SlideShare a Scribd company logo

Secure Email with PGP

davidepiccardi
davidepiccardi

The document discusses using PGP (Pretty Good Privacy) for securing email. It covers the history and versions of PGP, how PGP provides security through confidentiality, authentication, and key management. It also discusses challenges with identity verification using the Web of Trust model and how PGP supports encrypting messages to multiple recipients. Finally, it outlines some open-source PGP clients that can be used with email programs like Thunderbird, Firefox, and Gmail.

Engineering
1 of 18
Download to read offline
Using PGP for securing the e-mail Davide Piccardi
Using PGP for securing the e-mail 2 Topics Introduction: History, Versions. PGP: Description, Confidentiality, Authentication , Confidentiality and Authentication, Key management, Keys exchange. Web Of Trust: Identity problem, Definition, Idea, Disadvantages and attacks, How use PGP without WoT. Multiple recipients: Hybrid encryption, Two recipients, Mailing list. Open-source clients 10/06/2017
Using PGP for securing the e-mail 3 Introduction: History of PGP “Pretty Good Privacy” first version by Phil Zimmermann in 1991. Based on a symmetric-key algorithm and released as a freeware software. For that, Zimmermann target of a three-year criminal investigation. Despite several problems, PGP became the most widely used email encryption software in the world. Zimmermann founded PGP Inc in 1996 from which follows a new version of the software called PGP 3. In 1997 company acquired by Network Associates Inc (NAI). In 2002, NAI discontinued development and sales of PGP, and sold the rights to a new company, PGP Corporation. In 2010 Symantec Corp. acquired PGP. 10/06/2017
Using PGP for securing the e-mail 4 Introduction: Versions PGP is a proprietary encryption solution, and the rights to its software are owned by Symantec. OpenPGP is the IETF-approved standard that describes encryption technologies. GnuPG is a solution that follows the OpenPGP standards to provide an interface for end users to easily encrypt their files. 10/06/2017
Using PGP for securing the e-mail 5 PGP: Security features Confidentiality: to make message contents private Authentication: to determine whether a message is sent by the person or entity claimed to be the sender Message integrity: to keep a message unchanged in the sense that a user can verify if it has been tampered during transmission. 10/06/2017 Non-repudiation: to prevent a person from denying that he is the sender of the message.
Using PGP for securing the e-mail 6 PGP: Confidentiality Combination of symmetric and asymmetric cryptography. The symmetric one uses a 128 bit random session key to encrypt/decrypt the message The asymmetric one uses the public/private keys of the receiver to encrypt/decrypt the session key mentioned before. 10/06/2017
Using PGP for securing the e-mail 7 PGP: Authentication Classical scheme of digital signatures which consists of hashes and “inverse” asymmetric cryptography: encryption process with the private key of the sender and decryption with public key of the sender. Not to provide confidentiality but sent together the plaintext to guarantee authentication, data integrity and non-repudiation. 10/06/2017
Using PGP for securing the e-mail 8 PGP: Confidentiality and Authentication Sender side: authentication then confidentiality. Receiver side: confidentiality then authentication. Note: also the signature encrypted, compression after signing. 10/06/2017
Using PGP for securing the e-mail 9 PGP: Key management A keypair (pair of public and private keys) is needed to perform the operations seen before. User can have some different keypairs, we need a way to identify which of these is used. For confidentiality we specify which public key of the recipient is used to encrypt the session key. For authentication we need to specify which personal private key is used to produce the signature. Key ID = least significant 64 bits of the key. Public keyring contains the public keys (of other users) known to the user. Private keyring contains personal keypairs indexed by Key ID and encrypted with a passphrase 10/06/2017 Key Exchange: key parties: event at which people present their public keys to others in person keyservers: special Internet servers designed specifically for handling and sharing PGP keys email: it is possible to attach a public key directly on an email.
Using PGP for securing the e-mail 10 WoT: Definition PGP security features are strictly related to the concept of identity: How do you tie a real world identity to the keypair? Web of Trust: responsibility for identity verification to users. As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys. The operation to the base of the web of trust is the signature of the key. Signing someone else’s key means saying publicly that we have identified this person and we are satisfied that his identity matches the identity provided with his public key. 10/06/2017
