Email Security Pretty Good Privacy (PGP),Services Provided by PGP.pdf
209 views
31 slides
Jul 22, 2024
Slide 1 of 31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
About This Presentation
cryptographic algorithm with pretty good privacy.
Slide Content
Email Security: Pretty Good
Privacy (PGP),Services
Provided by PGP
PRESENTED BY:
-PRATIK RAYAMAJHI
-RUPAK LAMICHANNE
-MADHAV ARYAL
Privacy (PGP),Services
Provided by PGP
PRESENTED BY:
-PRATIK RAYAMAJHI
-RUPAK LAMICHANNE
-MADHAV ARYAL
Email, short for electronic mail, is a digital method for
exchanging messages.
It enables communication between people over the internet
or other computer networks.
Emails allow the sending and receiving of text-based
messages.
Attachments such as documents, images, or videos can be
included in emails.
It facilitates communication between individuals or
organizations.
INTRODUCTION
EMAIL:
exchanging messages.
It enables communication between people over the internet
or other computer networks.
Emails allow the sending and receiving of text-based
messages.
Attachments such as documents, images, or videos can be
included in emails.
It facilitates communication between individuals or
organizations.
INTRODUCTION
EMAIL:
EMAIL SECURITY:
Email security refers to the steps taken to protect email
messages and their content from unauthorized access and
damage.
It ensures the confidentiality, integrity, and availability of
email messages.
Email security also safeguards against phishing attacks,
spam, viruses, and other forms of malware.
Achieving email security involves a combination of technical
and non-technical measures.
Email security refers to the steps taken to protect email
messages and their content from unauthorized access and
damage.
It ensures the confidentiality, integrity, and availability of
email messages.
Email security also safeguards against phishing attacks,
spam, viruses, and other forms of malware.
Achieving email security involves a combination of technical
and non-technical measures.
BASIC EMAIL SECURITY MEASURES:
Strong Passwords: Use complex
passwords, change regularly.
Two-Factor Authentication (2FA): Adds
an extra layer of security.
Encryption: Basic concept of converting
data into code.
Regular Updates: Importance of
keeping email software updated.
Strong Passwords: Use complex
passwords, change regularly.
Two-Factor Authentication (2FA): Adds
an extra layer of security.
Encryption: Basic concept of converting
data into code.
Regular Updates: Importance of
keeping email software updated.
ADVANCED EMAIL SECURITY PRACTICES:
End-to-End Encryption: Ensures only
sender and recipient can read the
message.
Email Filters: Setting up filters to block
spam and malicious emails.
Digital Signatures: Ensures the
authenticity of the sender.
Secure Email Gateways: Acts as a shield
between the internal email system and
the internet.
End-to-End Encryption: Ensures only
sender and recipient can read the
message.
Email Filters: Setting up filters to block
spam and malicious emails.
Digital Signatures: Ensures the
authenticity of the sender.
Secure Email Gateways: Acts as a shield
between the internal email system and
the internet.
ARCHITECTURE OF EMAIL SECURITY:
PRETTY GOOD PRIVACY(PGP)
Pretty Good Privacy (PGP) is an encryption software program
designed to ensure the confidentiality, integrity, and authenticity
of virtual communications and information.
It was developed by Phil Zimmermann in 1991.
PGP has become a cornerstone of modern cryptography.
It is widely regarded as one of the best methods for securing
digital data.
Pretty Good Privacy (PGP) is an encryption software program
designed to ensure the confidentiality, integrity, and authenticity
of virtual communications and information.
It was developed by Phil Zimmermann in 1991.
PGP has become a cornerstone of modern cryptography.
It is widely regarded as one of the best methods for securing
digital data.
Why Is PGP Popular?Why Is PGP Popular?
•It is availiable free on a variety of
platforms.
•Based on well known algorithms.
•Wide range of applicability
•Not developed or controlled by
governmental or standards organizations
•It is availiable free on a variety of
platforms.
•Based on well known algorithms.
