Email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by suitably privileged users on destination system
Trang 1
Lecturer: Nguyễn Thị Thanh Vân – FIT - HCMUTE
1
Introduction
Pretty Good Privacy
Trang 2 email is one of the most widely used and regarded
network services
currently message contents are not secure
may be inspected either in transit
or by suitably privileged users on destination system
3
confidentiality
protection from disclosure
authentication
of sender of message
message integrity
protection from modification
non-repudiation of origin
protection from denial by sender
Trang 3 is an encryption strategy for (de)encrypting and signing
data in general and email/messages in specific.
developed by Phil Zimmermann.
provides a confidentiality and authentication service
selected best available crypto algothirms to use
integrated into a single program
on Unix, PC, Macintosh and other systems
originally free, now also have commercial versions
available
5
The actual operation of PGP consists of four services:
o Authentication: using Digital signature
• DSS/SHA or
• RSA/SHA
o Confidentiality:
• CAST or
• IDEA or
Trang 41.The sender creates a message
2.SHA-1 is used to generate a 160-bit hash code of the message
3.Encrypt H with RSA using PRa, and the result is prepended to the message
4.Uses RSA with the PUato decrypt and recover the hash code
5.The receiver generates a new hash code for the message and compares it with
the decrypted hash code If the two match, the message is accepted as authentic
- PGP support the use of DSS signatures It can be useful in:
The digital signature service provided
by PGP
Trang 5 Confidentiality is provided by encrypting messages to be transmitted
or to be stored locally as files:
1. generates a message and a session key (random 128-bit number): one-time
key – use only once)
2. encrypts message using CAST-128 (or IDEA or 3DES) with session key
3. attaches session keyencrypted with RSA using the recipient’s public key
4. receiver decrypts & recovers session key
5. session key is used to decrypt message using RSA with its private key
Recent PGP versions also support the use of ElGamal (a Diffie-Hellman
can use both services on same message
o the sender signs the message with its own private key, att to M
o then encrypts the message with a session key using CAST-128
(or IDEA or 3DES)
o and then encrypts the session key with the recipient's public key
using RSA (or ElGamal)
Trang 6 by default, PGP compresses message after signing
o so can store uncompressed message & signature
for later verification
o & because compression is non deterministic
but PGP compresses before encrypting:
o to strengthen cryptographic security
o compressed message has less redundancy
than the original plaintext,
o cryptanalysis is more difficult
uses ZIP compression algorithm
signing
compress
encrypting
Trang 7 when using PGP will have binary data to send (encrypted)
however email was designed only for text
hence PGP must encode raw binary data into printable
ASCII characters
uses radix-64 algorithm
o maps 3 bytes to 4 printable chars
o also appends a CRC
PGP also segments messages if too big
13
Bit 0 1 0 0 1 1 0 1 0 1 1 0 0 0 0 1 0 1 1 0 1 1 1 0
Base
Trang 8 PGP makes use of four types of keys:
o one-time session symmetric keys,
o public keys,
o private keys, and
o passphrase-based symmetric keys
need a session key for each message, using a
symmetric encryption algorithm
o of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit
Triple-DES
generated using ANSI X12.17 mode
uses random inputs taken from previous uses and from
keystroke timing of user
15
since many public/private keys may be in use, need to
identify which is actually used to encrypt session key in a
message
o could send full public-key with every message
o but this is inefficient
rather use a key identifier based on key
o is least significant 64-bits of the key
o will very likely be unique
also use key ID in signatures
Trang 9 the message component:
o includes the actual data,
o filename and
o a timestamp
a signature (optional):
timestamp, encrypted SHA-1,
the Key ID
a session key component (optional):
the session key and
the identifier of the recipient's public key
17
each PGP user has a pair of keyrings:
public-key ring contains all the public-keys of other PGP users
known to this user, indexed by key ID
private-key ring contains the public/private key pair(s) for this
user, indexed by key ID & encrypted keyed from a hashed
passphrase
Trang 1019
Trang 11o can sign keys for users they know directly
o trust keys have signed
Trang 12 e-mail format standards:
o Traditional - RFC 822: text only
o Internet Message Format - RFC 5322
o MIME (Multipurpose Internet Mail Extension) - RFC 2045-2049
o S/MIME
E-mail Format includes: header and the body.
