Top Banner
Securing Email Securing Email Using PGP Using PGP and Digital Certificates and Digital Certificates Putting together Putting together cipher, cipher, d d igital signature, and igital signature, and MD5 one-way hashing MD5 one-way hashing
34

Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Dec 25, 2015

Download

Documents

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Securing Email Securing Email Using PGPUsing PGP

and Digital Certificatesand Digital Certificates

Putting together Putting together cipher, dcipher, digital igital signature, and MD5 one-way signature, and MD5 one-way

hashing hashing

Page 2: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

OutlineOutline

How email worksHow email works?? Signing emailSigning email Securing contentsSecuring contents PGP PGP -- Pretty Good Privacy-- Pretty Good Privacy and and

PEMPEM -- Privacy Enhanced Mail -- Privacy Enhanced Mail Public Key CertificatesPublic Key Certificates

Page 3: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

How does email workHow does email work??

Suppose that Alice in Australia wants Suppose that Alice in Australia wants to send a message to Bob in USA via to send a message to Bob in USA via emailemailAlice starts an email program on her Alice starts an email program on her

computer, and types in Bob’s email computer, and types in Bob’s email addressaddress

Alice composes (writes) the messageAlice composes (writes) the messageAlice hits a special key to tell the Alice hits a special key to tell the

computer that the message is readycomputer that the message is ready to to go!go!

Page 4: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

How does email work ? (2)How does email work ? (2)

Alice’s email system adds a header to the Alice’s email system adds a header to the message (including destination, return message (including destination, return address, time stamp etc), and sends it to address, time stamp etc), and sends it to the nearest email gateway (a computer)the nearest email gateway (a computer)

The message is relayed from computer to The message is relayed from computer to computer before finally reaching Bob’s computer before finally reaching Bob’s computercomputer

Page 5: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

A sample messageA sample message

to: [email protected]: [email protected]

from: alice@from: [email protected]

subject: hellosubject: hello

date: Mon, 26 date: Mon, 26 AugAug 20012001 13:23:47 13:23:47

Hi Bob,

I am coming down to states in January.

Alice

Page 6: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

header + messageheader + message

headermessage

Page 7: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Possible attacksPossible attacks

spoofingspoofinga third party may impersonate Alice and a third party may impersonate Alice and

send a fake/modified message to Bobsend a fake/modified message to Bob EavesdroppingEavesdropping

a party sitting between Alice and Bob may a party sitting between Alice and Bob may peep communications between thempeep communications between them

ReplayReplaya party sitting between Alice and Bob may a party sitting between Alice and Bob may

re-send to Bob an old message from Alicere-send to Bob an old message from Alice

Page 8: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Preventing spoofing & replayPreventing spoofing & replay

UseUseRSA digital signatureRSA digital signatureMD5 one-way hash algorithmMD5 one-way hash algorithm

Page 9: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

What Alice has to doWhat Alice has to do??

prepares a pair of public and secret prepares a pair of public and secret keyskeyspublic key:public key: (e(eaa, n, naa))secret key: dsecret key: daa

registers her public key in a publicly registers her public key in a publicly available site and circulates it among available site and circulates it among friends (and also attaches it to the end friends (and also attaches it to the end of all her email messages)of all her email messages)..

composes a messagecomposes a message..

Page 10: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

What Alice’s computer has to doWhat Alice’s computer has to do??

attaches to the message a header (to:, attaches to the message a header (to:, from:, date: subject:, etc)from:, date: subject:, etc)

uses MD5 to hash the pair (message, uses MD5 to hash the pair (message, header) into a 128-bit valueheader) into a 128-bit value

uses Alice’s secret key duses Alice’s secret key daa to sign to sign

(decrypt) the 128-bit value(decrypt) the 128-bit value sends to the email gateway a triplet sends to the email gateway a triplet

(header, message, signature)(header, message, signature)

Page 11: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

header, message, signatureheader, message, signature

signature

Alice’s RSA secret key ka

1-way hashingby MD5

tka mod na

128 bits

signature

header

message

header

message

t

Page 12: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

What Bob’s computer has to doWhat Bob’s computer has to do??

finds out Alice’s public key (efinds out Alice’s public key (eaa, n, naa)) verifies (header, message, signature)verifies (header, message, signature) if OK, accepts that it is a message if OK, accepts that it is a message

from Alicefrom Alice Otherwise, informs Bob that it is NOT Otherwise, informs Bob that it is NOT

a genuine message from Alicea genuine message from Alice

Page 13: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

CheckCheck

how does the previous scheme how does the previous scheme prevent spoofing and replaying ?prevent spoofing and replaying ?

does Bob have to have his public and does Bob have to have his public and secret keys ? why ?secret keys ? why ?