Using PGP for securing the e-mail 11 WoT: Idea Hal is signed by Alice and Bob whom are both partially trusted therefore Hal is valid. Gil is signed by Alice and by another unknown signer. The latter is considered neither partially trusted therefore Gil has a score less than two then it is not valid. Phil is signed by Ken and Jon but it is valid only because Jon is fully trusted. 10/06/2017 nodes = keys in a keyring arrows = certification signature grey node = valid key white node= not valid key single circle = partially trusted introducer double circle = fully trusted introducer question marks = keys which don’t belong to the keyring A —> B = A has signed or certified B’s key
Using PGP for securing the e-mail 12 WoT: Disadvantages and attacks Loss of keys: who lost private key can no longer decrypt messages sent to them by using the corresponding public key. Solution: expiry dates or designated revokers. Possible slow start: it may take a long time before reaching an adequate level of trust or sometimes can be difficult to readily find someone to sign a new certificate. Solution: key signing parties. Small world phenomenon: all complex networks present in nature are such that two nodes can be linked by a path consisting of a relatively small number of links. This is not enough because in order to state that a key is valid is also necessary that each person of that chain is honest and competent about signing keys. Attack a keyserver: Denial-Of-Service, compromised by an attacker that could change some public key to perform a MITM or could insert on the server a lot of keys similar to a target key in order to make difficult the search of it. Data mining: same risks we have whenever we release personal information on internet. Emails good for spammers. By analyzing available data an attacker could identify groups of users who share goals or interests. 10/06/2017
Using PGP for securing the e-mail 13 Multiple recipients: Hybrid encryption PGP uses the hybrid encryption seen before instead of encrypt the message directly with the public key of the recipient. RSA encryption and decryption are fast, but not very fast. RSA enlarges your data. RSA encrypts only messages with a limited size. Hybrid encryption allows for efficient multi recipient data. 10/06/2017
Using PGP for securing the e-mail 14 Multiple recipients: Two recipients PGP will perform the same steps described in the previous section but this time the output is composed by: Encrypted signature and message. Session key encrypted with Alice’s public key. Session key encrypted with Bob’s public key. Header containing the key IDs and user IDs of Alice and Bob. Alice and Bob are the two recipients. Message is also encrypted with sender’s public key. All recipients receive the same header. Reduced output’s size. 10/06/2017
Using PGP for securing the e-mail 15 WoT: Mailing lists Problem: PGP does not provide a direct management of mailing lists. Objective: encrypt messages’ content in such a way that all mailing lists members can: read it, post without loosing confidentiality, prove their membership to mailing list and their personal identity to other members. Assumptions: every user knows other members’ public key and all of them are part of a Google group. Idea: create and use a common keypair. Implementation: Configure Google groups to send messages to all members when there is a new post. Choose a group leader who creates a new keypair and then sends it to all group’s member by using PGP. Each member encrypts their posts with group’s public key, signs them with his private key, and decrypts them locally with group’s private key. Advantages: limited complexity, new users have full access, stronger signatures. Disadvantages: group’s leader needed, exiting users can continue decrypting messages. 10/06/2017
Using PGP for securing the e-mail 16 Open-source clients 10/06/2017 Mozilla Thunderbird + GnuPG + Enigmail Open-source client for Windows, Mac OS, Linux Mozilla Thunderbird is a free, open source, cross-platform email, news, RSS, and chat client developed by the Mozilla Foundation. Enigmail is an extension for Thunderbird and other Mozilla-based mail clients. It allows you to encrypt and digitally sign emails using the OpenPGP standard. GnuPG is a complete and free implementation of the OpenPGP standard. It allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories.
Using PGP for securing the e-mail 17 Open-source clients 10/06/2017 Firefox + Gmail + Mailvelope Web mail browser based for Windows, Mac OS, Linux Mozilla Firefox is a free and open-source web browser developed by the Mozilla Foundation. Gmail is a free, advertising-supported email service developed by Google.. Mailvelope is a free software for end-to-end encryption of email traffic inside of a web browser that integrates itself into existing webmail applications. It can be used to encrypt and sign electronic messages, including attached files, without the use of a separate, native email client using the OpenPGP standard.
Using PGP for securing the e-mail 18 Open-source clients 10/06/2017 OpenKeychain + Gmail Android OpenKeychain helps you to communicate more privately and securely. It uses encryption to ensure that your messages can be read only by the people you send them to, others can send you messages that only you can read, and these messages can be digitally signed so the people getting them are sure who sent them. OpenKeychain is based on the well established OpenPGP standard making encryption compatible across your devices and systems.

