CN-8.ppt

Cryptography and

Cryptography and

Network Security

Network Security

Chapter 15

Chapter 15

Fourth Edition Fourth Edition by William Stallings by William Stallings

Chapter 15 –

Chapter 15 –

Electronic Mail

Electronic Mail

Security

Security

Despite the refusal of VADM Poindexter and LtCol North to Despite the refusal of VADM Poindexter and LtCol North to

appear, the Board's access to other sources of appear, the Board's access to other sources of

information filled much of this gap. The FBI provided information filled much of this gap. The FBI provided

documents taken from the files of the National Security documents taken from the files of the National Security

Advisor and relevant NSC staff members, including Advisor and relevant NSC staff members, including

messages from the PROF system between VADM messages from the PROF system between VADM

Poindexter and LtCol North. The PROF messages were Poindexter and LtCol North. The PROF messages were

conversations by computer, written at the time events conversations by computer, written at the time events occurred and presumed by the writers to be protected occurred and presumed by the writers to be protected

from disclosure. In this sense, they provide a first-hand, from disclosure. In this sense, they provide a first-hand,

contemporaneous account of events. contemporaneous account of events.

—

—The Tower Commission Report to President The Tower Commission Report to President Reagan on the Iran-Contra Affair, 1987

Email Security

Email Security

 email is one of the most widely used and _{email is one of the most widely used and}

regarded network services regarded network services

 currently message contents are not secure _{currently message contents are not secure}

 may be inspected either in transit may be inspected either in transit

 or by suitably privileged users on destination or by suitably privileged users on destination

Email Security Enhancements

Email Security Enhancements

 confidentiality_{confidentiality}

 protection from disclosureprotection from disclosure  authentication_{authentication}

 of sender of messageof sender of message  message integrity_{message integrity}

 protection from modification protection from modification  non-repudiation of origin_{non-repudiation of origin}

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP)

 widely used de facto secure email_{widely used de facto secure email}  developed by Phil Zimmermann_{developed by Phil Zimmermann}

 selected best available crypto algs to use_{selected best available crypto algs to use}  integrated into a single program_{integrated into a single program}

 on Unix, PC, Macintosh and other systems _{on Unix, PC, Macintosh and other systems}  originally free, now also have commercial _{originally free, now also have commercial}

PGP Operation –

PGP Operation –

Authentication

Authentication

1.

1. sender creates messagesender creates message

2.

2. use SHA-1 to generate 160-bit hash of use SHA-1 to generate 160-bit hash of

message message

3.

3. signed hash with RSA using sender's signed hash with RSA using sender's

private key, and is attached to message private key, and is attached to message

4.

4. receiver uses RSA with sender's public receiver uses RSA with sender's public

key to decrypt and recover hash code key to decrypt and recover hash code

5.

5. receiver verifies received message using receiver verifies received message using

hash of it and compares with decrypted hash of it and compares with decrypted

PGP Operation –

PGP Operation –

Confidentiality

Confidentiality

1.

1. sender generates message and 128-bit sender generates message and 128-bit

random number as session key for it

random number as session key for it

2.

2. encrypt message using CAST-128 / IDEA / encrypt message using CAST-128 / IDEA /

3DES in CBC mode with session key

3DES in CBC mode with session key

3.

3. session key encrypted using RSA with session key encrypted using RSA with

recipient's public key, & attached to msg

recipient's public key, & attached to msg

4.

4. receiver uses RSA with private key to receiver uses RSA with private key to

decrypt and recover session key

decrypt and recover session key

5.

PGP Operation – Confidentiality

PGP Operation – Confidentiality

& Authentication

& Authentication

 can use both services on same message_{can use both services on same message}

 create signature & attach to messagecreate signature & attach to message  encrypt both message & signatureencrypt both message & signature

PGP Operation –

PGP Operation –

Compression

Compression

 by default PGP compresses message _{by default PGP compresses message}

after signing but before encrypting after signing but before encrypting

 so can store uncompressed message & so can store uncompressed message &

signature for later verification signature for later verification

PGP Operation – Email

PGP Operation – Email

Compatibility

Compatibility

 when using PGP will have binary data to send _{when using PGP will have binary data to send} (encrypted message etc)

(encrypted message etc)

 however email was designed only for text_{however email was designed only for text}

 hence PGP must encode raw binary data into _{hence PGP must encode raw binary data into} printable ASCII characters

printable ASCII characters  uses radix-64 algorithm_{uses radix-64 algorithm}

 maps 3 bytes to 4 printable charsmaps 3 bytes to 4 printable chars

 also appends a CRCalso appends a CRC

PGP Session Keys

PGP Session Keys

 need a session key for each message_{need a session key for each message}

 of varying sizes: 56-bit DES, 128-bit CAST or of varying sizes: 56-bit DES, 128-bit CAST or

