POSTECH ITEC559 Su 03 4 PGP PGP=Pretty Good Privacy Widely used de facto secure First released in 1991, developed by Phil Zimmerman, provoked export control and patent infringement controversy. Selected best available crypto algs to use; Integrated into a single program;
POSTECH ITEC559 Su 03 5 Pretty Good Privacy (PGP) Available on Unix, PC, Macintosh and Amiga systems ; Originally free, now have commercial versions available also. Freeware: OpenPGP and variants: –www.openpgp.org, Commercial: formerly Network Associates International, now PGP Corporation at OpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group. –www.ietf.org/html.charters/openpgp-charter.html Available as plug-in for popular clients, can also be used as stand-alone software.
POSTECH ITEC559 Su 03 6 PGP Functionality similar to S/MIME: –encryption for confidentiality. –signature for non-repudiation/authenticity. One level of processing only, so less flexible than S/MIME. Sign before encrypt, so signatures on unencrypted data - can be detached and stored separately. PGP-processed data is base64 encoded and carried inside RFC822 message body.
POSTECH ITEC559 Su 03 7 PGP Algorithms Broad range of algorithms supported: Symmetric encryption: –DES, 3DES, AES and others. Public key encryption of session keys: –RSA or ElGamal. Hashing: –SHA-1, MD-5 and others. Signature: –RSA, DSS, ECDSA and others.
POSTECH ITEC559 Su 03 8 PGP Operation – Authentication 1.Sender creates a message; 2.SHA-1 used to generate 160-bit hash code of message; 3.Hash code is encrypted with RSA using the sender's private key, and result is attached to message; 4.Receiver uses RSA or DSS with sender's public key to decrypt and recover hash code; 5.Receiver generates new hash code for message and compares with decrypted hash code, if match, message is accepted as authentic.
POSTECH ITEC559 Su 03 9 PGP Operation – Confidentiality 1.Sender generates message and random 128-bit number to be used as session key for this message only; 2.Message is encrypted, using CAST-128 / IDEA/3DES with session key; 3.Session key is encrypted using RSA with recipient's public key, then attached to message; 4.Receiver uses RSA with its private key to decrypt and recover session key; 5.Session key is used to decrypt message.
POSTECH ITEC559 Su PGP Operation – Confidentiality & Authentication Uses both services on same message: –Create signature & attach to message, –Encrypt both message & signature, –Attach RSA (or ElGamel) encrypted session key. (Stallings Fig 15.1c)
POSTECH ITEC559 Su PGP Operation – Compression By default PGP compresses message after signing but before encrypting: –So can store uncompressed message & signature for later verification, –& because compression is non deterministic; Uses ZIP compression algorithm.
POSTECH ITEC559 Su PGP Operation – Compatibility When using PGP will have binary data to send (encrypted message etc); However was designed only for text; Hence PGP must encode raw binary data into printable ASCII characters; Uses radix-64 algorithm: –Maps 3 bytes to 4 printable chars, –Also appends a CRC; PGP also segments messages if too big.
POSTECH ITEC559 Su Format of PGP Message (Stallings Fig 15.3)
POSTECH ITEC559 Su PGP Session Keys Need a session key for each message: –of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168- bit Triple-DES; Generated using ANSI X12.17 mode; Uses random inputs taken from previous uses and from keystroke timing of user; Random input is used to provide key and plaintext which is encrypted to provide session key.
POSTECH ITEC559 Su PGP Public & Private Keys Since many public/private keys may be in use, need to identify which is actually used to encrypt session key in a message; Could send full public-key with every message, but this is inefficient; Rather use a key identifier based on key: –is least significant 64-bits of the key, –will very likely be unique, Also use key ID in signatures.
POSTECH ITEC559 Su PGP Key Rings PGP supports multiple public/private keys pairs per sender/recipient. Keys stored locally in a PGP Key Ring – essentially a database of keys. Each PGP user has a pair of keyrings: –Public-key ring contains all the public-keys of other PGP users known to this user, indexed by key ID, –Private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted using a key derived from a hashed passphrase.
POSTECH ITEC559 Su PGP Key Rings (Stallings Fig 15.5)
POSTECH ITEC559 Su PGP Key Management Rather than relying on certificate authorities in PGP every user is own CA: –can sign keys for users they know directly; Forms a web of trust; –Trust keys signed by someone you trust, –Can trust keys others have signed if have a chain of signatures to them; Key ring includes trust indicators; Users can also revoke their keys.
