Scribd
Upload
29 views9 pages

NSP Module 2 PGP Only

Uploaded by

Arsha Anish
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views9 pages

NSP Module 2 PGP Only

Uploaded by

Arsha Anish
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

lOMoARcPSD|11981922

NSP Module 2-PGP only

Network Security Protocol (APJ Abdul Kalam Technological University)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university


Downloaded by Arsha Anish ([email protected])
lOMoARcPSD|11981922

Module 2
Email Security- PGP and S/MIME
• Email is one of the most widely used and regarded network services
• Currently message contents are not secure
– may be inspected either in transit
– or by suitably privileged users on destination system

Email Security Enhancements

• Confidentiality
– protection from disclosure
• Authentication
– of sender of message
• Message integrity
– protection from modification
• Non-repudiation of origin
– protection from denial by sender
Email Security

• There are two main schemes which are especially designed to provide confidentiality and
authentication for electronic mail systems.
• These are:
1 Pretty good privacy (PGP)
2 Secure/Multipurpose Internet Mail Extension (S/MIME)

Pretty Good Privacy (PGP)


• Developed by Phil Zimmerman
• Documentation and source code is freely available.
• The package is independent of operating system and processor.
PGP offers 5 services:

• Authentication – Digital signature


• Confidentiality - Symmetric block encryption
• Compression - ZIP – algorithm
• E-mail compatibility - Radix 64 encoding scheme
• Segmentation & Reassembly
1. PGP – Authentication

Digital signature service provided by PGP

a. Sender creates message


b. Use SHA-1 to generate 160-bit hash of message
c. Signed hash with RSA using sender's private key, and is attached to message
d. Receiver uses RSA with sender's public key to decrypt and recover hash code
e. Receiver verifies received message using hash of it and compares with decrypted
hash code

Downloaded by Arsha Anish ([email protected])


lOMoARcPSD|11981922

2. PGP – Confidentiality

Achieved by encrypting the message

Main steps here are

a. Sender generates message and 128-bit random number as session key for it
b. Encrypt message using CAST-128 / IDEA / 3DES with session key
c. Session key encrypted using RSA with recipient's public key and attached to message
d. Receiver uses RSA with private key to decrypt and recover session key
e. Session key is used to decrypt message
3. PGP – Confidentiality & Authentication
• Can use both services on same message
1. Create signature & attach to message
2. Encrypt both message & signature
3. Attach RSA/ElGamal encrypted session key
• Plaintext message and signature are encrypted by using CAST-128/IDEA/3-DES. And session
key encrypted using RSA

4. PGP – Compression
• By default PGP compresses message after signing but before encrypting
– It stores uncompressed message & signature for later verification
– Algorithm is non deterministic
• Message encryption applied after compression to strengthen security, compressed message
are less redundant than plain text
• Uses ZIP compression algorithm

5. PGP – Email Compatibility


 A part of the message is encrypted in PGP
 Part of the message consists of a stream of arbitrary 8-bit octets
 Many e-mail systems permit only the use of blocks consisting of ASCII text

• PGP provides service of converting raw 8-bit binary stream to a stream of printable ASCII
characters
• Each group of three octets of binary data is mapped into 4 ASCII characters
• The scheme used is radix-64 conversion
• On receiver side, the incoming block is first converted back to 8-bit octet binary format
• Printable Encoding of binary data into radix-64 format

Downloaded by Arsha Anish ([email protected])


lOMoARcPSD|11981922

6. PGP – Segmentation & Reassembly

• E-mail systems often restricted the maximum message length to 50,000 octets

• Longer messages must be broken up into smaller segments

• Each segment is mailed separately

• PGP automatically subdivides a large message into segments

• The receiver strips o all e-mail headers and reassemble the block

Generic Transmission and Reception in PGP

Downloaded by Arsha Anish ([email protected])


lOMoARcPSD|11981922

PGP Notation
𝐾 = session key used in symmetric encryption scheme

𝑃𝑅 = private key of user A, used in public-key encryption scheme

𝑃𝑈 = public key of user A, used in public-key encryption scheme

EP = public-key encryption

DP = public-key decryption

EC = symmetric encryption

DC = symmetric decryption

H = hash function

|| = concatenation

Z = compression using ZIP algorithm

R64 = conversion to radix 64 ASCII format1

Downloaded by Arsha Anish ([email protected])


lOMoARcPSD|11981922

Steps Performed by Sending PGP Entity

1. Signing the Message.

 PGP retrieves the senders private key from the private key ring using your’_user ID as an
index

