300 likes | 537 Views
PIS : Unit IV Pretty Good Privacy (PGP). Sanjay Rawat Sanjay_r@vnrvjiet.in.
E N D
PIS: Unit IVPretty Good Privacy (PGP) Sanjay Rawat Sanjay_r@vnrvjiet.in Based on the slides of Lawrie Brown, together with the book “Cryptography and Network Security” by William Stalling and “Internet Security: Cryptographic Principles, Algorithms and Protocols”, by Man Young Rhee PIS Unit 4 PGP Sanjay Rawat
Email Security • email is one of the most widely used and regarded network services • currently message contents are not secure • may be inspected either in transit • or by suitably privileged users on destination system • Remember our analogy with Postal mail! PIS Unit 4 PGP Sanjay Rawat
Email Security Enhancements • confidentiality • protection from disclosure • authentication • of sender of message • message integrity • protection from modification • non-repudiation of origin • protection from denial by sender PIS Unit 4 PGP Sanjay Rawat
Pretty Good Privacy (PGP) • widely used de facto secure email • developed by Phil Zimmermann • selected best available crypto algs to use • integrated into a single program • on Unix, PC, Macintosh and other systems • originally free, now also have commercial versions available PIS Unit 4 PGP Sanjay Rawat
PGP Services • Confidentiality via Encryption • Authentication via Digital Signature • Compression • Radix-64 Conversion • Segmentation (optional in case of large message) PIS Unit 4 PGP Sanjay Rawat
1. Confidentiality via Encryption • The sender creates a message. • The sending PGP generates a random 128-bit number to be used as a session key for this message only. • The session key is encrypted with RSA (or ElGamal), using the recipient’s public key. • The sending PGP encrypts the message, using CAST-128 or IDEA or 3DES, with the session key. Note that the message is also usually compressed. • The receiving PGP uses RSA with its private key to decrypt and recover the session key. • The receiving PGP decrypts the message using the session key. If the message was compressed, it will be decompressed PIS Unit 4 PGP Sanjay Rawat
confidentiality PIS Unit 4 PGP Sanjay Rawat
2. Authentication via Digital Signature • The sender creates a message. • SHA-1 is used to generate a 160-bit hash code of the message. • The hash code is encrypted with RSA using the sender’s private key and a digital signature is produced(alternatively DSS/SHA-1). • The binary signature is attached to the message. • The receiver uses RSA with the sender’s public key to decrypt and recover the hash code. • The receiver generates a new hash code for the received message and compares it with the decrypted hash code. If the two match, the message is accepted as authentic. PIS Unit 4 PGP Sanjay Rawat
Authentication PIS Unit 4 PGP Sanjay Rawat
Confidentiality & Authentication • can use both services on same message • create signature & attach to message • encrypt both message & signature • attach RSA/ElGamal encrypted session key PIS Unit 4 PGP Sanjay Rawat
3. Compression • by default PGP compresses message after signing but before encrypting • an store uncompressed message & signature for later verification • Makes cryptanalysis difficult • uses ZIP compression algorithm PIS Unit 4 PGP Sanjay Rawat
4. Radix-64 Conversion • when using PGP will have binary data to send (encrypted message etc) • however email was designed only for text • hence PGP must encode raw binary data into printable ASCII characters • uses radix-64 algorithm (ASCII armor) • maps 3 bytes to 4 printable chars • also appends a CRC PIS Unit 4 PGP Sanjay Rawat
Radix encoding PIS Unit 4 PGP Sanjay Rawat
Radix example • Suppose the 24-bit raw text is: • 10110010 01100011 00101001 • The hex is b2 63 29 • Arranging in blocks of 6 bits yields: • 101100 100110 001100 101001 • The extracted 6-bit decimal values are 44, 38, 12, 41. • Referring to radix encoding, the radix-64 encoding of these decimal values produces the following characters: smMp PIS Unit 4 PGP Sanjay Rawat
5. Segmentation • There may be a limit on packet content. • PGP automatically subdivides a message that is too large into segments that are small enough to send via e-mail. • The segmentation is done after all of the other processing, including the radix-64 conversion. • Thus, the session key component and signature component appear only once, at the beginning of the first segment. PIS Unit 4 PGP Sanjay Rawat
PGP Operation – Summary PIS Unit 4 PGP Sanjay Rawat
PGP Cryptographic Keys • PGP makes use of four types of keys: • one-time session symmetric keys, • public keys (of other parties) • Private/public key pairs, and • passphrase-based symmetric keys PIS Unit 4 PGP Sanjay Rawat
PGP Session Keys • need a session key for each message • of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES • Random 128-bit number are generated using an algo specified in ANSI X12.17 • uses random inputs taken from previous session keys and from keystroke timing and pressed keys of the user PIS Unit 4 PGP Sanjay Rawat
PGP Public & Private Keys • since many public/private keys may be in use, need to identify which is actually used to encrypt session key in a message • could send full public-key with every message • but this is inefficient • rather use a key identifier based on key • is least significant 64-bits of the key • will very likely be unique • also use key ID in signatures PIS Unit 4 PGP Sanjay Rawat
PGP Message Format PIS Unit 4 PGP Sanjay Rawat
PGP Key Rings • each PGP user has a pair of keyrings: • public-key ring contains all the public-keys of other PGP users known to this user, indexed by key ID • private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted keyed from a hashed passphrase • security of private keys thus depends on the pass-phrase security PIS Unit 4 PGP Sanjay Rawat
Private key ring DS PIS Unit 4 PGP Sanjay Rawat
Public key ring DS PIS Unit 4 PGP Sanjay Rawat
Trust management • owner trust • assigned by the user • possible values: • unknown user • usually not trusted to sign • usually trusted to sign • always trusted to sign • ultimately trusted (own key, present in private key ring) • signature trust • assigned by the PGP system • if the corresponding public key is already in the public-key ring, then its owner trust entry is copied into signature trust • otherwise, signature trust is set to unknown user PIS Unit 4 PGP Sanjay Rawat
Trust management • key legitimacy • computed by the PGP system • if at least one signature trust is ultimate, then the key legitimacy is 1 (complete) • otherwise, a weighted sum of the signature trust values is computed • always trusted signatures has a weight of 1/X • usually trusted signatures has a weight of 1/Y • X, Y are user-configurable parameters • example: X=2, Y=4 • 1 ultimately trusted, or • 2 always trusted, or • 1 always trusted and 2 usually trusted, or • 4 usually trusted signatures are needed to obtain full legitimacy PIS Unit 4 PGP Sanjay Rawat
PGP Message Generation PIS Unit 4 PGP Sanjay Rawat
PGP Message Reception PIS Unit 4 PGP Sanjay Rawat
PGP Key Management • rather than relying on certificate authorities • in PGP every user is own CA • can sign keys for users they know directly • forms a “web of trust” • trust keys have signed • can trust keys others have signed if have a chain of signatures to them • key ring includes trust indicators • users can also revoke their keys PIS Unit 4 PGP Sanjay Rawat
ü ü ü ü ü ü ü Example – key legitimacy X = 1, Y = 2 C H G B D user F A I E untrusted / usually untrusted K usually trusted always trusted L J M ultimately trusted (you) signature ü legitimate PIS Unit 4 PGP Sanjay Rawat