POSTECH ITEC559 Su PGP Key Management PGP adopts a completely different trust model – the web of trust. No centralised authority like a root of trust in X.509. Individuals sign one anothers public keys, these certificates are stored along with keys in key rings. PGP computes a trust level for each public key in key ring. Users interpret trust level for themselves.
POSTECH ITEC559 Su PGP Trust Model Example (Stallings Fig 15.7)
POSTECH ITEC559 Su Key Management for PGP and S/MIME PGP and S/MIME use –public keys for encrypting session keys / verifying signatures. –private keys for decrypting session keys / creating signatures. Where do these keys come from and on what basis can they be trusted?
POSTECH ITEC559 Su PGP Trust Levels Trust levels for public keys dependent on: – number of signatures on the key; –trust level accorded to each of those signatures. Trust levels recomputed from time to time. See Stallings pp for details.
POSTECH ITEC559 Su PGP Key Mgmt Issues Original intention was that all users would contribute to web of trust. Reality is that this web is sparsely populated. How should security-unaware users assign and interpret trust levels? Later versions of PGP support X.509 certs. PGP fine for small groups and out-of-band public key distribution (eg floppy).
POSTECH ITEC559 Su Security: Beyond PGP and S/MIME PGP and S/MIME counter the basic threats to confidentiality, integrity and authenticity of quite well (assuming good key management). They dont protect against other threats (virus, DoS, disclosure, unauthorized use,…) They dont provide any protection against traffic analysis. Additional security measures are needed.
POSTECH ITEC559 Su Anti-virus and Content Filtering Supplement mail server (or client desktop?) with content filtering software –Block s with active content or specific attachment types. –Reject suspected spam . –Scan incoming and outgoing for viruses and inappropriate content. –Add legal disclaimers. –Server cannot apply content filter to encrypted ! Significant load on mail server, may annoy end users (but whose is it anyway?)
POSTECH ITEC559 Su Anti-spamming Protection Configure mail server to disallow mail relay feature. Prevents server being used as an agent to forward for third parties. Discard all from servers on Open Relay Blacklist (ORB).
POSTECH ITEC559 Su Firewalls and Mail Servers Place mail server behind a firewall in network. Configure firewall to block all external traffic to/from MTA except on port 25 (SMTP). Configure firewall to block all internal traffic to/from MTA except on ports 25, 110 (POP3) and 143 (IMAP) –and other ports as needed – eg SNMP management. Limits attack possibilities on mail server, but successful attack may give access to internal systems. –Need additional security measures on server. Other (better) firewall/mail server/border router configurations possible – see Lecture 10.
POSTECH ITEC559 Su Mail Server Hardening Take additional measures on mail server: Harden OS: –Remove unnecessary accounts, applications and network services. –Apply latest OS vulnerability patches. Harden mail server application (eg sendmail, Msoft exchange): –Use latest versions of software. –Choose appropriate configuration settings (eg limit attachment sizes, mail relay features and file permissions). Specific guidelines in NIST Report Appendices E&F.
POSTECH ITEC559 Su Mail Server Administration Log server data and review log files regularly (consider automated analysis). Keep up-to-date with latest patches and vulnerability alerts. Use only console-based administration, or use SSH if remote admin really needed. Take appropriate backups of mail server and user mail. More guidelines in NIST Report Chapter 8.
POSTECH ITEC559 Su Policy and Training Develop and publicise an policy for users –Rules of use, definitions of abuse of service, clarify ownership of . Ensure users sign-up to policy before use. Raise awareness of security issues in your organisation through training. Local policy at: centre/regulations/computer-use.asp
POSTECH ITEC559 Su Summary is routed across internal LANs and the public Internet. is subject to many threats. also enables many threats! PGP and S/MIME can address part of the problem through encryption and signature mechanisms. Addressing the remaining issues requires a careful blend of computer and network security countermeasures.
POSTECH ITEC559 Su Resources NIST Special Publication : Guidelines on Electronic Mail Security by S. Bisker, M. Tracy and W. Jansen. Available from: Stallings Chapter 5: more on PGP and S/MIME Open PGP: PGPv7 on ISG lab machines. S/MIME: charter.html All the RFCs are at as usual.www.ietf.org