1236227.network
-
Upload
sanjaysolankar -
Category
Documents
-
view
3 -
download
0
description
Transcript of 1236227.network
CRYPTOGRAPHY AND INFORMATION SECURITY
Lecturer: Dr. Nguyen Nam Hong
Tel.: 048781437.
Mob.: 0912312816.
Email:
Website:
www.freewebs.com/namhongthanhloc
Chapter 16. Electronic Mail Security
Chapter 16. Electronic Mail Security (1/3) 16.01. Email Security
16.02. Email Security Enhancement
16.03. The Secure Email
16.04. Private Enhanced Mail (PEM)
16.05. PEM Implementation
16.06. PEM Security Services
16.07. PEM Format and Implementation
16.08. Pretty Good Privacy (PGP)
16.09. PGP Origins
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 2 / 32
Chapter 16. Electronic Mail Security (2/3) 16.10. PGP Versions
16.11. Some PGP Versions in Windows
16.12. PGP Authentication
16.13. PGP Confidentials
16.14. PGP Uses
16.15. PGP Compression
16.16. PGP Email Compatibility
16.17. PGP Diagrams
16.18. PGP Session Key
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 3 / 32
Chapter 16. Electronic Mail Security (3/3) 16.19. PGP Public and Private Key
16.20. PGP Key Rings
16.21. PGP Key Management
16.22. S/MIME
16.23. S/MIME Functions
16.24. S/MIME Cryptographic Algorithms
16.25. S/MIME Certificate Processing
16.16. Certificate Authorities
16.27. Summary
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 4 / 32
16.01. Email Security
email is one of the most widely used and regarded network services
currently message contents are not secure
may be inspected either in transit
or by suitably privileged users on destination system
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 5 / 32
16.02. Email Security Enhancements
confidentiality
protection from disclosure
authentication
of sender of message
message integrity
protection from modification
non-repudiation of origin
protection from denial by sender
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 6 / 32
16.03. The secure e-mail • On open systems as in the case of the Internet, the secure email is achieved through the plataform S/MIME which means Secure Multipurpose Internet Mail Extensions. • In the beginning of the 90´s two systems or applications of secure email appear: PEM: Private Enhanced Mail PGP: Pretty Good Privacy • From both, PGP has been the one that became an standard for secure e-mail clients on closed environments. • Therefore we'll see only some of the generic aspects of PEM and we will analyze PGP in deeply.
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 7 / 32
It is a proposal of the IETF Internet Engineering Task Force in 1985. The technic document is published in 1993.
The technic specifications are in RFCs Request For Comments numbers 1421, 1422, 1423 and 1424.
It used to link to protocol SMTP Simple Mail Internet Protocol.
Encryption of the information: DES in CBC mode. Generation and key management: RSA from 508
to 1024 bits. Structure of certificates as per the X.509 rule.
Session key: DES in CBC mode, TripleDES-EDE. Digital signature: RSA, MD2, MD5.
16.04. Private Enhanced Mail (PEM)
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 8 / 32
• It is compatible with other engineering models like, for example, X.400.
• PEM is implemented at the application level: • It is independent from the protocols of the OSI
levels or from lower TCP/IP levels. • It is independent from the operative systems
or from the computer. • It can be implemented as an independent module
that works with the common email client for the user.
16.05. PEM Implementation
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 9 / 32
Security services contemplated: Source authentication. Confidentiality. Integrity of the message. Non repudiation of the source when key
management with asymmetric key algorithm is used.
Security services not contemplated: Access control. Confidentiality in the traffic of the messages. Non repudiation of the message by the
receiver.
16.06. PEM Security Services
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 10 / 32
TIS/PEM
UNIX Plataforms UNIX. Trusted
Information System. Source code
available for citizens or companies
from USA or Canada. It uses a
hierarchy of multilple certification.
RIPEM
It implements part of the PEM
protocols
without certificates for keys
authentication. Free for non
commercial applications. Export
forbidden out of the United States.
There are versions utilized all over
the world.
16.07. PEM Format and Implementation
Header of the E-mail Service
(Headers of RFC822)
Encapsuled header Fields related to authentication,
integrity and confidentiality
Encapsuled text
User's message with some optional
fields
Blank line
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 11 / 32
16.08. Pretty Good Privacy (PGP)
widely used de facto secure email
developed by Phil Zimmermann
selected best available crypto algs to use
integrated into a single program
available on Unix, PC, Macintosh and Amiga systems
originally free, now have commercial versions available also
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 12 / 32
Philip Zimmermann publishes the version 1.0 of PGP in 1991 with minimum requirements of hardware and software.
In 1992 appears version 2.0 on which programmers from all over the world participate. Its code it's written out of USA to avoid the restrictive laws regarding cryptographyc software and its legal problems.
In 1993 version 2.3a appears that is very popular on FTP sites and valid for several platforms of operative systems.
In 1994 the Massachusetts Institute of Technology MIT participates on the project and versions 2.4, 2.5 and 2.6 appear.
Version 2.6.3i is popularized globally.
16.09. PGP Origins
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 13 / 32
• Though there is more than a software offer for secure mail besides the PGP program, this became an standard in fact.
