1 / 29

ECE-6612 ece.gatech/~copeland/jac/6612/ Prof. John A. Copeland

ECE-6612 http://www.ece.gatech.edu/~copeland/jac/6612/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: Klaus 3362 MWF after class; email or call for office visit Chapter 5a - Pretty Good Privacy (PGP) Email (aka GPG or GnuPG - Gnu Privacy Guard).

esamuel
Télécharger la présentation

ECE-6612 ece.gatech/~copeland/jac/6612/ Prof. John A. Copeland

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ECE-6612 http://www.ece.gatech.edu/~copeland/jac/6612/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: Klaus 3362 MWF after class; email or call for office visit Chapter 5a - Pretty Good Privacy (PGP) Email (aka GPG or GnuPG - Gnu Privacy Guard)

  2. Electronic Mail In 1982, ARPANET email proposals were published as RFC 821 (www.ietf.org/rfc/rfc0821.txt) and RFC 822 • Email services since are based on these RFC's (+ many later) • CCITT X.400 & ISO MOTIS grew and waned as competitors • "User Agents" UA, and "Message Transfer Agents" MTA Three parts to an email message: • Envelope - information used to forward the contents • Header - standard strings, some added in route. > To: Cc: Bcc: From: Sender: > Received: (added in route), Return-Path: (by final MTA) > MIME headers added by RFC 1341 and 1521 > A. S. Tanenbaum, "Computer Networks," (3rd ed.) p.651 2

  3. MIME Headers Multipurpose Internet Mail Extensions (MIME) RFC 1341 and RFC 1521 • MIME -Version: version number • Content-Description: human-readable string • Content-ID: unique identifier • Content-Transfer-Encoding: body encoding > ASCII (Plain, quoted-printable, or Richtext) > Binary (base64) • Content-Type: nature of the message > Image (gif, jpeg), Video (mpeg), > Application (Postscript, octet-stream) > A.S.Tanenbaum, "Computer Networks," (3rd ed.) p.653 3

  4. Received: from didier.ee.gatech.edu (didier.ee.gatech.edu [130.207.230.10]) by eagle.gcatt.gatech.edu (8.8.8+Sun/8.7.1) with ESMTP id UAA00818 for <copeland@eagle.gcatt.gatech.edu>; Fri, 30 Jul 1999 20:00:35 -0400 (EDT) Received: from bwnewsletter.com (gw2.mcgraw-hill.com [198.45.19.20]) by didier.ee.gatech.edu (8.9.0/8.9.0) with ESMTP id UAA16500 for <jcopeland@ ece.gatech.edu >; Fri, 30 Jul 1999 20:00:33 -0400 (EDT) The last “Received:” line identifies the sender’s IP* Received: from NOP (152.159.60.175) by bwnewsletter.com with SMTP (Eudora Internet Mail Server 2.1); Fri, 30 Jul 1999 16:24:21 -0400 Message-Id: <1.5.4.32.19990730202137.00672900@businessweek.com> X-Sender: mustread@businessweek.com (Unverified) *Gmail and Yahoo now hide this information on email from a customer X-Mailer: Windows Eudora Light Version 1.5.4 (32) Mime-Version: 1.0 Date: Fri, 30 Jul 1999 16:21:37 -0400 To: bwnewsletter@bwnewsletter.com (note: I was on a Bcc: list) From: BW Online <insider@businessweek.com> Subject: BUSINESS WEEK ONLINE INSIDER -- July 30 Content-Type: text/plain; charset="us-ascii" Content-Length: 7694 4

  5. $ nslookup -q=MX ee.gatech.edu (nslookup -> host) ee.gatech.edu preference = 10, mail exchanger = mail.ee.gatech.edu ee.gatech.edu nameserver = eeserv.ee.gatech.edu ee.gatech.edu nameserver = duchess.ee.gatech.edu ee.gatech.edu nameserver = didier.ee.gatech.edu mail.ee.gatech.edu internet address = 130.207.230.10 eeserv.ee.gatech.edu internet address = 130.207.230.5 duchess.ee.gatech.edu internet address = 130.207.230.13 didier.ee.gatech.edu internet address = 130.207.230.10 5