Recommended

Key distribution code.ppt
Key distribution code.pptKey distribution code.ppt
Key distribution code.pptPrabhat Kumar
 
Cloud Cryptography
Cloud CryptographyCloud Cryptography
Cloud Cryptographyijtsrd
 
Chapter 01
Chapter 01Chapter 01
Chapter 01nathanurag
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 

Recommended

Key distribution code.ppt
Key distribution code.pptKey distribution code.ppt
Key distribution code.pptPrabhat Kumar
 
Cloud Cryptography
Cloud CryptographyCloud Cryptography
Cloud Cryptographyijtsrd
 
Chapter 01
Chapter 01Chapter 01
Chapter 01nathanurag
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
Encryption and Key Distribution Methods
Encryption and Key Distribution MethodsEncryption and Key Distribution Methods
Encryption and Key Distribution MethodsGulcin Yildirim Jelinek
 
Brute Forcing
Brute ForcingBrute Forcing
Brute Forcingn|u - The Open Security Community
 
RSA
RSARSA
RSAbansidhar11
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Jishnu Pradeep
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa CrptosystemAmlan Patel
 
Block ciphers & public key cryptography
Block ciphers & public key cryptographyBlock ciphers & public key cryptography
Block ciphers & public key cryptographyRAMPRAKASHT1
 
Cryptography
CryptographyCryptography
CryptographyRutuja Solkar
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud EncryptionRituparnaNag
 
Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 
Cloud Security Mechanisms
Cloud Security MechanismsCloud Security Mechanisms
Cloud Security MechanismsMohammed Sajjad Ali
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Anas Rock
 
Network Security & Cryptography
Network Security & CryptographyNetwork Security & Cryptography
Network Security & CryptographyDr. Himanshu Gupta
 
Homomorphic encryption
Homomorphic encryptionHomomorphic encryption
Homomorphic encryptionCysinfo Cyber Security Community
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptxuthayakumar174828
 
Cloud Mashup
Cloud MashupCloud Mashup
Cloud MashupVasco Elvas
 
PGP.ppt
PGP.pptPGP.ppt
PGP.pptssuserec53e73
 
Digital Certified Mail
Digital Certified MailDigital Certified Mail
Digital Certified MailMatthew Chang
 

More Related Content

What's hot

Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Jishnu Pradeep
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Block ciphers & public key cryptography
Block ciphers & public key cryptographyBlock ciphers & public key cryptography
Block ciphers & public key cryptographyRAMPRAKASHT1
 
Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Anas Rock
 
Network Security & Cryptography
Network Security & CryptographyNetwork Security & Cryptography
Network Security & CryptographyDr. Himanshu Gupta
 

What's hot (20)

Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication Application
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 
Encryption and Key Distribution Methods
Encryption and Key Distribution MethodsEncryption and Key Distribution Methods
Encryption and Key Distribution Methods
 
Brute Forcing
Brute ForcingBrute Forcing
Brute Forcing
 
RSA
RSARSA
RSA
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa Crptosystem
 
Block ciphers & public key cryptography
Block ciphers & public key cryptographyBlock ciphers & public key cryptography
Block ciphers & public key cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
Cryptography
CryptographyCryptography
Cryptography
 