Page 14: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Preventing peeping Preventing peeping

the basic idea to encrypt each the basic idea to encrypt each message by the use of hybrid RSA and message by the use of hybrid RSA and IDEAIDEAIDEA is a private key cipherIDEA is a private key cipher

key: 128 bits, plain/ciphertext: 64 bitskey: 128 bits, plain/ciphertext: 64 bits

an extra requirement:an extra requirement:Bob should Bob should

publish his public key (epublish his public key (ebb, n, nbb))

keeps his secret key dkeeps his secret key dbb in a safe place in a safe place

Page 15: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Alice’s computerAlice’s computer

As before, uses Alice’s secret key dAs before, uses Alice’s secret key daa to to

sign a message and gets a triplet sign a message and gets a triplet (header, message, signature)(header, message, signature)

picks a random 128-bit IDEA key kpicks a random 128-bit IDEA key k encrypts (message, signature) using encrypts (message, signature) using

IDEA under the key kIDEA under the key k finds out Bob’s public key (efinds out Bob’s public key (ebb, n, nbb))

encrypts k using (eencrypts k using (ebb, n, nbb))

Page 16: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Message formatMessage format

EIDEAkeb mod nb

IDEAkey k

IDEAkey k

signature

message

signature

Bob’s RSA public key (eb, nb)

header

message

header

Page 17: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Message sent by AliceMessage sent by Alice

Alice’s computer sends to Bob’s Alice’s computer sends to Bob’s computer four (4) partscomputer four (4) partsheader, un-encryptedheader, un-encryptedmessage, encrypted using IDEA under kmessage, encrypted using IDEA under ksignature, encrypted using IDEA under ksignature, encrypted using IDEA under kIDEA key k, encrypted using Bob’s RSA IDEA key k, encrypted using Bob’s RSA

public key (epublic key (ebb, n, nbb))

Page 18: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

header + messageheader + message

to: [email protected]: [email protected]

from: [email protected]: [email protected]

subject: hellosubject: hello

date: Mon, 26 Feb 1996 13:23:47date: Mon, 26 Feb 1996 13:23:47

Hi Bob,

Meet in January at home ?

Alice

Page 19: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

header + message + signatureheader + message + signature

to: [email protected]: [email protected]: [email protected]: [email protected]: hellosubject: hellodate: Mon, 26 Feb 1996 13:23:47date: Mon, 26 Feb 1996 13:23:47

-----BEGIN PGP SIGNED MESSAGE----------BEGIN PGP SIGNED MESSAGE-----

Hi Bob,Meet in January at home ?Alice

-----BEGIN PGP SIGNATURE-----Version: 2.6.3iCharset: noconv

iQBVAwUBMT5dAjFqX5nL8leRAQGKoAH+LKirz3rVncjQ7xYZ+q/noL9MJGVmeuDzF0FjDtE2NgZoLQh7H6tlK3HzvMLCMK1a53xbMfPEBdYq/hvF7B3/xQ===FuR2-----END PGP SIGNATURE-----

Page 20: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

header + encrypted (message + signature)header + encrypted (message + signature)

to: [email protected]: [email protected]

from: [email protected]: [email protected]

subject: hellosubject: hello

date: Mon, 26 Feb 1996 13:23:47date: Mon, 26 Feb 1996 13:23:47

-----BEGIN PGP MESSAGE----------BEGIN PGP MESSAGE-----

Version: 2.6.3i

hEwDe3NF6ydtp0kBAf9pUR0Yf71cGBSEIYYviDZwWSEQdZdeP8ulMZofaChxQnEE

T+1Z7m1GzT/qwfrW7edYEHb1U/Jk5PuGyO56JlYipgAAAJ1H4ubdEeEAcIafD+IO

hFvHt7qiIq+OIzR3NDxlXtxp5IIBKjQqXLJduuFkTUlq0G3v1QTaR/K7IcEMGBEH

ZVxye3qsRvDN7TGgl+PIxNS7gC6rgqZpJ5M0dXdAsG1L+3GO8FFYvPPfUOjmstTn

+O5BXMYPbYkPE2fBTZ/COGxRIe09bULPwW6hnnr6It5GFB0Id/XZVcznzAql0tjO

=6pZH

-----END PGP MESSAGE-----

Page 21: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Bob’s computerBob’s computer

When receiving the parts from Alice, When receiving the parts from Alice, Bob’s computerBob’s computeruses Bob’s secret key duses Bob’s secret key dbb to decrypt the to decrypt the

4th part and extract IDEA key k4th part and extract IDEA key kuses k and IDEA to decrypt the 2nd & 3rd uses k and IDEA to decrypt the 2nd & 3rd

partspartsuses Alice’s public key (euses Alice’s public key (eaa, n, naa) to check ) to check

Alice’s signature on the 1st & 2nd partsAlice’s signature on the 1st & 2nd partsif OK, accepts it as a genuine message if OK, accepts it as a genuine message

from Alicefrom Alice

Page 22: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Check by yourselfCheck by yourself

explain howexplain howspoofingspoofingeavesdroppingeavesdroppingreplayreplay

are preventedare prevented why the 1st part (the header) is NOT why the 1st part (the header) is NOT

encrypted ?encrypted ?

