PGP S/MIME

1,403 views 37 slides Nov 17, 2022
Slide 1
Slide 1 of 37
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37

About This Presentation

E-Mail Security Protocols

Size: 605.39 KB
Language: en
Added: Nov 17, 2022
Slides: 37 pages

Slide Content

PRETTY GOOD
PRIVACY (PGP)
Security for Electronic Email
~ S. Janani, AP/CSE

Contents
•Introduction
•Why PGP
•Services

Problem
•E-Mail Security

Everyone on the way can read it!!
No Authentication. Everyone can pose as everyone
Size Limit

Therearetwomainschemeswhichareespecially
designedtoprovideconfidentialityand
authenticationforelectronicmailsystems.
Theseare:
PGP
(PrettyGoodPrivacy)
S/MIME
(Secure/MultipurposeInternetMailExtension)
5

PGP
•DevelopedbyPhilZimmermanin1995.
•Documentationandsourcecodeisfreelyavailable.
•Thepackageisindependentofoperatingsystemand
processor.
•PGPdoesnotrelyonthe“establishment”andit’s
popularityandusehavegrownextensivelysince
1995.
6

Why PGP?
•PGPcombinesthebestavailablecryptographic
algorithmstoachievesecuree-mailcommunication.
•Itisassumedthatallusersareusingpublickey
cryptographyandhavegeneratedaprivate/publickey
pair.
•EitherRSA(withRSAdigitalsignatures)or
ElGamal(withDSA)canbeused.
•Allusersalsouseasymmetrickeysystemsuchas
tripleDESorRijndael.
7

Services of PGP
PGP offers 5 services:
1.Authentication –Digital Signature
2.Confidentiality –Symmetric Block Encryption
3.Compression -ZIP
4.E-mail compatibility –Radix 64
5.Segmentation
8

1. PGP Authentication
This is a digital signature scheme with hashing.
1.Alice has (private/public) key pair (Ad/Ae) and she
wants to send a digitally signed message m to Bob.
2.Alice hashes the message using SHA-1 to obtain
SHA(m).
3.Alice encrypts the hash using her private key Ad to
obtain ciphertext c given c=pk.encrypt
Ad(SHA(m))
4.Alice sends Bob the pair (m,c)
5.Bob receives (m,c) and decrypts c using Alice's
public key Ae to obtain signature s
s=pk.decrypt
Ae(c)
11

6.He computes the hash of m using SHA-1 and if this
hash value is equal to s then the message is
authenticated.
Bob is sure that the message is correct and that is
does come from Alice.
Furthermore Alice cannot later deny sending the
message since only Alice has access to her private
key Ad which works in conjunction with the public
key Ae.
12

2. PGP Confidentiality
1.Alice wishes to send Bob a confidential message m.
2.Alice generates a random session key k for a symmetric
cryptosystem.
3.Alice encrypts k using Bob’s public key Be to get
k’ = pk.encrypt
Be(k)
4.Alice encrypts the message m with the session key k to
get ciphertext c c=sk.encrypt
k(m)
5.Alice sends Bob the values (k’,c)
6.Bob receives the values (k’,c) and decrypts k’ using his
private key B
dto obtain k k=pk.decrypt
Bd(k’)
14

7.Bobusesthesessionkeyktodecryptthe
ciphertextcandrecoverthemessagem
m=sk.decrypt
k(c)
Publicandsymmetrickeycryptosystemsare
combinedinthiswaytoprovidesecurityforkey
exchangeandthenefficiencyforencryption.The
sessionkeykisusedonlytoencryptmessagem
andisnotstoredforanylengthoftime.
15

PGP Authenticaton and Confidentiality(at
the same time)
The schemes for authentication and confidentiality can
be combined so that Alice can sign a confidential
message which is encrypted before transmission. The
steps required are as follows:
1.Alice generates a signature c for her message m as in
the Authentication scheme c=pk.encrypt
Ad(SHA(m))
2.Alice generates a random session key k and encrypts the
message m and the signature c using a symmetric
cryptosystem to obtain ciphertext C=sk.encrypt
k(m,c)
3. She encrypts the session key k using Bob’s public key
k’ = pk.encrypt
Be(k)
4. Alice sends Bob the values (k’,C)
17

5. Bob recieves k’ and C and decrypts k’ using his
private key Bd to obtain the session key k
k=pk.decrypt
Bd(k’)
6. Bob decrypts the ciphertext C using the session key k
to obtain m and c
(m,c) = sk.decrypt
k(C)
7. Bob now has the message m. In order to authenticate
it he uses Alice’s public key Ae to decrypt the signature
c and hashes the message m using SHA-1.
If SHA(m) = pk.decrypt
Ae(c)
Then the message is authenticated.
18