• Although the last versions of the program oriented to Windows environments present high capability, the basic operations continue being the same as in knowing version 2.6.3i.
• The new PGP versions on the Windows environment change very fast therefore it is very difficult to have up-to-date notes permanently.
16.10. PGP versions
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 14 / 32
16.11. Some PGP versions in Windows
PGP 6.5.1 PGP 7.0.3
From version 5.0 to the current ones (versions 8.0 and next) the local
encryption schemes, asymmetric cipher and digital signature have changed
very little though they present bigger capabilities. Nevertheless, remember
that some capabilities will only be activated on commercial versions.
We will see some operations from these three versions on detail. Remember, besides, that version 7.0.3 has not published its code.
PGP 8.0
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 15 / 32
16.12. PGP Authentication
1. sender creates a message 2. SHA-1 used to generate 160-bit hash code of
message 3. hash code is encrypted with RSA using the
sender's private key, and result is attached to message
4. receiver uses RSA or DSS with sender's public key to decrypt and recover hash code
5. receiver generates new hash code for message and compares with decrypted hash code, if match, message is accepted as authentic
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 16 / 32
16.13. PGP Confidentiality
1. sender generates message and random 128-bit number to be used as session key for this message only
2. message is encrypted, using CAST-128 / IDEA/3DES with session key
3. session key is encrypted using RSA with recipient's public key, then attached to message
4. receiver uses RSA with its private key to decrypt and recover session key
5. session key is used to decrypt message
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 17 / 32
16.14. PGP Uses
uses both services on same message
create signature & attach to message
encrypt both message & signature
attach RSA encrypted session key
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 18 / 32
16.15. PGP Compression
by default PGP compresses message after signing but before encrypting
so can store uncompressed message & signature for later verification
& because compression is non deterministic
uses ZIP compression algorithm
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 19 / 32
16.16. PGP Email Compatibility
when using PGP will have binary data to send (encrypted message etc)
however email was designed only for text
hence PGP must encode raw binary data into printable ASCII characters
uses radix-64 algorithm
maps 3 bytes to 4 printable chars
also appends a CRC
PGP also segments messages if too big
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 20 / 32
16.18. PGP Session Keys
need a session key for each message
of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES
generated using ANSI X12.17 mode
uses random inputs taken from previous uses and from keystroke timing of user
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 22 / 32
16.19. PGP Public & Private Keys
since many public/private keys may be in use, need to identify which is actually used to encrypt session key in a message
could send full public-key with every message
but this is inefficient
rather use a key identifier based on key
is least significant 64-bits of the key
will very likely be unique
also use key ID in signatures
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 23 / 32
16.20. PGP Key Rings
each PGP user has a pair of key rings:
public-key ring contains all the public-keys of other PGP users known to this user, indexed by key ID
private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted keyed from a hashed passphrase
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 24 / 32
16.21. PGP Key Management
rather than relying on certificate authorities
in PGP every user is own CA
can sign keys for users they know directly
forms a “web of trust”
trust keys have signed
can trust keys others have signed if have a chain of signatures to them
key ring includes trust indicators
users can also revoke their keys
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 25 / 32
16.22. S/MIME (1/2) S/MIME: Secure Multipurpose Internet Mail Extensions Unlike the standard PGP, that is based on the trust among users, S/MIME uses digital certificates X.509 brought by a Certification Authority that the e-mail clients must recognized as such. It will add encryption and signature services on the e-mail clients (Outlook Express, Netscape Messenger, ...) in MIME format. It creates such an envelope on which the data are embedded encrypted and/or signed.
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 26 / 32
16.22. S/MIME (2/2) It uses platforms of standards PKCS (Public-
Key Cryptography Standards).
security enhancement to MIME email
original Internet RFC822 email was text only
MIME provided support for varying content types and multi-part messages
with encoding of binary data to textual form
S/MIME added security enhancements
have S/MIME support in various modern mail agents: MS Outlook, Netscape etc
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 27 / 32
16.23. S/MIME Functions
enveloped data
encrypted content and associated keys
encoded signed data
message + signed digest
clear-signed data
cleartext message + encoded signed digest
signed & enveloped data
nesting of signed & encrypted entities
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 28 / 32
16.24. S/MIME Cryptographic Algorithms
hash functions: SHA-1 & MD5
digital signatures: DSS & RSA
session key encryption: ElGamal & RSA
message encryption: Triple-DES, RC2/40 and others
have a procedure to decide which algorithms to use
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 29 / 32
16.25. S/MIME Certificate Processing
S/MIME uses X.509 v3 certificates
managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust
each client has a list of trusted CA’s certs
and own public/private key pairs & certs
certificates must be signed by trusted CA’s
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 30 / 32
16.26. Certificate Authorities
have several well-known CA’s
Verisign one of most widely used
Verisign issues several types of Digital IDs
with increasing levels of checks & hence trust
Class Identity Checks Usage
1 name/email check web browsing/email
2+ enroll/addr check email, subs, s/w valid.
3+ ID documents e-banking/service access
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 31 / 32