Page 23: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Signature-and-encryption orSignature-and-encryption orencryption-and-signatureencryption-and-signature

2 alternative approaches to achieving 2 alternative approaches to achieving authenticity and confidentialityauthenticity and confidentialitySignature-and-encryptionSignature-and-encryption

Signing the message first, followed by Signing the message first, followed by “sealing” the message-signature pair“sealing” the message-signature pair

Encryption-and-signatureEncryption-and-signature“scrambling” the message first, following “scrambling” the message first, following by signing the ciphertextby signing the ciphertext

Page 24: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Signature-and-encryption orSignature-and-encryption orencryption-and-signature (2)encryption-and-signature (2)

message

signature signature

message

Signature-and-encryption encryption-and-signature

Page 25: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Bob’s

signat

ure

A potential spoofing attack against A potential spoofing attack against encryption-then-signatureencryption-then-signature

Bob’ssignature

Happy birthday !

Bill’ssignature

Happy birthday !

Bob Bill

Cathy

Thank you Bill !

Page 26: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

The importance of orderThe importance of order

UseUse““signature followed by encryptionsignature followed by encryption””in your applications !in your applications !

Page 27: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Reminder: Marvin’s “Public Key Faking” Reminder: Marvin’s “Public Key Faking” AttackAttack

Instead of just eavesdropping, Marvin can try Instead of just eavesdropping, Marvin can try a more a more active active attack!attack!

Outline of the New Attack:Outline of the New Attack: Marvin generates an RSA key pairMarvin generates an RSA key pair

Public key = Kpub_* = (N_*, e_*)Public key = Kpub_* = (N_*, e_*) Secret key = Ksec_* = d_*Secret key = Ksec_* = d_*

Marvin sends the following email to Alice, Marvin sends the following email to Alice, pretending to be Bob:pretending to be Bob: Hi Alice, Hi Alice,

Please use my new public key from now on to encrypt Please use my new public key from now on to encrypt messages to me. My new public key is Kpub_*. messages to me. My new public key is Kpub_*.

Yours sincerely, Bob.Yours sincerely, Bob.

Marvin decrypts any messages Alice sends to Bob Marvin decrypts any messages Alice sends to Bob (encrypted with Kpub_*), using Ksec_*.(encrypted with Kpub_*), using Ksec_*.

Page 28: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Preventing Marvin’s Attack (1)Preventing Marvin’s Attack (1)

Marvin’s Attack illustrates that:Marvin’s Attack illustrates that: In the context of Public Key Encryption, Alice In the context of Public Key Encryption, Alice

must make sure she is not using a “fake public must make sure she is not using a “fake public key” produced by Marvin (like Kpub_*) to encrypt key” produced by Marvin (like Kpub_*) to encrypt messages to Bobmessages to Bob

In the context of Digital Signatures, Alice must In the context of Digital Signatures, Alice must make sure she is not using a “fake public key” make sure she is not using a “fake public key” produced by Marvin to verify digital signatures produced by Marvin to verify digital signatures on documents claimed to be produced by Bob.on documents claimed to be produced by Bob.

Page 29: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Preventing Marvin’s Attack (2)Preventing Marvin’s Attack (2)

When Alice obtains Bob’s public key from When Alice obtains Bob’s public key from some source, she is really receiving a some source, she is really receiving a document C containing a statement of the document C containing a statement of the form “Bob’s public key is X”.form “Bob’s public key is X”.

To prevent Marvin’s attack, Alice wants to To prevent Marvin’s attack, Alice wants to check the integrity of the document C before check the integrity of the document C before she believes the statement it contains.she believes the statement it contains.

This is commonly done using a “Public Key This is commonly done using a “Public Key Certification” system in conjunction with a Certification” system in conjunction with a digital signature scheme - This system is digital signature scheme - This system is described in the following slides.described in the following slides.

Page 30: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Public Key Certification System (1)Public Key Certification System (1)

A Public Key Certification System requires the A Public Key Certification System requires the establishment of (at least one) establishment of (at least one) Trusted Trusted Certification AuthorityCertification Authority (CA). (CA).