•Wide range of applicability
•Not developed or controlled by
governmental or standards organizations
Consist of five services:
–Authentication
–Confidentiality
–Compression
–E-mail compatibility
–Segmentation
Operational DescriptionOperational Description
–Authentication
–Confidentiality
–Compression
–E-mail compatibility
–Segmentation
Operational DescriptionOperational Description
AuthenticationAuthentication
Authentication refers to the process of validating something
as true or real.
For example, logging into a site using an account name and
password is an authentication verification procedure.
In the context of email, authentication involves verifying the
authenticity of an email to ensure it actually came from the
claimed sender.
Email authentication is important to prevent spoofing and
spam, which can cause significant inconvenience.
Authentication refers to the process of validating something
as true or real.
For example, logging into a site using an account name and
password is an authentication verification procedure.
In the context of email, authentication involves verifying the
authenticity of an email to ensure it actually came from the
claimed sender.
Email authentication is important to prevent spoofing and
spam, which can cause significant inconvenience.
The Authentication service in PGP is provided as follows:The Authentication service in PGP is provided as follows:
The Hash Function (H) calculates the Hash Value of a message.
For hashing, SHA-1 is used, producing a 160-bit output hash value.
The hash value is encrypted using the sender’s private key (KPa) to create a
Digital Signature.
The message is appended to the signature.
The message is then compressed to reduce transmission overhead and sent
to the receiver.
At the receiver’s end:
The data is decompressed to obtain the message and signature.
The signature is decrypted using the sender’s public key (PUa) to retrieve the
hash value.
The message is passed through the hash function again to calculate and
obtain its hash value.
Working Process:Working Process:
For hashing, SHA-1 is used, producing a 160-bit output hash value.
The hash value is encrypted using the sender’s private key (KPa) to create a
Digital Signature.
The message is appended to the signature.
The message is then compressed to reduce transmission overhead and sent
to the receiver.
At the receiver’s end:
The data is decompressed to obtain the message and signature.
The signature is decrypted using the sender’s public key (PUa) to retrieve the
hash value.
The message is passed through the hash function again to calculate and
obtain its hash value.
Working Process:Working Process:
Packages labeled as 'Confidential' are meant only for
selected individuals and not for everyone.
Similarly, email confidentiality ensures that only the
sender and receiver can read the message.
The contents of the email must be kept secret from
everyone else except for the sender and receiver.
ConfidentialityConfidentiality
selected individuals and not for everyone.
Similarly, email confidentiality ensures that only the
sender and receiver can read the message.
The contents of the email must be kept secret from
everyone else except for the sender and receiver.
ConfidentialityConfidentiality
PGP provides that Confidentiality service in the following manner:
Working Process:Working Process:
The session key (Ks) is encrypted using the receiver's public key (KUb) through public key
encryption (EP).
The encrypted session key and the encrypted message are concatenated and sent to the
receiver.
The original message is compressed and encrypted, making it unreadable to anyone
without the session key.
The session key, though transmitted, is in encrypted form and can only be decrypted using
the receiver's private key (KPb).
CAST-128, IDEA, or 3DES is used for symmetric key encryption.
Working Process:Working Process:
The session key (Ks) is encrypted using the receiver's public key (KUb) through public key
encryption (EP).
The encrypted session key and the encrypted message are concatenated and sent to the
receiver.
The original message is compressed and encrypted, making it unreadable to anyone
without the session key.
The session key, though transmitted, is in encrypted form and can only be decrypted using
the receiver's private key (KPb).
CAST-128, IDEA, or 3DES is used for symmetric key encryption.
At the receiver's end:
The encrypted session key is decrypted using KPb.
The message is decrypted using the obtained session key.
The message is decompressed to retrieve the original message (M).
RSA algorithm is used for public-key encryption.
CAST-128, IDEA, or 3DES is used for symmetric key encryption.
Practically, both the Authentication and Confidentiality services are provided in parallel as follows :
The encrypted session key is decrypted using KPb.
The message is decrypted using the obtained session key.
The message is decompressed to retrieve the original message (M).
RSA algorithm is used for public-key encryption.
CAST-128, IDEA, or 3DES is used for symmetric key encryption.
Practically, both the Authentication and Confidentiality services are provided in parallel as follows :
CompressionCompression
Compression converts a message from n bits to m
bits (where n > m) using a compression algorithm.