  6. $ nslookup -q=mx mcgraw-hill.com Non-authoritative answer: mcgraw-hill.com preference = 20, mail exchanger = interlock.mgh.com Authoritative answers can be found from: mcgraw-hill.com nameserver = NS-01A.ANS.NET mcgraw-hill.com nameserver = NS-01B.ANS.NET mcgraw-hill.com nameserver = NS-02A.ANS.NET mcgraw-hill.com nameserver = NS-02B.ANS.NET NS-01A.ANS.NET internet address = 199.221.47.7 NS-01B.ANS.NET internet address = 199.221.47.8 NS-02A.ANS.NET internet address = 207.24.245.179 NS-02B.ANS.NET internet address = 207.24.245.178 6

  7. $ nslookup 198.45.19.20 [can also use “host” or “dig”] Name: gw2.mcgraw-hill.com Address: 198.45.19.20 $ nslookup 152.159.60.175 *** can't find 152.159.60.175: Non-existent host/domain $ traceroute 152.159.60.175 [on MS Windows, open DOS, type “tracert”] 1 24.88.12.129 (24.88.12.129 ): 17ms 2 stn-mtn-rtrb.atl.mediaone.net. (24.88.0.254 ): 18ms 3 24.93.64.69 (24.93.64.69 ): 20ms 4 24.93.64.61 (24.93.64.61 ): 17ms 5 24.93.64.57 (24.93.64.57 ): 25ms 6 sgarden-sa-gsr.carolina.rr.com. (24.93.64.30 ): 26ms 7 roc-gsr-greensboro-gsr.carolina. (24.93.64.17 ): 29ms 8 24.93.64.45 (24.93.64.45 ): 38ms 9 sjbrt01-vnbrt01.rr.com. (24.128.6.6 ): 41ms 10 pnbrt01-vnbrt01.rr.com. (24.128.6.85 ): 42ms 11 p217.t3.ans.net. (192.157.69.52 ): 51ms 12 h13-1.t32-0.new-york.t3.ans.net. (140.223.33.21 ): 49ms 13 f0-0.cnss33.new-york.t3.ans.net. (140.222.32.193 ): 53ms 14 s0.enss3339.t3.ans.net. (199.222.77.70 ): 61ms 15 * * * 16 * * * 7

  8. $ whois 152.159.60.175 OrgName: McGraw Hill, Inc OrgID: MCGRAW Address: 148 Princeton Htstown Rd City: Hightstown StateProv: NJ PostalCode: 08520 Country: US NetRange: 152.159.0.0 - 152.159.255.255 CIDR: 152.159.0.0/16 NetName: MHP-NET NameServer: AUTH111.NS.UU.NET NameServer: AUTH120.NS.UU.NET Comment: RegDate: 1992-03-18 Updated: 2004-04-01 RTechHandle: MW1053-ARIN RTechName: Weyman, Mike RTechPhone: +1-555609-426-5291 RTechEmail: mike_weyman@mgh.com RTechHandle: JGE8-ARIN RTechName: Gervasio, John RTechPhone: +1-555-426-5017 RTechEmail: john_gervasio@mgh.com OrgTechHandle: HOSTM339-ARIN OrgTechName: hostmaster OrgTechPhone: +1-555-426-5291 OrgTechEmail: hostmaster@mgh.com # ARIN WHOIS database, last updated 2006-09-24 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. 8

  9. Security Services for Email Privacy - only read by intended recipient (confidentiality, access, authorization) Authentication - confidence in ID of sender Non-repudiation - proof that sender sent it (attribution) Integrity - assurance of no data alteration Less Common: Proof of submission - was sent to email server Proof of delivery - was received (and read) by addressee (Web Bug) 9

