Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Houston Network Security Datacom II Lecture 8

Published byShannon Hawkins Modified over 5 years ago

Similar presentations

Presentation on theme: "University of Houston Network Security Datacom II Lecture 8"— Presentation transcript:

1 University of Houston Network Security Datacom II Lecture 8
Dr Fred L Zellner 11/14/2018 Datacom II Spring

2 The Tower Commission Report to President Reagan on Iran-Contra Affair, 1987
Despite the refusal of VADM Poindexter and LtCol North to appear, the Board’s access to other sources of information filled much of this gap. The FBI provided documents taken from files of the National Security Advisor and relevant NSC staff members, including messages from the PROF system between VADM Poindexter and LtCol North. The PROF messages were conversations by computer, written at the time events occurred and presumed by the writers to be protected from disclosure. In this sense, they provide a first-hand, contemporaneous account of events 11/14/2018 Datacom II Spring

3 In virtually all distributed environments, electronic mail is the most heavily used network-based application It is also the only distributed application that is widely used across all architectures and vendor platforms With the explosively growing reliance on electronic mail for every conceivable purpose, there grows a demand for authentication and confidentiality services Two schemes stand out as approaches that are likely to enjoy widespread use in the next few years: pretty good privacy (PGP) and S/MIME 11/14/2018 Datacom II Spring

4 PRETTY GOOD PRIVACY (PGP)
Largely a single effort of Phil Zimmermann PGP provides confidentiality and authentication service that can be used for electronic mail and file storage applications. It has the following ingredients Best available cryptographic algorithms as building blocks Integration of these algorithms into a general-purpose application that is independent of operating system and processor and that is based on small easy-to-use commands The package, its documentation, including the source code freely available via the Internet 11/14/2018 Datacom II Spring

5 Reasons for PGP’s growth
It is available free worldwide in versions that run on a variety of platforms, including DOS/Windows, UNIX, Macintosh and many more. It is based on algorithms that have survived extensive public review and are considered extremely secure. Specifically, the package includes RSA, DSS, and Diffie-Hellman for public-key encryption; CAST-128, IDEA, and 3DES for conventional encryption; and SHA-1 for hash coding It has a wide range of applicability, from corporations that wish to select and enforce a standardized scheme for encrypting files and messages to individuals who wish to communicate securely with others worldwide over Internet and other networks 11/14/2018 Datacom II Spring

6 Reasons for PGP’s growth contd…
It was not developed by, nor is it controlled by, any governmental or standards organization We now look at the operation of PGP. The common notations used are: 11/14/2018 Datacom II Spring

7 Operational Description
Consists of five services: Authentication Confidentiality Compression compatibility and, Segmentation The next slide shows a summary of PGP Services 11/14/2018 Datacom II Spring

8 Summary of PGP Services
11/14/2018 Datacom II Spring

9 Authentication The sender creates a message
SHA-1 is used to generate a 160-bit hash code of the message The has code is encrypted with RSA using the sender’s private key, and the result is prepended to the message The receiver uses RSA with the sender’s public key to decrypt and recover the hash code The receiver generates a new hash code for the message and compares it with the decrypted hash code. If the two match, the message is accepted as authentic 11/14/2018 Datacom II Spring

10 Authentication The combination of SHA-1 and RSA provides an effective digital signature scheme Because of the strength of RSA, the recipient is assured that only the possessor of the matching private key can generate the signature Because of the strength of SHA-1, the recipient is assured that no one else could generate a new message that matches the hash code and, hence, the signature of the original message The next slide shows authentication function 11/14/2018 Datacom II Spring

11 Authentication Function
11/14/2018 Datacom II Spring

12 Confidentiality This service is provided by encrypting the messages
Usually CAST-128, else IDEA or 3DES may be used The sender generates a message and a random 128-bit number to be used as a session key for this message only The message is encrypted, using CAST-128 (or IDEA or 3DES) with the session key The session key is encrypted with RSA, using the recipient’s public key, and is prepended to the message The receiver uses RSA with its private key to decrypt and recover the session key The session key is used to decrypt the message 11/14/2018 Datacom II Spring

13 Confidentiality To reduce encryption time the combination of conventional and public-key encryption is used in preference to simply using RSA: CAST-128 and the other conventional algorithms are substantially faster than RSA The use of public-key algorithm solves the session key distribution problem, because only the recipient is able to recover the session key that is bound to the message Each message is a one-time independent event with its own key The next slide shows only the Confidentiality function 11/14/2018 Datacom II Spring