Compression helps email service providers by
reducing storage overhead, processing time, and
maintenance labor.
In PGP, the ZIP algorithm is used for compression.
Compression is included in the combined
Authentication & Confidentiality of PGP.
Compression converts a message from n bits to m
bits (where n > m) using a compression algorithm.
Compression helps email service providers by
reducing storage overhead, processing time, and
maintenance labor.
In PGP, the ZIP algorithm is used for compression.
Compression is included in the combined
Authentication & Confidentiality of PGP.
Some email systems only allow the use of blocks that include
ASCII text.
When PGP is used, the minimum part of the block that needs to
be transmitted is encrypted.
The scheme used is radix-64 conversion (see appendix 5B).
The use of radix-64 expands the message by 33%.
Email CompatibilityEmail Compatibility
ASCII text.
When PGP is used, the minimum part of the block that needs to
be transmitted is encrypted.
The scheme used is radix-64 conversion (see appendix 5B).
The use of radix-64 expands the message by 33%.
Email CompatibilityEmail Compatibility
Email CompatibilityEmail Compatibility
SegmentationSegmentation
Email facilities often impose a maximum message length limit.
For example, some internet facilities set a maximum length of
50,000 octets (bytes).
Messages exceeding this limit must be divided into smaller
segments, each sent independently.
Often restricted to a maximum message length of 50,000
octets.
PGP automatically subdivides a message that is to large.
Email facilities often impose a maximum message length limit.
For example, some internet facilities set a maximum length of
50,000 octets (bytes).
Messages exceeding this limit must be divided into smaller
segments, each sent independently.
Often restricted to a maximum message length of 50,000
octets.
PGP automatically subdivides a message that is to large.
PGP OPERATION -SUMMARY
SESSION KEYS
PGP (Pretty Good Privacy) uses session keys for efficient
encryption and decryption of messages.
Session keys are symmetric keys generated specifically for each
session or communication instance.
They are typically randomly generated and are used for a
short duration.
Session keys are used to encrypt the actual message content in
PGP.
After the message is encrypted using the session key, the
session key itself is encrypted using the recipient's public key.
This ensures that only the intended recipient can decrypt the
session key and subsequently decrypt the message.
PGP (Pretty Good Privacy) uses session keys for efficient
encryption and decryption of messages.
Session keys are symmetric keys generated specifically for each
session or communication instance.
They are typically randomly generated and are used for a
short duration.
Session keys are used to encrypt the actual message content in
PGP.
After the message is encrypted using the session key, the
session key itself is encrypted using the recipient's public key.
This ensures that only the intended recipient can decrypt the
session key and subsequently decrypt the message.
PUBLIC KEY
Used for encryption and verifying digital signatures.
Typically shared openly or with anyone who needs to send
encrypted messages or verify signatures.
Derived from the private key through a mathematical
process and is mathematically related but computationally
infeasible to derive the private key from it.
Ensures confidentiality and authenticity of communications.
Used for encryption and verifying digital signatures.
Typically shared openly or with anyone who needs to send
encrypted messages or verify signatures.
Derived from the private key through a mathematical
process and is mathematically related but computationally
infeasible to derive the private key from it.
Ensures confidentiality and authenticity of communications.
PRIVATE KEY
Used for decryption of messages and generating digital
signatures.
Must be kept confidential and known only to the owner.
Used to prove ownership of the public key and to decrypt
messages encrypted with the corresponding public key.
Both keys are mathematically related, and anything
encrypted with the public key can only be decrypted with
the corresponding private key.
Used for decryption of messages and generating digital
signatures.
Must be kept confidential and known only to the owner.
Used to prove ownership of the public key and to decrypt
messages encrypted with the corresponding public key.
Both keys are mathematically related, and anything
encrypted with the public key can only be decrypted with
the corresponding private key.
PGP MESSAGE FORMAT
A typical PGP message consists of the following main parts:
Message Component: Contains the actual data, filename, and creation
timestamp.
Signature Component contains:
i)Timestamp: Time when the signature was created.
ii)Message Digest: SHA-1 digest of the message, encrypted with the sender's
private key
iii)Leading Two Octets of Message Digest: Placed in the signature to verify
correct decryption and serve as a frame check sequence.
iv)Key ID of Sender's Public Key: Identifies the sender's public key used for
decryption, and indirectly the sender's private key used for encryption.