Cloud Security Mechanisms
Cloud Security MechanismsCloud Security Mechanisms
Cloud Security Mechanisms
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)
 
Network Security & Cryptography
Network Security & CryptographyNetwork Security & Cryptography
Network Security & Cryptography
 
Homomorphic encryption
Homomorphic encryptionHomomorphic encryption
Homomorphic encryption
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
 
Cloud Mashup
Cloud MashupCloud Mashup
Cloud Mashup
 

Similar to Secure Email with PGP

Digital Certified Mail
Digital Certified MailDigital Certified Mail
Digital Certified MailMatthew Chang
 
computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptjayaprasanna10
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGPauremoser
 
Cyber public key cryptography
Cyber public key cryptographyCyber public key cryptography
Cyber public key cryptographyGopika Babu
 
YosefGamble_Writing_Sample_Email_Security
YosefGamble_Writing_Sample_Email_SecurityYosefGamble_Writing_Sample_Email_Security
YosefGamble_Writing_Sample_Email_SecurityYosef Gamble
 
Top 10 Secure Email Providers to Consider in 2022
Top 10 Secure Email Providers to Consider in 2022Top 10 Secure Email Providers to Consider in 2022
Top 10 Secure Email Providers to Consider in 2022Temok IT Services
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxprateekPallav2
 
Non-Transferable Signatures with PGP
Non-Transferable Signatures with PGPNon-Transferable Signatures with PGP
Non-Transferable Signatures with PGPblogzilla
 
Network and information security
Network and information securityNetwork and information security
Network and information securityrithika858339
 
Email security
Email securityEmail security
Email securitySultanErbo
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the emailGianni Fiore
 
What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSCAdv Prashant Mali
 

Similar to Secure Email with PGP (20)

PGP.ppt
PGP.pptPGP.ppt
PGP.ppt
 
Digital Certified Mail
Digital Certified MailDigital Certified Mail
Digital Certified Mail
 
Pgp
PgpPgp
Pgp
 
computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.ppt
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGP
 
Cyber public key cryptography
Cyber public key cryptographyCyber public key cryptography
Cyber public key cryptography
 
YosefGamble_Writing_Sample_Email_Security
YosefGamble_Writing_Sample_Email_SecurityYosefGamble_Writing_Sample_Email_Security
YosefGamble_Writing_Sample_Email_Security
 
Unit 4
Unit 4Unit 4
Unit 4
 
Pgp
PgpPgp
Pgp
 
Top 10 Secure Email Providers to Consider in 2022
Top 10 Secure Email Providers to Consider in 2022Top 10 Secure Email Providers to Consider in 2022
Top 10 Secure Email Providers to Consider in 2022
 
Ch15
Ch15Ch15
Ch15
 
Pgp
PgpPgp
Pgp
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptx
 
Network Security CS2
Network Security CS2Network Security CS2
Network Security CS2
 
Non-Transferable Signatures with PGP
Non-Transferable Signatures with PGPNon-Transferable Signatures with PGP
Non-Transferable Signatures with PGP
 
pgp.ppt.pptx
pgp.ppt.pptxpgp.ppt.pptx
pgp.ppt.pptx
 
Network and information security
Network and information securityNetwork and information security
Network and information security
 
Email security
Email securityEmail security
Email security
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the email
 
What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSC
 

Recently uploaded

Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...Call Girls in Nagpur High Profile
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 

Recently uploaded (20)

Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...
High Profile Call Girls Nashik Megha 7001305949 Independent Escort Service Na...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 