14 Confidentiality Function
11/14/2018 Datacom II Spring

15 Confidentiality and Authentication
Both the services may be used for the same message A signature is generated for the plaintext message and prepended to the message Then the plaintext message plus signature is encrypted using CAST-128 and the session key is encrypted using RSA In summary, when both the services are used, the sender first signs the message with it own private key, then encrypts the message with a session key, and then encrypts the session key with the recipient’s public key The next slide shows the combination of both the functions 11/14/2018 Datacom II Spring

16 Confidentiality and Authentication
11/14/2018 Datacom II Spring

17 Compression As a default, PGP compresses the message after applying the signature but before encryption The compression algorithm used is ZIP The signature is generated before compression because it is preferable to sign an uncompressed message so that one can store only the uncompressed message together with the signature for future verification Message encryption is applied after compression to strengthen cryptographic security. Because the compressed message has less redundancy than the original plaintext, cryptanalysis is more difficult 11/14/2018 Datacom II Spring

18 Compatibility Part or all of the resulting block, from PGP, consists of a stream of arbitrary 8-bit octets, due to the different encryption stages involved However, many electronic mail systems only permit the use of blocks consisting of ASCII text To accommodate this restriction, PGP provides the service of converting the raw 8-bit binary stream printable ASCII characters The scheme used for this purpose is radix-64 conversion 11/14/2018 Datacom II Spring

19 E-mail Compatibility contd…
Each group three octets of binary data is mapped into four ASCII characters This format appends a CRC to detect transmission errors The use of radix 64 expands a message by 33% The compression stage usually takes care of the expansion Radix-64 blindly converts any input and so even if a message is signed but not encrypted, after conversion it is unreadable to casual observer, providing a certain level of confidentiality On reception, the incoming block is first converted back from radix-64 format to binary and the other processes of decryption and message determination are carried out 11/14/2018 Datacom II Spring

20 Segmentation and Reassembly
facilities are often restricted to a maximum message length.Any message longer than that must be broken up into smaller segments, each is mailed separately To accommodate this PGP automatically subdivides a message that is too large into smaller segments that are small enough to send via The segmentation is done after all the other processing, including the radix-64 conversion At the receiving end, PGP strips off all headers and reassembles the entire original block, before the other operations are performed The next slide shows the transmission and reception block diagrams for PGP 11/14/2018 Datacom II Spring

21 Transmission and Reception of PGP Messages
11/14/2018 Datacom II Spring

22 Cryptographic Keys and Key Rings
PGP makes use of four types of keys: One-time session conventional keys Public keys Private keys and Paraphrase-based conventional keys The requirements for these keys being: A means for generating unpredictable session keys Allow user multiple public/private key pairs Each PGP entity must maintain a file of its own public/private key pairs as well as a file of public keys of correspondents 11/14/2018 Datacom II Spring

23 Session Key Generation
Each session key is associated with a single message and is used only for the purpose of encrypting and decrypting that message. The “plaintext” input to the random number generator, consisting of two 64-bit blocks, is derived from a stream of 128-bit randomized numbers.These numbers are based on keystroke input from user Both the keystroke timing and the actual keys struck are used to generate the randomized stream.Thus, if the user hits arbitrary keys at his or her normal pace, a reasonably random input will be generated This random input is also combined with the session key output from CAST-128 to form the key input to the generator The result, given the effective scrambling of CAST-128, is to produce a sequence of session keys that is effectively unpredictable 11/14/2018 Datacom II Spring

24 Key Identifiers An encrypted message is accompanied by an encrypted form of session key that was used If each user employed a single public/private key pair, then the recipient would automatically know which key to use to decrypt the session key But if a user has multiple public/private key pairs, how does the recipient know which key to use for decryption One simple solution would be to transmit the public key with the message and the recipient could verify later that it is one of his public keys and use the same But this scheme would be an unnecessary waste of space 11/14/2018 Datacom II Spring

25 Key Identifiers contd…
The solution adopted by PGP is to assign a key ID to each public key that is, with very high probability, unique with a user ID The key ID associated with each public key consists of its least significant 64 bits. That is, the key ID of public key KUa is (KUa mod 264). This is a sufficient length that the probability of duplicate key IDs is very small A key ID is also required for the PGP digital signature. The digital signature component of a message includes the 64-bit key ID of the required public key When the message is received, the recipient verifies that the key ID is for a public key that it knows for that sender and then proceeds to verify the signature 11/14/2018 Datacom II Spring