3. PGP Compression
PGP can also compress the message if desired. The
compression algorithm is ZIP and the decompression
algorithm is UNZIP.
1.The original message m is signed as before to obtain
c=pk.encrypt
Ad(SHA(m))
2.Now the original message m is compressed to obtain
M=ZIP(m)
3.Alice generates a session key k and encrypts the
compressed message and the signature using the
session key C=sk.encrypt
k(M,c)
19

4.The session key is encrypted using Bob’s public
key as before.
5.Alice sends Bob the encrypted session key and
ciphertext C.
6.Bob decrypts the session key using his private key
and then uses the session key to decrypt the
ciphertext C to obtain M and c
(M,c) = sk.decrypt
k(C)
7.Bob decompresses the message M to obtain the
original message m
m=UNZIP(M)
8.Now Bob has the original message m and
signature c. He verifies the signature using SHA-1
and Alice’s public key as before.
20

4. PGP E-Mail Compatibility
Manyelectronicmailsystemscanonlytransmitblocks
ofASCIItext.Thiscancauseaproblemwhensending
encrypteddatasinceciphertextblocksmightnot
correspondtoASCIIcharacterswhichcanbe
transmitted.
PGPovercomesthisproblembyusingradix-64
conversion.
21

Radix-64 conversion
Suppose the text to be encrypted has been converted
into binary using ASCII coding and encrypted to give a
ciphertext stream of binary.
Radix-64 conversion maps arbitrary binary into
printable characters as follows:
22

Radix-64 conversion
1.The binary input is split into blocks of 24 bits (3
bytes).
2.Each 24 block is then split into four sets each of 6-
bits.
3.Each 6-bit set will then have a value between 0 and
2
6
-1 (=63).
4.This value is encoded into a printable character.
23

24
6 bit
value
Character
encoding
6 bit
value
Character
encoding
6 bit
value
Character
encoding
6 bit
value
Character
encoding
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Q
R
S
T
U
V
W
X
Y
Z
a
b
c
d
e
f
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
(pad)
w
x
y
z
0
1
2
3
4
5
6
7
8
9
+
/
=

5. PGP Segmentation
Another constraint of e-mail is that there is usually a
maximum message length.
PGP automatically blocks an encrypted message into
segments of an appropriate length.
On receipt, the segments must be re-assembled
before the decryption process.
25

Key Issues
1.Key Generation
Recall that a new session key is required each time
a message is encrypted. How are these keys
generated?
PGP uses the timing of key strokes and key
patterns to generate random numbers.
26

So a PGP message might consist of:
•Message component –the actual data to be
transmitted + a filename + a timestamp;
•Signature component –timestamp + hash of
message and timestamp + first part of message (so
user can check that they are decrypting correctly) +
Key ID of sender’s public key
•Session Key component –session key + key ID of
recipient’s public key
29

S/MIME –RFC5322
•Defines a format for text messages that are sent using
electronic mail
•Messages are viewed as having an envelope and
contents
•The envelope contains whatever information is needed to
accomplish transmission and delivery
•The contents compose the object to be delivered to the recipient
The content standard includes a set of header fields that
may be used by the mail system to create the envelope

Elements of MIME

Table 19.3
MIME Transfer Encodings

Five Header Fields

Table
19.2
MIME
Content
Types
Content
Formats

S/MIME Functions
•enveloped data
•encrypted content and associated keys
•signed data
•encoded message + signed digest
•clear-signed data
•cleartext message + encoded signed digest
•signed & enveloped data
•nesting of signed & encrypted entities

S/MIME Cryptographic Algorithms
•hash functions: SHA-1 & MD5
•digital signatures: DSS & RSA
•session key encryption: ElGamal & RSA
•message encryption: Triple-DES, RC2/40 and others
•have a procedure to decide which algorithms to use

S/MIME Certificate Processing
•S/MIME uses X.509 v3 certificates
•managed using a hybrid of a strict X.509 CA hierarchy &
PGP’s web of trust
•each client has a list of trusted CA’s certs
and own public/private key pairs & certs
•certificates must be signed by trusted CA’s

Certificate Authorities
•have several well-known CA’s
•Verisign one of most widely used
•Verisign issues several types of Digital IDs
•with increasing levels of checks & hence trust
Class Identity ChecksUsage
1 name/email checkweb browsing/email
2+ enroll/addr checkemail, subs, s/w validate
3+ ID documents e-banking/service access

Summary
•E-Mail Security –importance
•PGP –Services
•S/MIME -Functions
Tags
pgp smime email security
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1,403
  • Slides 37
  • Age 1111 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
24 views
View More in This Category