IDEA, 168-bit Triple-DES IDEA, 168-bit Triple-DES

 generated using ANSI X12.17 mode_{generated using ANSI X12.17 mode}

 uses random inputs taken from previous _{uses random inputs taken from previous}

PGP Public & Private Keys

PGP Public & Private Keys

 since many public/private keys may be in use, _{since many public/private keys may be in use,} need to identify which is actually used to encrypt need to identify which is actually used to encrypt

session key in a message session key in a message

 could send full public-key with every messagecould send full public-key with every message

 but this is inefficientbut this is inefficient

 rather use a key identifier based on key_{rather use a key identifier based on key}  is least significant 64-bits of the keyis least significant 64-bits of the key

 will very likely be uniquewill very likely be unique

PGP Key Rings

PGP Key Rings

 each PGP user has a pair of keyrings:_{each PGP user has a pair of keyrings:}

 public-key ring contains all the public-keys of public-key ring contains all the public-keys of

other PGP users known to this user, indexed other PGP users known to this user, indexed

by key ID by key ID

 private-key ring contains the public/private private-key ring contains the public/private

key pair(s) for this user, indexed by key ID & key pair(s) for this user, indexed by key ID &

encrypted keyed from a hashed passphrase encrypted keyed from a hashed passphrase

 security of private keys thus depends on _{security of private keys thus depends on}

PGP Key Management

PGP Key Management

 rather than relying on certificate authorities_{rather than relying on certificate authorities}

 in PGP every user is own CA_{in PGP every user is own CA}

 can sign keys for users they know directlycan sign keys for users they know directly

 forms a “web of trust”_{forms a “web of trust”}

 trust keys have signedtrust keys have signed

 can trust keys others have signed if have a chain of can trust keys others have signed if have a chain of signatures to them

signatures to them

 key ring includes trust indicators_{key ring includes trust indicators}

S/MIME (Secure/Multipurpose

S/MIME (Secure/Multipurpose

Internet Mail Extensions)

Internet Mail Extensions)

 security enhancement to MIME email_{security enhancement to MIME email}

 original Internet RFC822 email was text onlyoriginal Internet RFC822 email was text only  MIME provided support for varying content MIME provided support for varying content

types and multi-part messages types and multi-part messages

 with encoding of binary data to textual formwith encoding of binary data to textual form  S/MIME added security enhancementsS/MIME added security enhancements

 have S/MIME support in many mail agents_{have S/MIME support in many mail agents}

S/MIME Functions

S/MIME Functions

 enveloped data_{enveloped data}

 encrypted content and associated keysencrypted content and associated keys  signed data_{signed data}

 encoded message + signed digestencoded message + signed digest  clear-signed data_{clear-signed data}

 cleartext message + encoded signed digestcleartext message + encoded signed digest  signed & enveloped data_{signed & enveloped data}

S/MIME Cryptographic

S/MIME Cryptographic

Algorithms

Algorithms

 digital signatures: DSS & RSA_{digital signatures: DSS & RSA}  hash functions: SHA-1 & MD5_{hash functions: SHA-1 & MD5}

 session key encryption: ElGamal & RSA_{session key encryption: ElGamal & RSA}  message encryption: AES, Triple-DES, _{message encryption: AES, Triple-DES,}

RC2/40 and others RC2/40 and others

 MAC: HMAC with SHA-1_{MAC: HMAC with SHA-1}

S/MIME Messages

S/MIME Messages

 S/MIME secures _{S/MIME secures} a MIME entity with a _{a MIME entity with a}

signature, encryption, or both signature, encryption, or both

 forming a MIME wrapped PKCS object_{forming a MIME wrapped PKCS object}  have a range of content-types:_{have a range of content-types:}

 enveloped dataenveloped data  signed datasigned data

 clear-signed dataclear-signed data  registration requestregistration request

S/MIME Certificate

S/MIME Certificate

Processing

Processing

 S/MIME uses X.509 v3 certificates_{S/MIME uses X.509 v3 certificates}

 managed using a hybrid of a strict X.509 _{managed using a hybrid of a strict X.509}

CA hierarchy & PGP’s web of trust CA hierarchy & PGP’s web of trust

 each client has a list of trusted CA’s certs_{each client has a list of trusted CA’s certs}  and own public/private key pairs & certs_{and own public/private key pairs & certs}

Certificate Authorities

Certificate Authorities

 have several well-known CA’s_{have several well-known CA’s}

 Verisign one of most widely used_{Verisign one of most widely used}

 Verisign issues several types of Digital IDs_{Verisign issues several types of Digital IDs}  increasing levels of checks & hence trust_{increasing levels of checks & hence trust}

Class

Class Identity ChecksIdentity Checks UsageUsage

1

1 name/email checkname/email check web browsing/emailweb browsing/email 2

2 + enroll/addr check+ enroll/addr check email, subs, s/w email, subs, s/w validate

validate

3

3 + ID documents+ ID documents e-banking/service e-banking/service access

Summary

Summary

 have considered:_{have considered:}

 secure emailsecure email  PGPPGP