Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME.

Published byEthan Shelton Modified over 7 years ago

Similar presentations

Presentation on theme: "1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME."— Presentation transcript:

1 1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME

2 2 CNLab/University of Ulsan Pretty Good Privacy (PGP)  Made by Phil Zimmermann;  Available free  Provides a confidentiality and authentication service for Email  Standardized in RFC 3156

3 3 CNLab/University of Ulsan Pretty Good Privacy (PGP) PGP services  Digital signature: DSS/SHA or RSA/SHA  Message encryption: cast-128, IDEA, or 3-DES  One-time session key for each email message  Session key distribution: Diffie-Helmann or RSA  Message compression with ZIP  Email compatible: radix-64 binary-to-ASCii conversion  Segmentation: to accommodate max message size limitations

4 4 CNLab/University of Ulsan PGP Cryptographic Functions  Authentication only EP: public-key Enc. EC: secret-key Enc. H: hashing Z: compression

5 5 CNLab/University of Ulsan PGP Cryptographic Functions  Confidentiality only EP: public-key Enc. EC: secret-key Enc. H: hashing Z: compression E KUb [K s ]

6 6 CNLab/University of Ulsan PGP Cryptographic Functions  Confidentiality and authentication EP: public-key Enc. EC: secret-key Enc. H: hashing Z: compression

7 7 CNLab/University of Ulsan PGP Cryptographic Keys  One-time session key  A random session key is generated by sender for each message  Public and private keys  PGP allows users to have multiple public/private key pairs.  Session key is encrypted using one of the recipient’s public keys.  Sender sends the keyID (the least significant 64 bits of the key) of the public key used for the encryption.  Passphrase-based encryption of private key  Users store their own private key in encrypted form.  Password used to encrypt the owner’s private key.

8 8 CNLab/University of Ulsan PGP Packet Format  A PGP message consists of  Message packet  Signature packet  Session key packet  Packet format Packet header Packet body Packet tag Packet length Packet tag: denotes the type of packet in the packet body

9 9 CNLab/University of Ulsan PGP Message Format  Message component  Data to be transmitted  Signature component  Timestamp: time at which the signature is made  Message digest: 160-bit SHA digest encrypted with sender’s private key  keyID of sender’s public key  Session key component  Session key  keyID of recipient’s public key used to encrypt session key

10 10 CNLab/University of Ulsan PGP Message Format

11 11 CNLab/University of Ulsan PGP Key Rings  Private-key ring  Stores the public/private key pairs owned by that node  Private keys are encrypted using a key based on the user’s passphrase (SHA hash code of the passphrase)

12 12 CNLab/University of Ulsan PGP Key Rings  Public-key ring  PGP allows multiple public/private key pairs foe each user  Stores other’s public keys known at this node  Public keys can be obtained in various ways

13 13 CNLab/University of Ulsan PGP Key Rings  Public-key ring  Owner trust: trust value for the key owner; assigned by the user when the user enters a new public key; unknown, untrusted, marginally trusted, completely trusted  Signatures: signatures attached to the key  Signature trusts: trust value for the owner of this signature attached to the key; “unknown” value is assigned if the owner is not known  Key legitimacy: the extent to which PGP will trust the key; derived from the values in the signature trusts fields; weighted sum of the trust values of the signatures

14 14 CNLab/University of Ulsan PGP Trust Model  User A may obtain B’s public key:  physically get the key from B.  obtain B’s key from a mutual trusted individual D.  obtain and verify B’s key by telephone.  obtain B’s key from a trusted certifying authority.

15 15 CNLab/University of Ulsan PGP Trust Model  When a new public key is inserted on public-key ring  assigns the trust value of the key’s owner given by the user  the trust value for each signature attached at the key is given to the OwnerTrust value for the owner of the signature; if the owner for the signature is not in the key ring, it is given to a unknown user value  Key legitimacy value is calculated based on the signature trust fields present in the entry

16 16 CNLab/University of Ulsan PGP Trust Model PGP trust model example (public-key ring)  The user signs keys whose owners are fully or partly trusted (except L).  One trusted signature or two partly trusted signatures are sufficient to certify a key, but the key’s owner may not be trusted.  Key revocation by issuing a key revocation certificate

17 17 CNLab/University of Ulsan S/MIME  Industrial standard for commercial and organizational use  RFC 822  Traditional email format for transmitting text messages  Header + blankLine + Body

18 18 CNLab/University of Ulsan MIME  MIME (Multipurpose Internet Mail Extensions)  Extends RFC822 to resolve problems of traditional email  New headers  MIME-Version:  Content-Type: type of content in the message body (text/plain, multipart/mixed, video/mpeg, …)  Content-Transfer-Encoding: type of transmission of the message body to be transmitted by the MTA  Content-ID: to overcome the mail size limitations  Content-Description:

19 19 CNLab/University of Ulsan MIME MIME content types  Type: major type  Text, multipart, message, image, video, audio, application  Subtype: minor type  Text: plain, enriched  Multipart: mixed, parallel, alternative, digest  Image: jpeg, gif,  Application: PostScript, Octet-stream, …

20 20 CNLab/University of Ulsan S/MIME Functionality  Enveloped data: encrypted data and encrypted encryption key  Signed data: content + digital signature; encoded using base64 encoding  Clear-signed data: content + digital signature; only digital signature is encoded using base64 encoding  Signed and enveloped data: content + digital signature; encrypted using a key

21 21 CNLab/University of Ulsan S/MIME Cryptographic Algorithms  Encryption: 3DES, 40bit RC2  Digital signature: DSS, 160bit SHA-1, 128bit MD5  Session key encryption: Diffie-Hellmann, RSA  Sending agent and receiving agent determines the encryption algorithm via negotiation.

22 22 CNLab/University of Ulsan S/MIME Public Key Management  S/MIME key management: a hybrid of X.509 and PGP key management model  Certificates are managed locally but the certificates are signed by certification authorities  S/MIME user agent  generate his own public/private pairs  register the public key and receive X.590 certificate for the key  store other’s certificates in a local storage and verify the incoming certificates

Download ppt "1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME."

Similar presentations

Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Lecture 12 e-mail Security. Summary  PEM  secure email  PGP  S/MIME.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Electronic Mail Security

Electronic Mail Security
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.

1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.
Cryptography and Network Security Chapter 18

Cryptography and Network Security Chapter 18
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
Chap 81 Electronic mail security. Chap 82 Outline Pretty good privacy S/MIME Recommended web sites.

Chap 81 Electronic mail security. Chap 82 Outline Pretty good privacy S/MIME Recommended web sites.

Similar presentations

Ads by Google