Presentation is loading. Please wait.

Presentation is loading. Please wait.

K. U. Khimani Asst. Prof. IT Dept. VVP Engineering College

Published byTracey Bishop Modified over 6 years ago

Similar presentations

Presentation on theme: "K. U. Khimani Asst. Prof. IT Dept. VVP Engineering College"— Presentation transcript:

1 K. U. Khimani Asst. Prof. IT Dept. VVP Engineering College
Security K. U. Khimani Asst. Prof. IT Dept. VVP Engineering College

2 PGP Developed by Phil Zimmerman in 1995.
Documentation and source code is freely available. The package is independent of operating system and processor. PGP popularity and use have grown extensively since 1995. Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

3 PGP PGP combines the best available cryptographic algorithms to achieve secure communication. It is assumed that all users are using public key cryptography and have generated a private/public key pair. Either RSA (with RSA digital signatures) or El Gamal can be used. All users also use a symmetric key system such as triple DES or Rijndael. Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

4 PGP PGP offers 5 services: 1. Authentication 2. Confidentiality
3. Compression 4. compatibility 5. Segmentation Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

5 PGP Authentication This is a digital signature scheme with hashing.
1. Alice has (private/public) key pair and she wants to send a digitally signed message to Bob. 2. Alice hashes the message using SHA-1 3. Alice encrypts the hash using her private key to obtain cipher text 4. Alice sends Bob the pair (message and cipher) 5. Bob receives message and cipher and decrypts using Alice's public key to obtain signature. Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

6 PGP Authentication 6. If hash values are equal, then
Bob is sure that the message is correct and that is does come from Alice. Furthermore Alice cannot later deny sending the message since only Alice has access to her private key which works in conjunction with the public key. Message is authenticated Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

7 PGP Confidentiality 1. Alice wishes to send Bob a confidential message m. 2. Alice generates a random session key k for a symmetric cryptosystem. 3. Alice encrypts session key using Bob’s public key and obtains k’ 4. Alice encrypts the message m with the session key k to get cipher text k 5. Alice sends Bob the values (k’,c) 6. Bob receives the values (k’,c) and decrypts k’ using his private key to obtain k. Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

8 PGP Confidentiality 1. Bob uses the session key k to decrypt the ciphertext c and recover the message 2. Public and symmetric key cryptosystems are combined in this way to provide security for key exchange and then efficiency for encryption. The session key k is used only to encrypt message m and is not stored for any length of time. Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

9 PGP Authentication and Confidentiality
The schemes for authentication and confidentiality can be combined so that Alice can sign a confidential message which is encrypted before transmission. The steps required are as follows: Alice generates a signature c for her message m as in the Authentication scheme. Alice generates a random session key k and encrypts the message m and the signature c using a symmetric cryptosystem to obtain cipher text C.

10 PGP Authentication and Confidentiality
She encrypts the session key k using Bob’s public key Alice sends Bob the values (k’,C) Bob receives k’ and C and decrypts k’ using his private key to obtain the session key k. Bob decrypts the ciphertext C using the session key k to obtain m and c Bob now has the message m. In order to authenticate it he uses Alice’s public key to decrypt the signature c and hashes the message m using SHA-1. Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

11 PGP Compression PGP can also compress the message if desired.
The compression algorithm is ZIP and the decompression algorithm is UNZIP. The original message m is signed as before Now the original message m is compressed Alice generates a session key k and encrypts the compressed message and the signature using the session key The session key is encrypted using Bob’s public key as before. Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

12 PGP Compression Alice sends Bob the encrypted session key and ciphertext C. Bob decrypts the session key using his private key and then uses the session key to decrypt the ciphertext C to obtain M and c Bob decompresses the message M to obtain the original message m Now Bob has the original message m and signature c. He verifies the signature using SHA-1 and Alice’s public key as before. Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

13 PGP Compression Note that the compression is applied after signing (due to implementation of ZIP) but before encryption (this strengthens the security of the scheme since the message has less redundancy after compression). Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

14 PGP Email Compatibility
To provide transparency for applications, an encrypted message may be converted to an ASCII string using radix 64 conversion at sender side. On reception, the incoming block is first converted back from radix-64 format to binary. Then, if the message is encrypted, the recipient recovers the session key and decrypts the message. Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