The CA is an organization known to all users The CA is an organization known to all users and trusted by the users to:and trusted by the users to: Issue Certificates by following properly the procedure Issue Certificates by following properly the procedure

described in following slidedescribed in following slide Guard its Guard its secretsecret digital signature key SK_CA very well! digital signature key SK_CA very well!

All users obtain the CA’s All users obtain the CA’s publicpublic digital digital signature key PK_CA directly from the signature key PK_CA directly from the CA.CA.

Page 31: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Issuing Digital Certificates (1)Issuing Digital Certificates (1)

The CA issues Digital Certificates to users as The CA issues Digital Certificates to users as follows:follows:A user Bob generates a key pair (Kpub, Ksec).A user Bob generates a key pair (Kpub, Ksec).Bob goes (ideally physically) to the CA, gives his Bob goes (ideally physically) to the CA, gives his

public key Kpub, and declares “I’m Bob Smith, public key Kpub, and declares “I’m Bob Smith, and Kpub is my public key!”and Kpub is my public key!”

The CA asks Bob to present strong proof of The CA asks Bob to present strong proof of identity (eg Passport, driver’s licence), to ensure identity (eg Passport, driver’s licence), to ensure that CA is really talking to Bob Smith (and not that CA is really talking to Bob Smith (and not Marvin, for example).Marvin, for example).

If CA is convinced it is really talking to Bob Smith, If CA is convinced it is really talking to Bob Smith, the CA produces a digital certificate for Bob (see the CA produces a digital certificate for Bob (see next slide for detailed content).next slide for detailed content).

Page 32: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Issuing Digital Certificates (2)Issuing Digital Certificates (2)

The Digital Certificate C_Bob given to Bob by The Digital Certificate C_Bob given to Bob by CA consists of essentially FIVE parts:CA consists of essentially FIVE parts:Part A.Part A. Bob’s unique identification information (eg Bob’s unique identification information (eg

Full name, address, etc)Full name, address, etc)Part B.Part B. Bob’s public key, Kpub Bob’s public key, KpubPart C.Part C. A unique certificate serial no. A unique certificate serial no.Part D.Part D. Issue time, Expiry time, and any other Issue time, Expiry time, and any other

conditions of use.conditions of use.Part E.Part E. The CA’s The CA’s digital signaturedigital signature on the on the

document consisting of Parts (A,B,C,D).document consisting of Parts (A,B,C,D).

So C_Bob = (A,B,C,D,E).So C_Bob = (A,B,C,D,E).

Page 33: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Using Digital Certificates (1)Using Digital Certificates (1)

Bob distributes his digital certificate C_Bob.Bob distributes his digital certificate C_Bob. Note that:Note that:

The certificate C_Bob is The certificate C_Bob is NOTNOT secret secretBob Bob CANNOTCANNOT use the certificate C_Bob by itself use the certificate C_Bob by itself

as a proof of identity (since anyone can get a as a proof of identity (since anyone can get a copy of it).copy of it).

When Alice needs Bob’s public key (eg to When Alice needs Bob’s public key (eg to encrypt a message to Bob, or to verify Bob’s encrypt a message to Bob, or to verify Bob’s signature on a document) she obtains Bob’s signature on a document) she obtains Bob’s digital certificate C_Bob (eg from Bob’s web digital certificate C_Bob (eg from Bob’s web server).server).

Page 34: Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD5 one-way hashing.

Using Digital Certificates (2)Using Digital Certificates (2)

From Part B of the certificate C_Bob, Alice From Part B of the certificate C_Bob, Alice extracts Bob’s public key PK_Bob.extracts Bob’s public key PK_Bob.

But before using PK_Bob, Alice verifies that But before using PK_Bob, Alice verifies that the certificate C_Bob is a the certificate C_Bob is a validvalid certificate for certificate for Bob - This means that Alice verifies that:Bob - This means that Alice verifies that:1. C_Bob contains (in part E) a valid signature by CA 1. C_Bob contains (in part E) a valid signature by CA

on the rest of the certificate (parts A,B,C,D).on the rest of the certificate (parts A,B,C,D).2. Part A of C_Bob contains Bob’s correct (unique) 2. Part A of C_Bob contains Bob’s correct (unique)

identification details (name, address,…).identification details (name, address,…).3. All the conditions stated in part D of the certificate 3. All the conditions stated in part D of the certificate

C_Bob are valid (eg certificate has not expired yet).C_Bob are valid (eg certificate has not expired yet). Alice rejects C_Bob if it fails the test above!Alice rejects C_Bob if it fails the test above!