Session Key Component: Contains the session key encrypted with the
recipient's public key.
A typical PGP message consists of the following main parts:
Message Component: Contains the actual data, filename, and creation
timestamp.
Signature Component contains:
i)Timestamp: Time when the signature was created.
ii)Message Digest: SHA-1 digest of the message, encrypted with the sender's
private key
iii)Leading Two Octets of Message Digest: Placed in the signature to verify
correct decryption and serve as a frame check sequence.
iv)Key ID of Sender's Public Key: Identifies the sender's public key used for
decryption, and indirectly the sender's private key used for encryption.
Session Key Component: Contains the session key encrypted with the
recipient's public key.
FORMAT OF PGP MESSAGE
MESSAGE GENERATION
Create the message content including data, filename, and timestamp.
Optionally generate a session key for efficient encryption.
Encrypt the message using:
Symmetric encryption with the session key (if used), or
Asymmetric encryption with the recipient's public key.
Optionally create a digital signature:
Compute a hash of the message.
Encrypt the hash with your private key to create the digital signature.
Format the message with encryption, optional signature, and
metadata.
Transmit or store the formatted PGP message securely.
Create the message content including data, filename, and timestamp.
Optionally generate a session key for efficient encryption.
Encrypt the message using:
Symmetric encryption with the session key (if used), or
Asymmetric encryption with the recipient's public key.
Optionally create a digital signature:
Compute a hash of the message.
Encrypt the hash with your private key to create the digital signature.
Format the message with encryption, optional signature, and
metadata.
Transmit or store the formatted PGP message securely.
PGP MESSAGE GENERATION
MESSAGE RECEPTION
Receive the PGP message: Obtain the encrypted message, including optional
session key and digital signature.
Decrypt the session key (if used): Use your private key to decrypt the session key.
Decrypt the message content: Use the session key (if used) or your private key to
decrypt the message.
Verify the digital signature (if included):
Decrypt the signature using the sender's public key to obtain the message digest.
Compute the hash of the decrypted message content.
Compare the computed hash with the decrypted digest to ensure integrity and
authenticity.
Extract metadata: Retrieve any additional information, such as timestamps or
filenames.
Handle errors or warnings: Address any issues during decryption or verification.
Securely store or use the decrypted message: Ensure the plaintext message
content is securely stored or used as intended.
Receive the PGP message: Obtain the encrypted message, including optional
session key and digital signature.
Decrypt the session key (if used): Use your private key to decrypt the session key.
Decrypt the message content: Use the session key (if used) or your private key to
decrypt the message.
Verify the digital signature (if included):
Decrypt the signature using the sender's public key to obtain the message digest.
Compute the hash of the decrypted message content.
Compare the computed hash with the decrypted digest to ensure integrity and
authenticity.
Extract metadata: Retrieve any additional information, such as timestamps or
filenames.
Handle errors or warnings: Address any issues during decryption or verification.
Securely store or use the decrypted message: Ensure the plaintext message
content is securely stored or used as intended.
PGP MESSAGE RECEPTION
CHALLENGES AND LIMITATIONS OF PGP
COMPLEXITY: STEEP LEARNING CURVE FOR NEW USERS.
COMPATIBILITY: NOT ALL EMAIL CLIENTS SUPPORT PGP.
KEY MANAGEMENT: DIFFICULTIES IN SECURELY SHARING AND
STORING KEYS.
PERFORMANCE: CAN SLOW DOWN EMAIL PROCESSING DUE TO
ENCRYPTION/DECRYPTION.
COMPLEXITY: STEEP LEARNING CURVE FOR NEW USERS.
COMPATIBILITY: NOT ALL EMAIL CLIENTS SUPPORT PGP.
KEY MANAGEMENT: DIFFICULTIES IN SECURELY SHARING AND
STORING KEYS.
PERFORMANCE: CAN SLOW DOWN EMAIL PROCESSING DUE TO
ENCRYPTION/DECRYPTION.
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 209
- Slides 31
- Age 498 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views