330 likes | 344 Views
This chapter explores the history, building blocks, and key management of PGP, a widely used email security standard. It also discusses the challenges faced in distributing public keys and the importance of trust. Learn about PGP's encryption process, compression techniques, and the use of key rings for key management.
E N D
نعمتان مجهولتان: الصحة و الامان Chapter 15 Electronic Mail Security – Part I: PGP Data & Network Security Spring 2006 Dr. Jalili
Agenda • In this session, we’ll study PGP. In the next session, other email security standards will be studied. • PGP History • PGP Building Blocks • Web of Trust • PGP Key Management
New lords, new laws… • PGP (Pretty Good Privacy) was Phil R. Zimmermann’s (PRZ) answer to the US government 1991 Senate Bill 266: …force manufacturers of secure communications equipment to insert special "trap doors" in their products…
He that never climbed never fell… • PRZ gave PGP to some friends of his, and they gave it to their friends, and so on. Kelly Goen posted it on several BBS networks… • Somehow, PGP leaked outside the US. • The USG began investigating PRZ for alleged aiding with ITAR violation. (ITAR: International Traffic in Arms Regulations)
The wind cannot be caught in a net… • The USG investigation of Zimmermann went on for 5 years, but was eventually dropped: • PRZ was not the one who uploaded PGP to BBS’. • People were nervous about their privacy.
Necessity knows no law… • PGP was using RSA & IDEA encryption algorithms. • The company holding the RSA patent, RSA Security, Inc., alleged that PGP's use of the RSA algorithm infringed on its patent. • PRZ has the same problem with IDEA’s patent.
Base64? • Described in RFC 3548, Base64 is a way of encoding any stream of bits into a set of alphanumeric characters (a-z, A-Z, 0-9 and two/three other characters). • Example: 111100100011010001010110 8jRW • Good for RFC 822 compliance, but increases e-mail size by about 33%.
What makes PGP “pretty good” • The best available cryptographic algorithms as building blocks. • A general-purpose application that is independent of operating system and processor and that is based on a small set of easy-to-use commands. • Well-documented, free, open-source, widely available. • Good support, low-cost commercial versions available, too.
Digging a bit deeper • PRZ’s art was not to use the best building blocks, but also to “glue” them in the best way. • Let’s see how sticky his glue was!
Compression • Compensates for 33% increase of Base64 encoding. • Statistical analysis shows that, on average, ZIP compression ratio is 50%. • Typical messages are shrunk by 66% (ZIP+Base64).
Compression (cont’d) • Why sign before compression? • People are likely to store uncompressed messages; • Re-compression not deterministic. • Why use compression before encryption? • To reduce encryption time; • To remove redundancy, thus making cryptanalysis harder. • Bruce Schneier’s “Decryption Oracle”
Encryption Process • The sender generates a message and a random 128/168-bit number to be used as a session key for this message only. The random number generation is based on ANSI X12.17. • The message is encrypted, using CAST-128 (or IDEA or 3DES) with the session key. Encryption is done in 64-bit CFB (Cipher Feedback) mode.
Encryption Process (cont’d) • The session key is encrypted with RSA/ElGamal, using the recipient's public key, and is appended to the message. • The receiver uses RSA/ElGamal with its private key to decrypt and recover the session key. • The session key is used to decrypt the message.
Types of Keys • How many keys are used in PGP? • one-time session conventional keys; • public keys; • private keys; • passphrase-based conventional keys (more on this later).
Key Requirements • A means of generating unpredictable session key. • A user must be allowed to have multiple public-key/private-key pairs. • Why? • Each PGP entity must maintain a file of its own public/private key pairs as well as a file of public keys of correspondents.
Session Keys • One-to-one relationship between messages & session keys. • Session keys are random numbers seeded with user’s keystrokes. • Both keystroke timing & the actual keys struck are used. • The conventional algorithm itself is used to derive the random number from input.
A PGP message Differs from that of the book.
Key Rings • Key management has received a large amount of attention in PGP as it is the Achilles heel of all security systems. • PGP provides two types of data structures for key management called Key Ring: Public Key Ring, and Private Key Ring.
Private Key Ring Passphrase is used here Usually email address Must be unique
Public Key Ring Trust
Public Key Management: Trust • The most important issue in public-key systems is how to distribute public keys, preventing man-in-the-middle / masquerade attacks. • This issue becomes a real pain in the neck when the parties don’t know each other, and don’t have physical access to each other. • Traditional approach: Using CAs.
Trust (cont’d) • PRZ didn’t believe in the USG, so he didn’t trust in the USG’s agents (CAs) either. • He introduced a new, government-agnostic approach, called Web of Trust. • While, IMHO, WoT is the most elegant feature of PGP today, it’s also the source of every sin!
Trust (cont’d) • To better understand the WoT, think you are lost in a small city, and want to find somewhere. Note that not all people can be trusted, and you’ll be in danger if you choose the wrong path • As a starting point, suppose you know a few people in the city, each of which knows a few of other citizens, but isn’t informative enough by his own to give you some hints.
Trust (cont’d) • A Trust model consists of two parts: • A set of rule, e.g. : • I will trust everyone’s signature! • I will trust everyone trusted by two distinct persons already trusted by me. • A set of information: • Ali, Mohsen, and Reza are trusted by me; • Mohsen trusts Hassan; • Ali & Reza both trust Hossein.
PGP Trust Model • Each entry in the public-key ring is a public key certificate. • Associated with each entry are zero or more signatures that the key ring owner has collected that sign this certificate. • In turn, each signature has associated with it a signature trust field that indicates the degree to which this PGP user trusts the signer to certify public keys.
PGP Trust Model (cont’d) • An owner trust field indicates the degree to which this public key is trusted to sign other public-key certificates; this level of trust is assigned by the user. • The signature trust can be thought of the cached copy of this field.
PGP Trust Model (cont’d) • The key legitimacy field indicates the extent to which PGP will trust that this is a valid public key for this user; the higher the level of trust, the stronger is the binding of this user ID to this key. This field is computed by PGP. • The key legitimacy field is derived from the collection of signature trust fields in the entry.
Revoking Public Keys • A user may wish to revoke his or her current public key either because compromise is suspected or simply to avoid the use of the same key for an extended period. • The convention for revoking a public key is for the owner to issue a key revocation certificate, signed by the owner. • Any Problem with this approach?
If privacy is outlawed, only outlaws will have privacy. ---Phil Zimmermann