PGP E-mail Security

7/30/2019 PGP E-mail Security

1/43

E-mail security

Pretty Good Privacy


2/43

Why Study E-mail Security?

After web browsing, e-mail is the mostwidely used network-reliant application.

Mail servers, after web servers, are the

most often attacked Internet hosts. Basic e-mail offers little security, counter

to public perception.

Good technical solutions are available, but

not widely used. If we understand why this is so, we might

understand something about whysecurity is hard.


3/43

Threats to E-mail

Loss of confidentiality.

E-mails are sent in clear over open

networks. E-mails stored on potentially

insecure clients and mail servers.

Loss of integrity.

No integrity protection on e-mails;anybody be altered in transit or onmail server.


4/43

Threats to E-mail

Lack of data origin authentication.

Is this e-mail really from the person

named in theFrom:field? Lack of non-repudiation.

Can I rely and act on the content?

(integrity) If so, can the sender later deny having

sent it? Who is liable if I have acted?


5/43

Threats to E-mail

Lack of notification of receipt.

Has the intended recipient receivedmy e-mail and acted on it?

A message locally marked as sent

may not have been delivered.


6/43

E-mail security

Secure E-mail Standards and

Products

Other now defunct standards: PEM(privacy enhanced mail), X.400.

S/MIME.

We focus on PGP


7/43

S/MIME

(Secure/Multipurpose Internet Mail Extension)

Originated from RSA Data Security Inc. in

1995.

Further development by IETF S/MIME

working group at:

www.ietf.org/html.charters/smime-charter.html.

Version 3 specified in RFCs2630-2634.

Allows flexible client-client security throughencryption and signatures.

Widely supported, e.g. in Microsoft Outlook,

Netscape Messenger, Lotus Notes.


8/43

PGP

(Pretty Good Privacy)

Freeware: Open PGP and variants:

www.openpgp.org, www.gnupg.org

Open PGP specified in RFC 2440 and definedby IETF Open PGP working group.

www.ietf.org/html.charters/openpgp-charter.html

Available as plug-in for popular e-mail clients,can also be used as stand-alone software.


9/43


10/43

PGP


If all the personal computers in the

world260 millionwere put to work

on a single PGP encrypted message,it would still take an estimated 12million times the age of the universe,on average, to break a single

message.


11/43

PGP


PGP is an e-mail security program written by

Phil Zimmermann, based on the IDEA algorithm

for encryption of plaintext and uses the RSA

Public Key algorithm for encryption of theprivate key.

PGP incorporates tools for developing a public-

key trust model and public-key certificate

management.


12/43

PGP


PGP is an open-source freely available

software package for e-mail security. It

provides authentication;

confidentiality;

compression;

e-mail compatibility; and

segmentation and reassembly.


13/43

PGP Services

Digital

signature

DSS/SHA or

RSA/SHA

A hash code of a message is

created using SHA-1. This

message digest is encrypted

using DSS or RSA with the

sender's private key andincluded with the message.

Message

encryption

CAST or IDEA or

Three-key Triple

DES with Diffie-

Hellman or RSA

A message is encrypted using

CAST-128 or IDEA or 3DES

with a one-time session key

generated by the sender. The

session key is encrypted using

Diffie-Hellman or RSA with the

recipient's public key and

included with the message.


14/43

PGP

(Pretty Good Privacy)Compression ZIP A message may be

compressed, for storage or

transmission, using ZIP.

Emailcompatibility Radix 64conversion To provide transparency foremail applications, an

encrypted message may be

converted to an ASCII string

using radix 64 conversion.Segmentation To accommodate maximum

message size limitations,

PGP performs segmentation

and reassembly.


15/43

PGP


PGP Algorithms

Symmetric encryption: DES, 3DES, AES and others.

Public key encryption of sessionkeys: RSA or ElGamal.

Hashing: SHA-1, MD-5 and others.

Signature: RSA, DSS, ECDSA and others.


