1 / 29

PIS : Unit IV Pretty Good Privacy (PGP)

PIS : Unit IV Pretty Good Privacy (PGP). Sanjay Rawat Sanjay_r@vnrvjiet.in.

chava
Télécharger la présentation

PIS : Unit IV Pretty Good Privacy (PGP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PIS: Unit IVPretty Good Privacy (PGP) Sanjay Rawat Sanjay_r@vnrvjiet.in Based on the slides of Lawrie Brown, together with the book “Cryptography and Network Security” by William Stalling and “Internet Security: Cryptographic Principles, Algorithms and Protocols”, by Man Young Rhee PIS Unit 4 PGP Sanjay Rawat

  2. Email Security • email is one of the most widely used and regarded network services • currently message contents are not secure • may be inspected either in transit • or by suitably privileged users on destination system • Remember our analogy with Postal mail! PIS Unit 4 PGP Sanjay Rawat

  3. Email Security Enhancements • confidentiality • protection from disclosure • authentication • of sender of message • message integrity • protection from modification • non-repudiation of origin • protection from denial by sender PIS Unit 4 PGP Sanjay Rawat

  4. Pretty Good Privacy (PGP) • widely used de facto secure email • developed by Phil Zimmermann • selected best available crypto algs to use • integrated into a single program • on Unix, PC, Macintosh and other systems • originally free, now also have commercial versions available PIS Unit 4 PGP Sanjay Rawat

  5. PGP Services • Confidentiality via Encryption • Authentication via Digital Signature • Compression • Radix-64 Conversion • Segmentation (optional in case of large message) PIS Unit 4 PGP Sanjay Rawat

  6. 1. Confidentiality via Encryption • The sender creates a message. • The sending PGP generates a random 128-bit number to be used as a session key for this message only. • The session key is encrypted with RSA (or ElGamal), using the recipient’s public key. • The sending PGP encrypts the message, using CAST-128 or IDEA or 3DES, with the session key. Note that the message is also usually compressed. • The receiving PGP uses RSA with its private key to decrypt and recover the session key. • The receiving PGP decrypts the message using the session key. If the message was compressed, it will be decompressed PIS Unit 4 PGP Sanjay Rawat

  7. confidentiality PIS Unit 4 PGP Sanjay Rawat

  8. 2. Authentication via Digital Signature • The sender creates a message. • SHA-1 is used to generate a 160-bit hash code of the message. • The hash code is encrypted with RSA using the sender’s private key and a digital signature is produced(alternatively DSS/SHA-1). • The binary signature is attached to the message. • The receiver uses RSA with the sender’s public key to decrypt and recover the hash code. • The receiver generates a new hash code for the received message and compares it with the decrypted hash code. If the two match, the message is accepted as authentic. PIS Unit 4 PGP Sanjay Rawat

  9. Authentication PIS Unit 4 PGP Sanjay Rawat

  10. Confidentiality & Authentication • can use both services on same message • create signature & attach to message • encrypt both message & signature • attach RSA/ElGamal encrypted session key PIS Unit 4 PGP Sanjay Rawat

  11. 3. Compression • by default PGP compresses message after signing but before encrypting • an store uncompressed message & signature for later verification • Makes cryptanalysis difficult • uses ZIP compression algorithm PIS Unit 4 PGP Sanjay Rawat

  12. 4. Radix-64 Conversion • when using PGP will have binary data to send (encrypted message etc) • however email was designed only for text • hence PGP must encode raw binary data into printable ASCII characters • uses radix-64 algorithm (ASCII armor) • maps 3 bytes to 4 printable chars • also appends a CRC PIS Unit 4 PGP Sanjay Rawat

  13. Radix encoding PIS Unit 4 PGP Sanjay Rawat

  14. Radix example • Suppose the 24-bit raw text is: • 10110010 01100011 00101001 • The hex is b2 63 29 • Arranging in blocks of 6 bits yields: • 101100 100110 001100 101001 • The extracted 6-bit decimal values are 44, 38, 12, 41. • Referring to radix encoding, the radix-64 encoding of these decimal values produces the following characters: smMp PIS Unit 4 PGP Sanjay Rawat

  15. 5. Segmentation • There may be a limit on packet content. • PGP automatically subdivides a message that is too large into segments that are small enough to send via e-mail. • The segmentation is done after all of the other processing, including the radix-64 conversion. • Thus, the session key component and signature component appear only once, at the beginning of the first segment. PIS Unit 4 PGP Sanjay Rawat

  16. PGP Operation – Summary PIS Unit 4 PGP Sanjay Rawat

  17. PGP Cryptographic Keys • PGP makes use of four types of keys: • one-time session symmetric keys, • public keys (of other parties) • Private/public key pairs, and • passphrase-based symmetric keys PIS Unit 4 PGP Sanjay Rawat

  18. PGP Session Keys • need a session key for each message • of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES • Random 128-bit number are generated using an algo specified in ANSI X12.17 • uses random inputs taken from previous session keys and from keystroke timing and pressed keys of the user PIS Unit 4 PGP Sanjay Rawat

  19. PGP Public & Private Keys • since many public/private keys may be in use, need to identify which is actually used to encrypt session key in a message • could send full public-key with every message • but this is inefficient • rather use a key identifier based on key • is least significant 64-bits of the key • will very likely be unique • also use key ID in signatures PIS Unit 4 PGP Sanjay Rawat

  20. PGP Message Format PIS Unit 4 PGP Sanjay Rawat

  21. PGP Key Rings • each PGP user has a pair of keyrings: • public-key ring contains all the public-keys of other PGP users known to this user, indexed by key ID • private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted keyed from a hashed passphrase • security of private keys thus depends on the pass-phrase security PIS Unit 4 PGP Sanjay Rawat

  22. Private key ring DS PIS Unit 4 PGP Sanjay Rawat

  23. Public key ring DS PIS Unit 4 PGP Sanjay Rawat

  24. Trust management • owner trust • assigned by the user • possible values: • unknown user • usually not trusted to sign • usually trusted to sign • always trusted to sign • ultimately trusted (own key, present in private key ring) • signature trust • assigned by the PGP system • if the corresponding public key is already in the public-key ring, then its owner trust entry is copied into signature trust • otherwise, signature trust is set to unknown user PIS Unit 4 PGP Sanjay Rawat

  25. Trust management • key legitimacy • computed by the PGP system • if at least one signature trust is ultimate, then the key legitimacy is 1 (complete) • otherwise, a weighted sum of the signature trust values is computed • always trusted signatures has a weight of 1/X • usually trusted signatures has a weight of 1/Y • X, Y are user-configurable parameters • example: X=2, Y=4 • 1 ultimately trusted, or • 2 always trusted, or • 1 always trusted and 2 usually trusted, or • 4 usually trusted signatures are needed to obtain full legitimacy PIS Unit 4 PGP Sanjay Rawat

  26. PGP Message Generation PIS Unit 4 PGP Sanjay Rawat

  27. PGP Message Reception PIS Unit 4 PGP Sanjay Rawat

  28. PGP Key Management • rather than relying on certificate authorities • in PGP every user is own CA • can sign keys for users they know directly • forms a “web of trust” • trust keys have signed • can trust keys others have signed if have a chain of signatures to them • key ring includes trust indicators • users can also revoke their keys PIS Unit 4 PGP Sanjay Rawat

  29. ü ü ü ü ü ü ü Example – key legitimacy X = 1, Y = 2 C H G B D user F A I E untrusted / usually untrusted K usually trusted always trusted L J M ultimately trusted (you) signature ü legitimate PIS Unit 4 PGP Sanjay Rawat

More Related