  10. Investigating Email You Receive Look at “Raw” or “Source” Message to see: Headers HTML Links Investigate Source (who sent it) - “Lowest Received:” header Active Links in <a href= “http://{IP or URL}”>, {text} </a> Image Links in <img src=“{URL or filename}” </img> Programs to Use nslookup - IP from URL, or URL from IP whois - Register of domain (not URL) traceroute - path of packets through routers 10

  11. Privacy Establishing Keys • Public Key Certification • Exchange Public Keys Multiple Recipients • Encrypt message m with session key, S • Encrypt S with each recipient's key • Send: {S; Kbob}, {S; Kann}, ... , {m; S} Authentication of Source • Hash (MD4, MD5, SHA1) of message, encrypt with private key (provides ciphertext/plaintext pair) • Secret Key K: MIC is hash of K+m, or CBC residue with K (assuming message not encrypted with K). 11

  12. Message Integrity The source authentication methods that include a hash of the message provide MIC Non-repudiation Private-key signing provides non-repudiation. Secret-key method requires a "Notary" to "Sign" a time-stamp + hash of the message Proof of Delivery Acknowledge before reading - can't prove m was read. Acknowledge after - may have read without signing. 12

  13. Names and Addresses X.500 Name (ISO standard) • ?/C=US/O=CIA/OU=drugs/PN='Manny Norriega' Internet Name • m_noriega@mail.drugpc.cia.gov or manny@cia.gov • <user account name> @ <DNS host name or alias> • using the alias "mail" lets mail server program be moved from one host to another • in gatech.edu domain, "mail" is an alias for "vip1.ecc". Old message - later Non-reputiation • Need Notary to sign hash of message, Certificate used to authenticate Public Key, and current CRL 13

  14. PGP Email: Sign (optional) before Encryption (also optional) From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com 14

  15. with signature attached if there is one How PGP Encryption Works R64 Encoding From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com 15

  16. PGP Format Sender Public key Private key 1. ZIP Compress 2. Encrypt with Session Key 3. Encode to text with R64 16

  17. PGP Email Receiver Typed Passphrase Private Key Ring Public Key Ring H - Hash DC - Symmetric Decryption DP - Pub./Priv. Decryption Receiver’s Private Key Sender’s Public Key Session Key Check Signature Message ZIP Decompress R64 Decode to binary p.144-145 ed.3 17

  18. R64 Encode: Every 3 bytes split into 4 6-bit numbers 011001001011010101101010 n = 0 to 63 * 01011001 01001011 01010101 01101010 printable characters a-z A-Z 0-9 + / in a received message, “=“, “>”, CR, LF, ... are ignored * for most 6-bit inputs, R64(n) just adds 64 (puts an “01” in front) 18

