4PGP PGP=“Pretty Good Privacy” Widely used de facto secure email First released in 1991, developed by Phil Zimmerman, provoked export control and patent infringement controversy.Selected best available crypto algs to use;Integrated into a single program;
5Pretty Good Privacy (PGP) Available on Unix, PC, Macintosh and Amiga systems ;Originally free, now have commercial versions available also.Freeware: OpenPGP and variants:Commercial: formerly Network Associates International, now PGP Corporation atOpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group.Available as plug-in for popular clients, can also be used as stand-alone software.
6PGP Functionality similar to S/MIME: encryption for confidentiality.signature for non-repudiation/authenticity.One level of processing only, so less flexible than S/MIME.Sign before encrypt, so signatures on unencrypted data - can be detached and stored separately.PGP-processed data is base64 encoded and carried inside RFC822 message body.
7PGP Algorithms Broad range of algorithms supported: Symmetric encryption:DES, 3DES, AES and others.Public key encryption of session keys:RSA or ElGamal.Hashing:SHA-1, MD-5 and others.Signature:RSA, DSS, ECDSA and others.
8PGP Operation – Authentication Sender creates a message;SHA-1 used to generate 160-bit hash code of message;Hash code is encrypted with RSA using the sender's private key, and result is attached to message;Receiver uses RSA or DSS with sender's public key to decrypt and recover hash code;Receiver generates new hash code for message and compares with decrypted hash code, if match, message is accepted as authentic.
9PGP Operation – Confidentiality Sender generates message and random 128-bit number to be used as session key for this message only;Message is encrypted, using CAST-128 / IDEA/3DES with session key;Session key is encrypted using RSA with recipient's public key, then attached to message;Receiver uses RSA with its private key to decrypt and recover session key;Session key is used to decrypt message.
11PGP Operation – Confidentiality & Authentication Uses both services on same message:Create signature & attach to message,Encrypt both message & signature,Attach RSA (or ElGamel) encrypted session key.(Stallings Fig 15.1c)
12PGP Operation – Compression By default PGP compresses message after signing but before encrypting:So can store uncompressed message & signature for later verification,& because compression is non deterministic;Uses ZIP compression algorithm.
13PGP Operation – Email Compatibility When using PGP will have binary data to send (encrypted message etc);However was designed only for text;Hence PGP must encode raw binary data into printable ASCII characters;Uses radix-64 algorithm:Maps 3 bytes to 4 printable chars,Also appends a CRC;PGP also segments messages if too big.
16PGP Session Keys Need a session key for each message: of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES;Generated using ANSI X12.17 mode;Uses random inputs taken from previous uses and from keystroke timing of user;Random input is used to provide key and plaintext which is encrypted to provide session key.
17PGP Public & Private Keys Since many public/private keys may be in use, need to identify which is actually used to encrypt session key in a message;Could send full public-key with every message, but this is inefficient;Rather use a key identifier based on key:is least significant 64-bits of the key,will very likely be unique,Also use key ID in signatures.
18PGP Key RingsPGP supports multiple public/private keys pairs per sender/recipient.Keys stored locally in a PGP Key Ring – essentially a database of keys.Each PGP user has a pair of keyrings:Public-key ring contains all the public-keys of other PGP users known to this user, indexed by key ID,Private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted using a key derived from a hashed passphrase.
20PGP Key ManagementRather than relying on certificate authorities in PGP every user is own CA:can sign keys for users they know directly;Forms a “web of trust”;Trust keys signed by someone you “trust”,Can trust keys others have signed if have a chain of signatures to them;Key ring includes trust indicators;Users can also revoke their keys.
21PGP Key ManagementPGP adopts a completely different trust model – the web of trust.No centralised authority like a root of trust in X.509.Individuals sign one another’s public keys, these “certificates” are stored along with keys in key rings.PGP computes a trust level for each public key in key ring.Users interpret trust level for themselves.
23Key Management for PGP and S/MIME PGP and S/MIME usepublic keys for encrypting session keys / verifying signatures.private keys for decrypting session keys / creating signatures.Where do these keys come from and on what basis can they be trusted?
24PGP Trust Levels Trust levels for public keys dependent on: number of signatures on the key;trust level accorded to each of those signatures.Trust levels recomputed from time to time.See Stallings pp for details.
25PGP Key Mgmt IssuesOriginal intention was that all users would contribute to web of trust.Reality is that this web is sparsely populated.How should security-unaware users assign and interpret trust levels?Later versions of PGP support X.509 certs.PGP fine for small groups and out-of-band public key distribution (eg floppy).
26E-mail Security: Beyond PGP and S/MIME PGP and S/MIME counter the basic threats to confidentiality, integrity and authenticity of quite well (assuming good key management).They don’t protect against other threats (virus, DoS, disclosure, unauthorized use,…)They don’t provide any protection against traffic analysis.Additional security measures are needed.
27Anti-virus and Content Filtering Supplement mail server (or client desktop?) with content filtering softwareBlock s with active content or specific attachment types.Reject suspected spam .Scan incoming and outgoing for viruses and inappropriate content.Add legal disclaimers.Server cannot apply content filter to encrypted !Significant load on mail server, may annoy end users (but whose is it anyway?)
28Anti-spamming Protection Configure mail server to disallow mail relay feature.Prevents server being used as an agent to forward for third parties.Discard all from servers on Open Relay Blacklist (ORB).
29Firewalls and Mail Servers Place mail server behind a firewall in network.Configure firewall to block all external traffic to/from MTA except on port 25 (SMTP).Configure firewall to block all internal traffic to/from MTA except on ports 25, 110 (POP3) and 143 (IMAP)and other ports as needed – eg SNMP management.Limits attack possibilities on mail server, but successful attack may give access to internal systems.Need additional security measures on server.Other (better) firewall/mail server/border router configurations possible – see Lecture 10.
30Mail Server Hardening Take additional measures on mail server: Harden OS:Remove unnecessary accounts, applications and network services.Apply latest OS vulnerability patches.Harden mail server application (eg sendmail, M’soft exchange):Use latest versions of software.Choose appropriate configuration settings (eg limit attachment sizes, mail relay features and file permissions).Specific guidelines in NIST Report Appendices E&F.
31Mail Server Administration Log server data and review log files regularly (consider automated analysis).Keep up-to-date with latest patches and vulnerability alerts.Use only console-based administration, or use SSH if remote admin really needed.Take appropriate backups of mail server and user mail.More guidelines in NIST Report Chapter 8.
33E-mail Policy and Training Develop and publicise an policy for usersRules of use, definitions of abuse of service, clarify ownership of .Ensure users sign-up to policy before use.Raise awareness of security issues in your organisation through training.Local policy at:
34Summary E-mail is routed across internal LANs and the public Internet. is subject to many threats.also enables many threats!PGP and S/MIME can address part of the problem through encryption and signature mechanisms.Addressing the remaining issues requires a careful blend of computer and network security countermeasures.
35E-mail Resources NIST Special Publication 800-45: Guidelines on Electronic Mail Security by S. Bisker, M. Tracy and W. Jansen. Available from:Stallings Chapter 5: more on PGP and S/MIMEOpen PGP:PGPv7 on ISG lab machines.S/MIME:All the RFCs are at as usual.