Presentation is loading. Please wait.

Presentation is loading. Please wait.

PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.

Published byArron Arnold Modified over 8 years ago

Similar presentations

Presentation on theme: "PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security."— Presentation transcript:

1 PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security

2 Pretty Good Privacy  Introduction - BenefitsIntroduction  Services of PGPServices of PGP  Format of PGPFormat of PGP

3 IP Security IP Security Overview IP Security Architecture Authentication Header Security Associations

4 Electronic Mail Security PRETTY GOOD PRIVACY PGP provides a confidentiality & authentication service that can be used for electronic mail & file storage applications. Reasons for the explosively growth of PGP. 1.It is available free worldwide in versions that run on a variety of platforms, including DOS/Windows, UNIX, Macintosh. 2.It is based on algorithms that have survived extensive public review & are considered extremely secure. Specifically, the package includes RSA,DSS, & Diffie- Hellman for public-key encryption.

5 3. It has a wide range of applicability, from Encrypting files & Messages. 4.It was not developed by, nor is it controlled by, any governmental or standards organization.

6 Services of PGP 1.Authentication. 2.Confidentiality. 3.Compression. 4.E-mail Compatibility. 5.Segmentation.

7 Notations Used K = Session Key KRa = private key of user A. KUb = Public Key of User A. EP = Public Key Encryption. DP = Decryption of Public Key. EC = Conventional Encryption. DC = Conventional Decryption. H = Hash Function. || = Concatenation. Z = Compression using ZIP algorithm. R64 = Conversion to radix 64 ASCII format.

8 Services – Authentication & Confidentiality 1. Authentication & 2.Confidentiality

9 Authentication The Sequence is as follows: 1.The sender creates a message. 2.SHA-1 is used to generate a 160- bit hash code of the message. 3.The hash code is encrypted with RSA using the sender’s private key, & result is prepended to the message. 4.The receiver uses RSA with the sender’s public key to decrypt & recover the hash code. 5.The receiver generates a new hash code for the message & compares it with the decrypted hash code. If the two match, the message is accepted as authentic.

10 Confidentiality The Sequence is as follows : 1.The sender generates a message & a random 128-bit number to be used as a session key for this message only. 2.The message is encrypted, using 3DES (CAST-128) with the session key. 3.The session key is encrypted with RSA, using the recipient’s public key, & is prepended to the message. 4.The receiver uses RSA with its private key to decrypt & recover the session key. 5.The session key is used to decrypt the message.

11 Authentication & Confidentiality

12 Compression  PGP Compresses the message after applying the signature but before encryption.  Benefit of saving space both for E-mail transmission & for file storage. 1.The Signature is generated before compression because so that one can store only the uncompressed message together with the signature for future verification. 2.Message encryption is applied after compression to strengthen cryptographic security. Because the compressed message has less redundancy than the original plaintext, cryptanalysis is more difficult.

13 E-mail Compatibility Many Electronic Mail Systems only permit the use of blocks consisting of ASCII text. The scheme used for this purpose is radix-64 conversion. Each group of three octets of binary data is mapped into four ASCII characters. The use of radix 64 expands a message by 33%.

14 Transmission & Reception of PGP Messages.

15 Segmentation & Reassembly -Maximum Length Exceeds.

16 General Format of PGP Message

17  Message Component  Data.  Time Stamp.  File name.  Signature Component  Timestamp.  Key ID of Sender’s public key(KUa).  Leading two octets of Message Digest.  Message Digest.

18  Session Key Component  Key ID of recipient’s public key (KUb)  Session key (Ks)

19 IP Security 1.Authentication 2.Confidentiality 3.Key Management The principal feature of IPSec that enables it to support the various applications is that it can encrypt &/or authenticate all traffic at the IP level.

20 IP Security Overview

21 Benefits of IPSec  When IPSec is implemented in a firewall or router, it provides strong security & also workstation does not incur the overhead of security- related processing.  IPSec in a firewall is resistant to bypass if all traffic from the outside must use IP & the firewall is the only means of entrance from the Internet into the organization.  IPSec is below the transport layer (TCP,UDP) & so is transparent to applications. There is no need to change software on a user or server system when IPSec is implemented in the firewall or router.

22 IP Security Architecture IPSec Documents The documents are divided into seven groups, as shown 1.Architecture Covers the security requirements, definitions, & Mechanisms defining IPSec technology. 2. Encapsulating Security Payload(ESP) Covers the packet format & packet encryption algorithm & optionally Authentication.

23 3.Authentication Header (AH) : Covers the packet format & packet authentication algorithm. 4. Encryption Algorithm : A set of documents that describe how various encryption algorithms are used for ESP. 5.Authentication Algorithm : A set of documents that describe how various Authentication algorithms are used for ESP. 6. Key Management : Documents that describe key management schemes. 7. Domain of Interpretation (DOI) : It includes the identifiers for approved encryption & authentication algorithms & also key life time.

24 IPSec Services  Access Control.  Connectionless Integrity.  Data Origin authentication.  Rejection of replayed packets.  Confidentiality (Encryption).  Limited traffic flow confidentiality.

25 Authentication Header The Authentication Header provides support for data integrity & authentication of IP packets. The Authentication Header consists of the following fields (figure below)

26 The Authentication Header Consists of the following fields : 1.Next Header(8 bits) : Identifies the type of header immediately following this header. 2.Payload Length (8 bits) : Length of Authentication Header. 3.Reserved (16bits ) : For future use. 4.Security Parameters Index(32 bits) : Identifies a security association. 5.Authentication Data (variable) : Integrity Check value.

27 Transport & Tunnel Modes Two ways of IPSec Authentication Service

28 Transport Mode (a) Before Applying AH (b) Transport Mode For transport mode, Authentication covers the entire packet.

29 Tunnel Mode For Tunnel mode AH, the entire original IP packet is authenticated, & the AH is inserted between the original IP header. The inner IP header carries the ultimate source & destination addresses, while an outer IP header may contain different IP addresses (gateways).

30 Security Associations Case 1: All security is provided between the end systems that implement IPSec.( Using Secret keys)

31 Case 2: Security is provided only between gateways (Routers) & no hosts implement IPSec.

32 Case 3 : End to End + Gateways (Case 1 + Case 2)

33 Case 4 : provides support for a remote host that uses the Internet to reach an organization's firewall & then to gain access to some server or workstation behind the firewall.

Download ppt "PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Lecture 22 Internet Security Protocols and Standards

Lecture 22 Internet Security Protocols and Standards
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.

Similar presentations

Ads by Google