Trang 13 MIME:
o an extension to the RFC 5322 framework
o solves some of the problems and limitations of the use of SMTP
• cannot transmit executable files or other binary objects
• cannot transmit text data that includes national language characters
• reject mail message over a certain size
….
The MIME specification includes the following elements.
o Five new message header fields (information about the body)
• MIME-Version, Content-Type, Content-Transfer-Encoding, Content-ID,
Content-Description.
o A number of content formats are defined
• Text, image, video…
o Transfer encodings are defined that enable the conversion of any
content format into a form that is protected from alteration by the mail
system
• 7bit, 8bit, and binary, base64
25
S/MIME:
o security enhancement to MIME email
o have S/MIME support in many mail agents
• eg MS Outlook, Mozilla, Mac Mail etc
o Provide many functions
o Use many cryptographic algorithms
Trang 14 enveloped data
o encrypted content and associated keys
signed data
o encoded message + signed digest
clear-signed data
o cleartext message + encoded signed digest
signed & enveloped data
o nesting of signed & encrypted entities
27
digital signatures:
o DSS & RSA
hash functions:
o SHA-1 & MD5
session key encryption:
o ElGamal & RSA
message encryption:
o AES, Triple-DES, RC2/40 and others
MAC:
o HMAC with SHA-1
have process to decide which algs to use
Trang 15 S/MIME secures a MIME entity with a signature,
encryption, or both
forming a MIME wrapped PKCS object
have a range of content-types:
enveloped data: An encrypted S/MIME entity
signed data: A signed S/MIME entity
clear-signed data
registration request
certificate only message
29
S/MIME uses X.509 v3 certificates
managed using a hybrid of a strict X.509 CA hierarchy &
PGP’s web of trust
each client has a list of trusted CA’s certs
and own public/private key pairs & certs
Trang 16 have several well-known CA’s
Verisign one of most widely used
Verisign issues several types of Digital IDs
increasing levels of checks & hence trust
1 name/email check web browsing/email
2 + enroll/addr check email, subs, s/w validate
3 + ID documents e-banking/service access
31
3 proposed enhanced security services:
o signed receipts:
• to provide proof of delivery to the originator of a message
• allow s the originator to demonstrate to a third party that the recipient
received the message
o security labels:
• Is a set of security information of the content that is protected by
S/MIME encapsulation.
• may be used for access control, w hich users are permitted access
o secure mailing lists:
• The user can do not use of each recipient's public key by employing the
services of an S/MIME Mail List Agent (MLA)
• An MLA can take a single incoming message, perform recipient-specific
encryption for each recipient, and forw ard the message
• The originator of a message need only send the message to the MLA,
w ith encryption performed using the MLA's public key
Trang 17 see RFC 4684- Analysis of Threats Motivating
DomainKeys Identified Mail
describes the problem space in terms of:
o range: low end, spammers, fraudsters
o capabilities in terms of where submitted, signed, volume, routing
naming etc
Trang 18 a specification for cryptographically signing email
messages
so signing domain claims responsibility
recipients / agents can verify signature
proposed Internet Standard RFC 4871
has been widely adopted
35
to provide an email
authentication technique
transparent to user
o MSA sign
o MDA verify
for pragmatic reasons
Trang 19 2 processes:
o signing Administrative Management
Domain (ADMD) is performed by an
authorized module w ithin the signing
ADMD and uses private information
o verifying ADMD is performed by an
authorized module w ithin the verifying
ADMD and uses public information from
Trang 20 have considered:
o secure email
o PGP
o S/MIME
o domain-keys identified email
Practice:
o Setup 1 mail server (on linux OS)
o Configure and add some tools to prevent from spams and
establish security policies for mail server
39
Cryptography and Network Security, Principles
and Practice, William Stallings, Prentice Hall,
Sixth Edition, 2013
o Chapter 18
o Others