  19. ASCII Characters used for R64 Encoding = used to pad 19

  20. To: ”Jim Jones" <jim_jones@hotmail.com> From: John Copeland <john.copeland@ece.gatech.edu> Subject: ECE8813 : PGP Endeavor... Cc: Bcc: X-Attachments: -----BEGIN PGP MESSAGE----- (both 5 –’s required) Version: PGPfreeware 6.5.2 for non-commercial <http://www.pgp.com> (blank line required) qANQR1DBwU4D6cjDU+QAxCwQB/9IZFOIuDSIIQbwa28SQ63DDioFb4bH4bmKfopX cvdDVQ1X53fSJzyLt12RslfQToje8YxRNidYMNg1zDTT7CR9q7LRFoAwBFVtQhWJ jFNXn1+aE8oePReMi6vS0DXSSDfgDuUb1R+c8htHoeik6Oebe9R90J3d51yyCojV AHT01kWlpvJIZGKyT3PdCh9wlr1hQsUGto10t32fBGsJCXew/EClb554AnyYSzP8 KAjuw1NdKOBlze0DCiO6Z5z+DAxAwlqTxcm42tthF5zFbTk4UKV6ORzIuHmRO7xR 5Io5nlM7T11PDaWqsjLr2ttrSySzARt5fAJ9l1mOH+hSl1YebRjZPaxWw+bsYuqN a0GYr2UdwgE1u5HQuhZ+bOIbSliShfKiNuDGHe6VJrchROHnC9Po2JWAOD7wMFq6 STZ/MPGzViaCUaaWPLSKleiURUh4Ly5/LaNYkaumO9vh+241FPqtZKqRVmHRg6dY UdgoI3yfc3JrvepFQT1yeRjEVrLQiUtyhcwdVoLjofgerGAfe3YuDCxM6wLIuCf7 Ro9edu01qTiXJj25cXHxeNMdA1txLxR3ontbExow+ML5kxs= =68Hd -----END PGP MESSAGE----- (both 5 –’s required) Radix-64 encoding of a binary (all 8-bit bytes) message 6-bits at a time into 64 printable ASCII characters (A-Z, a-z , 0-9, +, / bytes 65-90, 97-122, 48-57, 47, 43) pad with =. 20

  21. 21

  22. Public Key Information - PGP Commercial 22

  23. PGP Certificates Anyone can issue a Certificate to anyone, including themselves. Certificates can be revoked by the issuer, if a Certificate-Server is used that has a Revocation Database. Privacy Enhanced Mail, another standard Where PEM expands data into canonical form, • (+33% for text, +78% after encryption & R64) PGP compresses data using ZIP(-50%), encrypts (optional), then converts to R64 encoding (+33%) 23

  24. Things of which to be aware • Neither PEM nor PGP encodes mail headers • Subject can give away useful info •To and From give an intruder traffic analysis info • PGP gives recipient the original file name and modification date. • PEM may be used in a local system with unknown trustworthiness of certificates • Certificates often verify that sender is "John Smith" but he may not be the "John Smith”you think. Anyone can copy pictures from the Web. • Public PGP Key servers allow anyone to send you PGP encrypted mail, but their signature is easily forged. They can give your name & mail address to spammers. Avoid them. Get PGP keys directly from owners. 24

  25. http://www.gnupg.org/ Includes binaries for GnuPG. GPGTools https://www.gpgtools.org Email Program http://www.mozilla.org/en-US/thunderbird/ https://addons.mozilla.org/en-US/ thunderbird/addon/enigmail/ (Extension for Thunderbird, NOT recommended) 25

  26. Using GnuPG (PGP) 2016: GnuPG has good GUI interfaces for Thunderbird, Apple "Mail", and probably MS Outlook. ---------------------------------------------------------------------------- Install GPGTools : now you have the command line programs available to generate keys, maintain key-chain files, convert text files (.asc) into encrypted and/or signed ciphertext files (.pgp). The .pgp files can be emailed as attachments or, if the are “armored” (R64 encoded,) they can be pasted into the body of an email message. ------------------------------------------------------------------- Install Thunderbird email program. Under the “Tools” menu, select “Add-ons”. In the box at upper right that says “Search all add-ons”, type “Enigmail”. If found, install it; otherwise download the .xpi file from the link on previous slide, and then try again. Once installed you will see in the top Thunderbird menu “OpenPGP” next to “Tools” 26

  27. Using Thunderbird with GnuPG Read: https://www.gnupg.org/documentation/index.html (link) for critical stuff like this: “You need (to send PGP mail): > a secret key matching the mail address you want to write from (see Mail.app >Settings > Accounts) > the public key of the recipient > recipients and senders mail address have to perfectly match the mail addresses (as IDs) in the keys being used. 2016 ???: For the Encrypt button to become available, you need to enter the recipients mail address - only then will that button be enabled (and only if you have the matching Public Key).” 27

