Sam

    10/26

    IS_Unit-III_Sam 10

    Sumary of PGP Services

    Function Algorithm UsedDigital Signature DSS/SHA orRSA/SHA

    Message

    Encryption

    CAST or IDEA or

    three-key triple DESwith Diffie-Hellman

    or RSA

    Compression ZIPE-mail

    Compatibility

    Radix-64 conversion

    Segmentation-

  • 8/10/2019 IS_UNIT-III_Sam

    11/26

    IS_Unit-III_Sam 11

  • 8/10/2019 IS_UNIT-III_Sam

    12/26

    IS_Unit-III_Sam 12

    Format of PGP Message

  • 8/10/2019 IS_UNIT-III_Sam

    13/26

    IS_Unit-III_Sam 13

  • 8/10/2019 IS_UNIT-III_Sam

    14/26

    IS_Unit-III_Sam 14

  • 8/10/2019 IS_UNIT-III_Sam

    15/26

    IS_Unit-III_Sam 15

  • 8/10/2019 IS_UNIT-III_Sam

    16/26

    IS_Unit-III_Sam 16

    The Use of Trust

    Key legitimacy field

    Signature trust field

    Owner trust field

    See Table 5.2(W. Stallings)

  • 8/10/2019 IS_UNIT-III_Sam

    17/26

    IS_Unit-III_Sam 17

  • 8/10/2019 IS_UNIT-III_Sam

    18/26

    IS_Unit-III_Sam 18

    Revoking Public Keys

    The owner issue a key revocationcertificate.

    Normal signature certificate with arevote indicator.

    Corresponding private key is used to

    sign the certificate.

  • 8/10/2019 IS_UNIT-III_Sam

    19/26

    IS_Unit-III_Sam 19

    S/MIME

    Secure/Multipurpose Internet MailExtension

    S/MIME will probably emerge as theindustry standard.

    PGP for personal e-mail security

  • 8/10/2019 IS_UNIT-III_Sam

    20/26

  • 8/10/2019 IS_UNIT-III_Sam

    21/26

    IS_Unit-III_Sam 21

    Header fields in MIME

    MIME-Version: Must be 1.0 -> RFC 2045, RFC2046

    Content-Type: More types being added bydevelopers (application/word)

    Content-Transfer-Encoding: How message hasbeen encoded (radix-64)

    Content-ID: Unique identifying character string. Content Description: Needed when content is not

    readable text (e.g.,mpeg)

  • 8/10/2019 IS_UNIT-III_Sam

    22/26

    IS_Unit-III_Sam 22

    S/MIME Functions

    Enveloped Data:Encrypted content andencrypted session keys for recipients.

    Signed Data:Message Digest encryptedwith private key of signer.

    Clear-Signed Data:Signed but not

    encrypted. Signed and Enveloped Data:Various

    orderings for encrypting and signing.

  • 8/10/2019 IS_UNIT-III_Sam

    23/26

    IS_Unit-III_Sam 23

    Algorithms Used

    Message Digesting:SHA-1 and MDS

    Digital Signatures:DSS

    Secret-Key Encryption:Triple-DES,RC2/40 (exportable)

    Public-Private Key Encryption:RSA with

    key sizes of 512 and 1024 bits, and Diffie-Hellman (for session keys).

  • 8/10/2019 IS_UNIT-III_Sam

    24/26

    IS_Unit-III_Sam 24

    User Agent Role

    S/MIME uses Public-Key Certificates - X.509version 3 signed by Certification Authority

    Functions:

    Key Generation- Diffie-Hellman, DSS, and RSA key-pairs.

    Registration - Public keys must be registered withX.509 CA.

    Certificate Storage- Local (as in browser application)for different services.

    Signed and Enveloped Data- Various orderings forencrypting and signing.

  • 8/10/2019 IS_UNIT-III_Sam

    25/26

    IS_Unit-III_Sam 25

    User Agent Role

    Example: Verisign (www.verisign.com)

    Class-1: Buyers email address

    confirmed by emailing vital info. Class-2: Postal address is confirmed as

    well, and data checked against

    directories. Class-3: Buyer must appear in person,

    or send notarized documents.

  • 8/10/2019 IS_UNIT-III_Sam

    26/26

    IS_Unit-III_Sam 26

    Recommended Web Sites

    PGP home page: www.pgp.com

    MIT distribution site for PGP

    S/MIME Charter

    S/MIME Central: RSA Inc.s Web Site