16/43

PGP


PGP use:

public keys for encrypting session

keys / verifying signatures. private keys for decrypting session

keys / creating signatures.


17/43

17

PGP Operation Summary


18/43

PGP

Alice: generates random symmetricprivate key, KS. encrypts message with KS (for efficiency) also encrypts KSwith Bobs public key. sends both K

S(m) and K

B(K

S) to Bob.

Alice wants to send confidential e-mail, m, to Bob.

KS( ).

KB( ).+

+ -

KS(m )

KB(KS )+

m

KS

KS

KB+

Internet

KS( ).

KB( ).-

KB-

KS

mKS(m )

KB(KS )+


19/43

PGP

Bob: uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m

Alice wants to send confidential e-mail, m, to Bob.

KS( ).

KB( ).+

+ -

KS(m )

KB(KS )+

m

KS

KS

KB+

Internet

KS( ).

KB( ).-

KB-

KS

mKS(m )

KB(KS )+


20/43

PGP

Alice wants to provide sender authentication messageintegrity.

Alice digitally signs message. sends both message (in the clear) and digital signature.

H( ). KA( ).-

+ -

H(m )KA(H(m))

-

m

KA-

Internet

m

KA( ).+

KA+

KA(H(m))

-

m

H( ). H(m )

compare


21/43

PGP


PGP Key Rings

PGP supports multiple public/private

keys pairsper sender/recipient. Keys stored locally in a PGP Key Ring essentially a database of keys.

Private keys stored in encrypted form;

decryption key determined by user-entered pass-phrase.


22/43

PGP Message Generation


23/43

PGP Message Generation

The sending PGP entity performs the following steps:

Signs the message:

PGP gets senders private key from key ring using

its user id as an index. PGP prompts user for passphrase to decrypt

private key.

PGP constructs the signature component of the

message.

Encrypts the message: PGP generates a session key and encrypts the

message.

PGP retrieves the receiver public key from the key

ring using its user id as an index.

PGP constructs session component of message


24/43

PGP Message Reception


25/43

PGP Message Reception

The receiving PGP entity performs the following steps:

Decrypting the message:

PGP get private key from private-key ring using Key IDfield in session key component of message as an index.

PGP prompts user for passphrase to decrypt privatekey.

PGP recovers the session key and decrypts themessage.

Authenticating the message:

PGP retrieves the senders public key from the public-

key ring using the Key ID field in the signature keycomponent as index.

PGP recovers the transmitted message digest.

PGP computes the message for the received messageand compares it to the transmitted version forauthentication.


26/43

PGP


Key Management for PGP

Public keys for encrypting session keys /

verifying signatures.

Private keys for decrypting session keys /

creating signatures.

Where do these keys come from and on what

basis can they be trusted?


27/43

PGP


PGP adopts a trust model called the web oftrust.

No centralised authority

Individuals sign one anothers public keys,

these certificates are stored along with

keys in key rings.

PGP computes a trust levelfor each publickey in key ring.

Users interpret trust level for themselves.


28/43

28

PGP Compression

PGP can also compress themessage if desired. Thecompression algorithm is ZIP andthe decompression algorithm isUNZIP.

1. The original message mis signedusing private key Adto obtain

c=pk.encryptAd(SHA(m))


29/43

29

2. Now the original message miscompressed to obtain

M=ZIP(m)

3. Alice generates a session key k and

encrypts the compressed message andthe signature using the session key

C=sk.encryptk(M,c)

4. The session key is encrypted using Bobspublic key as before.


30/43

30

5. Alice sends Bob the encrypted sessionkey and ciphertext C.

6. Bob decrypts the session key using hisprivate key and then uses the sessionkey to decrypt the ciphertext Cto obtainMand c

(M,c) = sk.decryptk(C)

7. Bob decompresses the message Mtoobtain the original message m

m=UNZIP(M)


31/43

31

8. Now Bob has the original message mand signature c. He verifies the signature

using SHA-1 and Alices public key asbefore.

