Presentation is loading. Please wait.

Presentation is loading. Please wait.

PGP CSC 492 Presentation May 2, 2007 Brandon Skari Ruby Matejcik.

Published byΒασίλης Σπυρόπουλος Modified over 4 years ago

Similar presentations

Presentation on theme: "PGP CSC 492 Presentation May 2, 2007 Brandon Skari Ruby Matejcik."— Presentation transcript:

1 PGP CSC 492 Presentation May 2, 2007 Brandon Skari Ruby Matejcik

2 What does PGP stand for? Prenhall, Goodman, & Paul
Public Generating Polynomial Pfleeger, Golomb, & Pfleeger Pretty Good Privacy

3 Topics History of PGP Applications of PGP How PGP Works Encryption
Decryption Digital Signatures & Data Integrity Web of Trust Certificates

4 History of PGP Phil Zimmerman created PGP in 1991
encryption software package, uses public key encryption system In response to U.S. Senate Bill 266 for "back-door" for the U.S. government Initially used for securing messages and files in BBS’s of anti-nuclear activist groups

5 PGP Applications High Cost of Customer Data Loss
Lost or stolen customer information cost companies as much as $22 million Average cost per lost customer record was $186 PGP solutions are used by more than 80,000 enterprises, businesses, and governments worldwide. 95% of the Fortune® 100

6 How PGP Works Request public key Public key
Encrypt random key with receiver's public key, append to message Generate hash of message and encrypt hash with sender's private key Sender Receiver Encrypt remainder of message with random key

7 How PGP Works Send message Decrypt key in message with private key
Decrypt message Request public key Sender Receiver Public key Generate hash of message and decrypt hash value

8 Encryption Methods PGP allows you to use any number of encryption methods for the symmetric, asymmetric, and hash algorithms RSA, DSA, Elgamal, Elliptic curves Triple-DES, IDEA, Blowfish, CAST5, AES, plaintext or make up your own! No need to re-encrypt the message for different receivers – only the key Permanent storage of messages and files

9 Digital Signatures and Data Integrity
Adding a hash value of the message ensures that the message was not garbled in transmission Encrypting the hash with the sender's private key validates the sender's identity and message content

10 Digital Signatures and Data Integrity
Theresa Swinehart -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP Personal Privacy 6.5.1 mQGiBDyY+88RBAD0TJYTvYo+Mw2YCKIulU+EhR5eAnTaJ/sJuoSn05PsKCB+/XSK hsph9A3jGaS/gmOKRbDa1q6jZTgx9huSZyq0oPTJYeBu5K7j55uve3NF9H/UhTej DaNHfA7Ll4LKv5tTXNts410kpkMA/1p1AcHsaA897OXV6UXw0e+tJzdE0QCg/0HE 8ZD4ur75jlkF1Dqn4r1kU/sEAPRC7vVtrWDVj+MRUd4G5Krst1zegTq4JeYgO0ei vn18MoVA+GM+wRUE7niIgipxuFFKV3FUkPFTcoavivuUplLiJqMPEm1rSEWImQ9N -----END PGP PUBLIC KEY BLOCK-----

11 Web of Trust Concept used in PGP and other OpenPGP-compatible systems
To establish the authenticity of the binding between a public key and a user. Each user has a certificate, trust is certified to various degrees by other users Decentralized system - many independent webs of trust Alternative to centralized public key infrastructure (PKI)

12 Web of Trust Problem - No central controller, depends on other users for trust. Those with new certificates will not readily be trusted by other users Alice knows Bob and signs Bob’s certificate with her public key Charles knows Alice and has her public key. Charles can check Alice’s signature on Bob’s certificate. Charles then trusts Bob’s certificate.

13 Certificates Binds a public key to an entity Set up of PGP Certificate
Random input from keystrokes, timing, mouse movements to get primes p & q, then compute n, d, and e n and e - public key User selects a passphrase. User enters the passphrase, when private key (decryption) is needed

14 References OpenPGP Proposed Standard RFC 2440
Internet Engineering Task Force Introduction to Cryptography Wade Trappe, Lawrence C. Washington Second Edition PGP Corporation PGP documentation. Copyright © Network Associates, Inc. its \ The Early Roots of PGP

15 What does PGP stand for? PRETTY GREAT PRESENTATION

Download ppt "PGP CSC 492 Presentation May 2, 2007 Brandon Skari Ruby Matejcik."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Electronic Mail Security

Electronic Mail Security
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
PGP Encryption Justin Shelby. Encryption Methods  There are two basic key types for cryptography Symmetric Asymmetric.

PGP Encryption Justin Shelby. Encryption Methods  There are two basic key types for cryptography Symmetric Asymmetric.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Email Security.  email is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Similar presentations

Ads by Google