1 / 17

Pretty Good Privacy

by Philip Zimmerman. Pretty Good Privacy. presented by: Chris Ward. What is PGP?. a non-proprietary protocol for the secure exchange of information between individuals a free, open-source program implementing this protocol. Why do you need PGP?. privacy: for protecting personal information

roana
Télécharger la présentation

Pretty Good Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. by Philip Zimmerman Pretty Good Privacy presented by: Chris Ward

  2. What is PGP? • a non-proprietary protocol for the secure exchange of information between individuals • a free, open-source program implementing this protocol

  3. Why do you need PGP? • privacy: for protecting personal information • secrecy: for hiding illegal, unethical, or immoral activity • you don’t need it: you have nothing to protect or hide

  4. Why should you know about PGP? • It uses tools that are essential to all forms of secure communication. • public-key cryptography • private-key cryptography • message digests • digital signatures

  5. Why should you know about PGP? • It uses tools to provide all aspects of secure communication. • privacy (private-key cryptography) • integrity (message digests) • authentication (digital signature) • non-repudiation (digital signature + message digest)

  6. In this presentation I will… • introduce the tools used by PGP • describe how each tool can be used to provide some aspect(s) of secure communication • show how PGP combines all of these tools to facilitate the secure exchange of information between individuals

  7. Tool # 1: Private-Key Cryptography • two parties share a single secret key • an encryption scheme encrypts/decrypts information according to the value of the key • good encryption algorithm: most efficient attack is not significantly better than brute force (guessing each possible key) • Examples: DES, Triple DES, AES

  8. Privacy with Private-Key Cryptography • Alice and Bob share a secret key Ks • Alice composes a message m in plaintext • She encrypts it with the secret key: Ks{m} • She sends Ks{m} to Bob • How did Alice and Bob agree on Ks ?

  9. Tool # 2: Public-Key Cryptography • Each party maintains a key pair (Kpublic, Kprivate). • If a message is encrypted with Kpublic, it can only be decrypted with Kprivate. • If a message is encrypted with Kprivate, it can only be decrypted with Kpublic. • good encryption algorithm: private key cannot be feasibly computed from its corresponding public key. • Examples: RSA, ElGamal

  10. Convenient Key Agreement with Public-Key Cryptography • provides one answer to “How did Alice and Bob agree on Ks ?” • Alice generates a random key and encrypts it using Bob’s public key: KBOB-PUBLIC{Ks} • Only Bob has KBOB-PRIVATE, so only Bob can decrypt the secret key. • Alice and Bob no share a secret. Or do they? • “How does Bob know that the message really came from Alice?.”

  11. Authentication and Integrity with Public-Key Cryptography • Before, Alice sent KBOB-PUBLIC{Ks} • She could send KBOB-PUBLIC{Ks, KALICE-PRIVATE{Ks}} • As before, only Bob can decrypt the information • Now, Bob can use KALICE-PUBLICto decrypt KALICE-PRIVATE{Ks} • If the result is Ks then Bob knows that the key was sent by Alice and that the key has not been altered in transmission. • This is just an example to illustrate a digital signature. • “Is there a more efficient way to prove message integrity than by copying the whole thing?”

  12. Tool # 3: Message Digests • For a message m, apply a hash function H which yields a fixed-length message digest H(m) (also called a “digital fingerprint”). • good hash function: easy to compute and infeasible to compute m given H(m) • Examples: SHA-1, MD5

  13. Tool # 4: Digital Signature (using message digest) • Alice composes a message m to Bob. • She computes H(m) and encrypts it with her private key. • She sends (m, KALICE-PRIVATE {H(m)}) to Bob. • Bob, or anyone, computes H(m), and compares it to the result of decrypting KALICE-PRIVATE {H(m)} with Alice’s public key. • If they are the same, authentication and integrity have been proven.

  14. Sending secure information with PGP • Alice: composes message m for Bob • generates a random session key Ks • encrypts m: Ks{m} ( = AESENCRYPT(Ks,m)) • encrypts Kswith Bob’s public key: KBOB-PUBLIC{Ks} • computes the message digest H(m) • encrypts H(m) with her private key: KALICE-PRIVATE{H(m)} • sends this: (Ks{m}, KBOB-PUBLIC{Ks}, KALICE-PRIVATE{H(m)})

  15. Receiving Secure Information with PGP • Bob receives this: (Ks{m}, KBOB-PUBLIC{Ks}, KALICE-PRIVATE{H(m)}) • decrypts KBOB-PUBLIC{Ks}using his private key, yielding Ks • decrypts Ks{m} using Ks, yielding m • computes H(m)’ using message digest algorithm H • decrypts KALICE-PRIVATE{H(m)} using KALICE-PUBLIC yielding H(m) • compares H(m)’ to H(m)

  16. Summary • PGP combines the use of several tools • public-key cryptography, private-key cryptography, message digests • to provide all of the elements necessary for secure communication • privacy, integrity, authentication, non-repudiation

  17. Other Stuff • Can you trust that the public key you are using really belongs to the intended recipient? • Fake public keys • Authentication by trusted third party

More Related