  28. Configuring Thunderbird for GT Mail Top Menu: File / New / Existing Mail Account ... Type in your User Name and password. Thunderbird will try to set up the configuration automatically, and fail. Then you can input the following information: User Name: (your GT id – primary mail name) Receiving Mail Server Protocol: imap (or pop – if you want to download mail) Server Name: imap.mail.gatech.edu (or pop.mail.gatech.edu) Server Port: 995 Security: SSL/TLS Authentication: Normal Password Sending Mail Server Protocol: smtp Server Name: smtp.mail.gatech.edu Server Port: 465 Security: SSL/TLS Authentication: Normal Password 28

  29. A PGP Email or .asc File Looks Like This: http://cryptome.org/jya/openpgp-01.htm Syntax Start Comments “ 1 Blank Line R64 <=78 char. “ “ ‘ “ “ “ “ “ “ “ “ “ “ “ “ “ (pad =‘s) = Checksum Stop -----BEGIN PGP MESSAGE----- Version: 9.9.1.287 Comment: Do not worry about "UNTRUSTED Good Signature" qANQR1DBwEwD7GfrZjlPkZ0BB/9YW6/cTpNVkwdyuTmlo/fcTB0lIjy6C4LnUtx2 10BwJCwdcFHcIkS9Iw0+/9wKNafArxciCwpSM2BBYePksl2JQUf7in8MILirKtd6 Foy9yEJmtD5JzaVDF1tYElT9ntzNk2jvcengkD/PhkmEaT+VIY1Cw5Bf5HP6OPOE J4RqTRjaGjkGrmcP3zywjESzfk0iN2z2mtsDHufFqJ0hvQAusAZ2c5GjK9jUsvHy 8gzBW9aFlINHpWL90G3XGtaKfudM9QGTjXIs99Pfdj08jUd/xSn+FsDW6ulhlluW pCwohtN06qN6VvI2vbC3eGV5RCd+5b6iR3O26hY/NOssjI5jwcBOA72/fxTdBTHg EAP8DJVFBQzRjn2RBWr7Bo+zV3DlHXMr9kU02szQ+h4WNU7ffEakhlnwDoqnHvh3 QfH/8G7heOlGjM3hITZj8rw66OQ/s4o/8o7N1wERhJYc4/oWOmAopyy8jIliB9AK n90fKWbfrTUrShF1qJdQuLMV0E30lHsKDKDyZ9vhklt2D20D/3Yl0zRlEk4w5x9c i3mZC2XpKsgmttRABg65R1E4tQqPNiQTuL3YrpQfgLT9rMpW5UmyppSuZvD9CpsW IG7I8MT33eY5Eh4twTdErvpXN+uUWDadiPb6J8ifpBfzhuzWhiom7KAI3+4y6OX5 sYyyZHtqxNxg6ziZ76B/H+/vaegD0sBrATEJtdnDAipPogZYAzwuQ8PCO985wHuu 2aFbPaVqLPMWwwFck3bvV46E49RWIPgkJmpMiimaG236HdQbF4nhZgUjfggGE3cm qP9eChxuV8kyZLIgkh1CaKP/XQSZlpl2js+D0M1Mq6ef4BZ3BNW+TPLjYNGM1Yt/ +0NlLn+AxUvZmVNJvuxdeNKIn7jkpK5w466wRaiffujLzwJdzwISIofm7oEp88dP A9udzotKGM+FOHi3tHwPiox+l/PdMv34AlMPY2c2qDEcwBSKAYR8ASBM/nulY6bK wZwbYGlSdxT/FTDb9i32+WuUU7HeUPZvFizUIPwFzPeI8RlkaLdhsElmbPuGar5l C7PMoOHuCnnSB4DdgUEqM5ScJRI6ToGDAjh3XZ9BRwfD0O8= =auCB -----END PGP MESSAGE----- DO NOT LET YOUR EMAIL PROGRAM REFORMAT THIS AS RTF OR HTML. 29

More Related