26 PGP message A message consists of three components: the message component, a signature, and a session key component The message component includes the actual data, the filename and a timestamp that specifies time of creation The signature component includes the following: Timestamp Message Digest Leading two octets of message digest Key ID of sender’s public key 11/14/2018 Datacom II Spring

27 PGP message The message component and optional signature component may be compressed using ZIP and may be encrypted using a session key The session key component includes the session key and the identifier of the recipient’s public key that was used by the sender to encrypt the session key The entire block is usually encoded with radix-64 encoding The general format of PGP message is shown in the next slide 11/14/2018 Datacom II Spring

28 General Format of PGP Message
11/14/2018 Datacom II Spring

29 Key Rings Key IDs are critical to the operation
These keys need to be stored and organized in a systematic way for efficient and effective use by all parties The scheme used in PGP is to provide a pair of data structures at each node, one to store the public/private key pairs owned by that node and one to store the public keys of other users known at this node These data structures are referred to, respectively, as the private-key ring and the public-key ring 11/14/2018 Datacom II Spring

30 Private-key Ring We can view the ring as a table, in which each row represents one of the public/private key pairs owned by this user. Each row contains the following entries: Timestamp Key ID Public Key Private key User ID 11/14/2018 Datacom II Spring

31 Public-key Ring This data structure is used to to store public keys of other users that are known to this user The following fields are present: Timestamp Key ID Public Key User ID The public-key can be indexed by either User ID or Key ID The Public-Key Ring structure is as shown in the next slide 11/14/2018 Datacom II Spring

32 Private and Public-Key Rings structure
11/14/2018 Datacom II Spring

33 Procedure for generating keys
The user selects a passphrase to be used for encrypting private keys When the system generates a new public/private key pair using RSA, it asks the user for the passphrase. Using SHA-1, a 160-bit hash code is generated from the passphrase, and the passphrase is discarded The system encrypts the private key using the CAST-128 with the 128 bits of the hash code as the key. The hash code is then discarded, and the encrypted private key is stored in the private-key ring 11/14/2018 Datacom II Spring

34 1. Signing the message PGP retrieves the sender’s private key from the private-key ring using your_userid as an index. If your_userid was not provided in the command, the first private key on the ring is retrieved. PGP prompts the user for the passphrase to recover the unencrypted private key The signature component of the message is constructed 11/14/2018 Datacom II Spring

35 2. Encrypting the message
PGP generates a session key and encrypts the message PGP retrieves the recipient’s public key from the public-key ring using her_userid as an index The session key component of the message is constructed 11/14/2018 Datacom II Spring

36 3. Decrypting the message
The receiving PGP entity performs the following steps: PGP retrieves the receiver’s private key from the private-key ring, using the Key ID field in the session key component of the message as an index PGP prompts the user for the passphrase to recover the unencrypted private key PGP then recovers the session key and decrypts the message 11/14/2018 Datacom II Spring

37 4. Authenticating the message
PGP retrieves the sender’s public key from the public-key ring, using the Key ID field in the signature key component of the message as an index PGP recovers the transmitted message digest PGP computes the message digest for the received message and compares it to the transmitted message digest to authenticate The next two slides show the same 11/14/2018 Datacom II Spring

38 PGP message Generation
11/14/2018 Datacom II Spring

39 PGP message reception 11/14/2018 Datacom II Spring

40 S/MIME S/MIME is a security enhancement to the MIME Internet format standard To understand S/MIME, we will look at MIME first To understand the significance of MIME, we will go back to RFC 822, which is still in common use RFC 822 defines a format for text messages that are sent using electronic mail The overall structure of a message that confirms to RFC 822 consists of some number of header lines followed by unrestricted text The header is separated from body by a blank line 11/14/2018 Datacom II Spring

41 RFC 822/SMTP A header line usually consists of a keyword, followed by a colon, followed by the keyword’s arguments; the format allows a long line to be broken up into several lines The most frequently used keywords are From, To, Subject, and Date. 11/14/2018 Datacom II Spring

42 MIME (Multipurpose Internet Mail Extensions)
MIME is an extension intended to address some of the problems and limitations in SMTP. Some are as listed SMTP cannot transmit executables or binary objects SMTP cannot transmit text data that includes national language characters because these are represented by 8-bit codes with values of 128 decimal or higher as SMTP is limited to 7-bit ASCII SMTP servers may reject mail message over a certain size SMTP gateways that translate between ASCII and EBCDIC do not use consistent set of mappings SMTP gateways to X.400 networks cannot handle nontextual data included in X.400 messages 11/14/2018 Datacom II Spring