15 PGP Segmentation and Reassembly
facilities often are restricted to a maximum message length. Any message longer than that must be broken up into smaller segments, each of which is mailed separately. Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

16 PGP Segmentation and Reassembly
At the receiving end, PGP must strip off all headers and reassemble the entire original block. To accommodate this restriction, PGP automatically subdivides a message that is too large into segments that are small enough to send via . Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

17 PGP Message Format Message component – the actual data to be transmitted + a filename + a timestamp Signature component – timestamp + hash of message and timestamp + first part of message (so user can check that they are decrypting correctly) + Key ID of sender’s public key (PUa) Session Key component – session key + key ID of recipient’s public key (PUb) Kerberos is an authentication service developed as part of Project Athena at MIT, and is one of the best known and most widely implemented trusted third party key distribution systems. Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use: v4 & v5.

18 S/MIME S/MIME (Secure/ Multipurpose Internet Mail Extension) is a security enhancement to the MIME Internet format standard, based on technology from RSA Data Security. S/MIME provides… Authentication Message Integrity Non-repudiation of origin… Using digital signature Privacy and data security… Using encryption

19 MIME Header Fields The five header fields defined in MIME are as follows: MIME-Version: Must have the parameter value 1.0. This field indicates that the message conforms to RFCs 2045 and 2046. Content-Type: Describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user or otherwise deal with the data in an appropriate manner.

20 MIME Header Fields Content-Transfer-Encoding: Indicates the type of transformation that has been used to represent the body of the message in a way that is acceptable for mail transport. Content-ID: Used to identify MIME entities uniquely in multiple contexts. Content-Description: A text description of the object with the body; this is useful when the object is not readable (e.g., audio data).

21 MIME Content Types Type Sub Description Text Multipart Message Plain
Enriched Unformatted text (ASCII or ISO 8859). Provides greater format flexibility. Multipart Mixed Parallel Alternative Digest The different parts are independent but are to be transmitted together. Should be presented to the receiver in their original order. Differs from mixed only in that no order is defined. The different parts are alternative versions of the same information. Similar to Mixed but the default type/subtype of each part is message/rfc822. Message rfc822 Partial External body The body is itself an encapsulated message that conforms to RFC822. Used to allow fragmentation in a transparent way to the recipient. Contains a pointer to an object exists else where.

22 MIME Content Types Type Subtype Description Image Video Audio
Jpeg gif The image is in JPEG format. The image is in GIF format. Video Mpeg MPEG format. Audio Basic Single-channel 8-bit ISDN mu-law encoding at a sample rate of 8kHz Application Postscript Octet-stream Adobe Postscirpt. General binary data consisting of 8-bit bytes.

23 S/MIME Functions Enveloped data: This consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients. Signed data: A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer. The content plus signature are then encoded using base64 encoding. A signed data message can only be viewed by a recipient with S/MIME capability.

24 S/MIME Functions Clear-signed data: As with signed data, a digital signature of the content is formed. However, in this case, only the digital signature is encoded using base64. As a result, recipients without S/MIME capability can view the message content, although they cannot verify the signature. Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted.

Download ppt "K. U. Khimani Asst. Prof. IT Dept. VVP Engineering College"

Similar presentations

1 Pretty Good Privacy (PGP) Security for Electronic Email.

1 Pretty Good Privacy (PGP) Security for Electronic .
TOPIC : MIME (Multipurpose Internet Mail Extensions ) By: Cecilia Gomes COSC 541,DATA COMMUNICATION SYSTEMS & NETWORKS Instructor: Prof. Anvari (SEU)

TOPIC : MIME (Multipurpose Internet Mail Extensions ) By: Cecilia Gomes COSC 541,DATA COMMUNICATION SYSTEMS & NETWORKS Instructor: Prof. Anvari (SEU)
Cryptography and Network Security Sixth Edition by William Stallings.

Cryptography and Network Security Sixth Edition by William Stallings.
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Electronic Mail Security

Electronic Mail Security
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
Electronic mail security. Outline Pretty good privacy S/MIME.

Electronic mail security. Outline Pretty good privacy S/MIME.

Similar presentations

Ads by Google