 PGP asks the user for the passphrase, to recover the unencrypted private key

 Signature component of the message is then constructed

2. Encrypting the Message :

 PGP generates a session key & encrypts the message

 PGP retrieves the recipients public key from the public key ring using her_ userID as an index

 The session key component of the message is then constructed

Steps Performed by Receiving PGP Entity

1. Decrypting The Message :

 PGP retrieves receivers private key from the private key ring using the key ID field in the
session key component.

 PGP asks the user for the passphrase to recover unencrypted private key.

 PGP then recovers the session key & decrypts the message.

2. Authenticating the Message :

 PGP retrieves senders public key from public key ring using the keyID field in the signature
key component of the message as an index.

 PGP recovers the transmitted message digest.

 PGP computes the message digest for the received message & compares it to the
transmitted message digests to authenticate.

PGP – Cryptographic Keys


• PGP make use of four type of keys :

1. One time session symmetric key

2. Public key

3. Private key

4. Passphrase based symmetric key

PGP – Session Keys

Downloaded by Arsha Anish ([email protected])


lOMoARcPSD|11981922

• Each session key is associated with a single message and is used only for the purpose of
encrypting and decrypting that message.

• Need a session key for each message of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-
bit Triple-DES

• The plaintext input to random number generator consist of two 64-bit blocks, it is derived
from stream of 128-bit randomized numbers

• Random inputs taken from

-Actual keys hit

-Keystroke timing of a user

PGP Keys Identifiers


• Since many public/private keys may be in use, need to identify which is actually used to
encrypt session key in a message

– Could send full public-key with every message

– But this is inefficient

• Rather use a key identifier based on key


– Is least significant 64-bits of the key
– Will very likely be unique
• Also use key ID in signatures

 2 -key ID’s are used in any PGP message that provides Authentication & Confidentiality

 These keys needs to be stored and organized in a systematic way for efficient & efficient use
by all parties

 PGP provides a pair of data structures at each node :-

 1-to store public/private key pairs owned by that node

 1-to store public keys of other users known at this node

PGP Key Rings


• Each PGP user has a pair of keyrings:

– Public-key ring : contains all the public-keys of other PGP users known to this user,
indexed by key ID

– Private-key ring : contains the public/private key pair(s) for this user, indexed by key
ID & encrypted key from a hashed passphrase

• Security of private keys thus depends on the pass-phrase security

Private Key Ring


• Each row of the table represents one public/private key pair owned by the user.

• Timestamp: the date/time when this key pair was generated.

Downloaded by Arsha Anish ([email protected])


lOMoARcPSD|11981922

• Key Id: The least significant 64 bits of the public key (for this entry).

• Public key: public key portion of the pair in this row.

• Private key: Encrypted private key for this pair.

• User Id: User may have a different name with each pair. (may use the same id more than
once.)

 Private key should be securely stored.

 ie, private key is not stored directly in private key ring.

 Private key encypted using CAST- 128 & then stored in key ring.

CAST – 128 procedure

1. Users selects a password to be used for encrypting private keys.

2. When system generates a new public/private key pair, it asks the user for a passphrase.

3. Using SHA-1, a 160 bit hash code is generated from the password. //password
discarded//

4. System encrypts the private key using 128 bits of the hash as the key. //hash code is
then discarded//

5. Encrypted private key stored in ring.

Accessing a private key:

> User must supply the passphrase(password).

> PGP will retrieve encrypted private key

> PGP generates the hash code of passphrase.

> Decrypts the encrypted private key using CAST-128 (with the hash code)

>Security depends upon the security of the password.

Public Key Ring

Downloaded by Arsha Anish ([email protected])


lOMoARcPSD|11981922

• Stores the public keys of other users known to this user.

• User Id : Owner of this key. (A key may have multiple owners.)

• Timestamp: date/time at which this entry was generated.

• Key ID: The least significant 64 bits of the public key (for this entry).

• Public key: public key for this entry.

Downloaded by Arsha Anish ([email protected])

You might also like