Note that the compression is appliedafter signing (due to implementation ofZIP) but before encryption (this

strengthens the security of the schemesince the message has less redundancyafter compression)


32/43

32

PGP E-Mail Compatibility

Many electronic mail systems can

only transmit blocks ofASCII text.

This can cause a problem whensending encrypted data since

ciphertext blocks might not

correspond to ASCII characters which

can be transmitted.

PGP overcomes this problem by using

radix-64 conversion.


33/43

33

Radix-64 conversion

Suppose the text to be encrypted has

been converted into binary using

ASCII coding and encrypted to give aciphertext stream of binary.

Radix-64 conversion maps arbitrary

binary into printable characters as

follows:


34/43

34

Radix-64 conversion

1. The binary input is split into blocksof 24 bits (3 bytes).

2. Each 24 block is then split into foursets each of 6-bits.

3. Each 6-bit set will then have a valuebetween 0 and 26-1 (=63).

4. This value is encoded into aprintable character.


35/43

35

6 bit

value

Character

encoding

6 bit

value

Character

encoding

6 bit

value

Character

encoding

6 bit

value

Character

encoding

0

1

23

4

5

6

7

8

9

10

11

12

1314

15

A

B

CD

E

F

G

H

I

J

K

L

M

NO

P

16

17

1819

20

21

22

23

24

25

26

27

28

2930

31

Q

R

ST

U

V

W

X

Y

Z

a

b

c

de

f

32

33

3435

36

37

38

39

40

41

42

43

44

4546

47

g

h

ij

k

l

m

n

o

p

q

r

s

tu

v

48

49

5051

52

53

54

55

56

57

58

59

60

6162

63

(pad)

w

x

yz

0

1

2

3

4

5

6

7

8

9+

/

=


36/43

36

PGP Segmentation

Another constraint of e-mail is that

there is usually a maximum message

length.PGP automatically blocks an

encrypted message into segments of

an appropriate length.

On receipt, the segments must be re-

assembled before the decryption

process.


37/43

37

Key Issues

1. Key Generation

Recall that a new session key is

required each time a message isencrypted. How are these keys

generated?

PGP uses the timing of key strokes

and key patterns to generate

random numbers.


38/43

38

2. Key Identifiers

PGP allows users to have more

than one public/private key pair

To increase security To ease the key changeover period

So how does Bob know which set

of keys he should be using?


39/43

39

In the case of encryption, (Alice usesBobs public key) Alice can send Bob the

public key with the message since this isnot secret (in fact Alice only sends the 64least significant bits so that Bob canidentify the key).

In the case of digital signatures Alice usesher private key and Bob uses Alicescorresponding public key. Alice cannotsend Bob her private key, but she can lookup the corresponding public key and sendthe 64 least significant bits of that.


40/43

40

So a PGP message might consist

of:

Message component the actual datato be transmitted + a filename + atimestamp;

Signature component timestamp +hash of message and timestamp +first part of message (so user can

check that they are decryptingcorrectly) + Key ID of senders publickey

Session Key component session

key + key ID of recipients public key


41/43

PGP


Security of PGP There are many known attacks against

PGP.

Attacks against cryptoalgorithms are not themain threat

IDEA is considered strong, and whilecryptoanalysis advances, it should be

strong still for some time. RSA may or may not be strong. There are

recent rumors of possible fast factorizationalgorithms..

The main threats are much more simple.


42/43

PGP


An attacker may socially engineer himselfinto a web of trust, or some trustable personmay change. Then he could falsify public

keys. This breaks most of the security. PGP binaries can be corrupted when they

are obtained.

The PGP binaries can be modified in the

computer. The passphrase can be obtained by a

Trojan. Weak passphrases can be cracked.

On multiuser system, access to the secret

key can be obtained.


43/43

Questions:

Date post:	04-Apr-2018
Category:	Documents
Upload:	sana-saiyed
View:	216 times
Download:	0 times

PGP E-mail Security

Documents