43 Overview of MIME Five new message header fields are defined, which may be included in an RFC 822 header. These fields provide information about the body of the message A number of content formats are defined, thus standardizing representations that support multimedia electronic mail Transfer encodings are defined that enable the conversion of any content format into a form that is protected from alteration by the mail system 11/14/2018 Datacom II Spring

44 The five message headers
MIME-Version Content-Type: Describes the data contained Content-Transfer-Encoding: Indicates the type of transformation that has been used to represent the body of the message Content-ID: Used to identify MIME entities uniquely in multiple contexts Content Description: A text description of the object with the body, that is not readable, e.g. audio 11/14/2018 Datacom II Spring

45 MIME Content Types 11/14/2018 Datacom II Spring

46 MIME Transfer Encodings
11/14/2018 Datacom II Spring

47 S/MIME Functionality Enveloped data: This consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients Signed data: A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer. The content plus signature are then encoded using base64 encoding. This can viewed by recipient with S/MIME only Clear-signed data: As with signed data, a digital signature of the content is formed. However, only the digital signature is encoded using base 64 Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted 11/14/2018 Datacom II Spring

48 Cryptographic algorithms used in S/MIME
11/14/2018 Datacom II Spring

49 Rules for the sending agent
If the sending agent has a list of preferred decrypting capabilities from an intended recipient, it SHOULD choose the first capability on the list it is capable of using If the sending agent does not have such list of capabilities from an intended recipient but has received one or more messages from the recipient, then the outgoing message SHOULD use the same encryption algorithm as was used on the last signed and encrypted message received If the sending agent has no knowledge about the decryption capabilities of the intended recipient and is willing to risk that the recipient may not be able to decrypt the message, the sending agent SHOULD use tripleDES 11/14/2018 Datacom II Spring

50 Rules contd… If the sending agent has no knowledge about the decryption capabilities of the intended recipient and is not willing to risk that the recipient may not be able to decrypt the message, then the sending agent must use RC2/40 If the message has to be sent to multiple recipients and a common encryption algorithm cannot be selected for all, then the sending agent will need to send two messages 11/14/2018 Datacom II Spring

51 S/MIME Content types 11/14/2018 Datacom II Spring

52 S/MIME Certificate Processing
It uses public-key certificates that confirm to version 3 of X.509 As with PGP model, S/MIME managers and/or users must configure each client with a list of trusted keys and with certificate revocation lists That is the responsibility is local for maintaining the certificates needed to verify incoming signatures and to encrypt outgoing messages The certificates are signed by certification authorities 11/14/2018 Datacom II Spring

53 User Agent role Key generation: The user of some related administrative utility MUST be capable of generating separate Diffie-Hellman and DSS key pair and SHOULD be capable of generating RSA key pairs. Each key pair MUST be generated from a good source of non-deterministic random input and be protected in a secure fashion Registration: A user’s public key must be registered with a certification authority in order to receive an X.509 public-key certificate Certificate storage and retrieval: A user requires access to a local list of certificates in order to verify incoming signatures and to encrypt outgoing messages 11/14/2018 Datacom II Spring

54 Verisign Certificates
VeriSign provides a CA service that is intended to be compatible with S/MIME and variety of other applications VeriSign issues X.509 certificates with the product name VeriSign Digital ID Each Digital ID contains: Owner’s public key Owner’s name and aliases Expiration date of the Digital ID Serial number of Digital ID Name of the certification authority that issued Digital ID Digital signature of the certification authority that issued Digital ID, Address, address and basic registration information 11/14/2018 Datacom II Spring

55 VeriSign Public-Key Certificate Classes
11/14/2018 Datacom II Spring

56 Recommended Reading Computer Networks, Larry L. Peterson/Bruce L Davie—-Chapter 8, Network Security Data & Computer Communications, William Stalling—Chapter 18 Network Security 11/14/2018 Datacom II Spring

Download ppt "University of Houston Network Security Datacom II Lecture 8"

Similar presentations

Cryptography and Network Security Chapter 18

Cryptography and Network Security Chapter 18
Cryptography and Network Security Sixth Edition by William Stallings.

Cryptography and Network Security Sixth Edition by William Stallings.
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Electronic Mail Security

Electronic Mail Security
Cryptography and Network Security Chapter 18

Cryptography and Network Security Chapter 18
Electronic mail security. Outline Pretty good privacy S/MIME.

Electronic mail security. Outline Pretty good privacy S/MIME.
Email Security.  email is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Network Security Essentials Chapter 7 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)

Network Security Essentials Chapter 7 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Similar presentations

Ads by Google