Secure Email with PGP

  • 1. Using PGP for securing the e-mail Davide Piccardi
  • 2. Using PGP for securing the e-mail 2 Topics Introduction: History, Versions. PGP: Description, Confidentiality, Authentication , Confidentiality and Authentication, Key management, Keys exchange. Web Of Trust: Identity problem, Definition, Idea, Disadvantages and attacks, How use PGP without WoT. Multiple recipients: Hybrid encryption, Two recipients, Mailing list. Open-source clients 10/06/2017
  • 3. Using PGP for securing the e-mail 3 Introduction: History of PGP “Pretty Good Privacy” first version by Phil Zimmermann in 1991. Based on a symmetric-key algorithm and released as a freeware software. For that, Zimmermann target of a three-year criminal investigation. Despite several problems, PGP became the most widely used email encryption software in the world. Zimmermann founded PGP Inc in 1996 from which follows a new version of the software called PGP 3. In 1997 company acquired by Network Associates Inc (NAI). In 2002, NAI discontinued development and sales of PGP, and sold the rights to a new company, PGP Corporation. In 2010 Symantec Corp. acquired PGP. 10/06/2017
  • 4. Using PGP for securing the e-mail 4 Introduction: Versions PGP is a proprietary encryption solution, and the rights to its software are owned by Symantec. OpenPGP is the IETF-approved standard that describes encryption technologies. GnuPG is a solution that follows the OpenPGP standards to provide an interface for end users to easily encrypt their files. 10/06/2017
  • 5. Using PGP for securing the e-mail 5 PGP: Security features Confidentiality: to make message contents private Authentication: to determine whether a message is sent by the person or entity claimed to be the sender Message integrity: to keep a message unchanged in the sense that a user can verify if it has been tampered during transmission. 10/06/2017 Non-repudiation: to prevent a person from denying that he is the sender of the message.
  • 6. Using PGP for securing the e-mail 6 PGP: Confidentiality Combination of symmetric and asymmetric cryptography. The symmetric one uses a 128 bit random session key to encrypt/decrypt the message The asymmetric one uses the public/private keys of the receiver to encrypt/decrypt the session key mentioned before. 10/06/2017
  • 7. Using PGP for securing the e-mail 7 PGP: Authentication Classical scheme of digital signatures which consists of hashes and “inverse” asymmetric cryptography: encryption process with the private key of the sender and decryption with public key of the sender. Not to provide confidentiality but sent together the plaintext to guarantee authentication, data integrity and non-repudiation. 10/06/2017
  • 8. Using PGP for securing the e-mail 8 PGP: Confidentiality and Authentication Sender side: authentication then confidentiality. Receiver side: confidentiality then authentication. Note: also the signature encrypted, compression after signing. 10/06/2017
  • 9. Using PGP for securing the e-mail 9 PGP: Key management A keypair (pair of public and private keys) is needed to perform the operations seen before. User can have some different keypairs, we need a way to identify which of these is used. For confidentiality we specify which public key of the recipient is used to encrypt the session key. For authentication we need to specify which personal private key is used to produce the signature. Key ID = least significant 64 bits of the key. Public keyring contains the public keys (of other users) known to the user. Private keyring contains personal keypairs indexed by Key ID and encrypted with a passphrase 10/06/2017 Key Exchange: key parties: event at which people present their public keys to others in person keyservers: special Internet servers designed specifically for handling and sharing PGP keys email: it is possible to attach a public key directly on an email.
  • 10. Using PGP for securing the e-mail 10 WoT: Definition PGP security features are strictly related to the concept of identity: How do you tie a real world identity to the keypair? Web of Trust: responsibility for identity verification to users. As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys. The operation to the base of the web of trust is the signature of the key. Signing someone else’s key means saying publicly that we have identified this person and we are satisfied that his identity matches the identity provided with his public key. 10/06/2017
  • 11. Using PGP for securing the e-mail 11 WoT: Idea Hal is signed by Alice and Bob whom are both partially trusted therefore Hal is valid. Gil is signed by Alice and by another unknown signer. The latter is considered neither partially trusted therefore Gil has a score less than two then it is not valid. Phil is signed by Ken and Jon but it is valid only because Jon is fully trusted. 10/06/2017 nodes = keys in a keyring arrows = certification signature grey node = valid key white node= not valid key single circle = partially trusted introducer double circle = fully trusted introducer question marks = keys which don’t belong to the keyring A —> B = A has signed or certified B’s key
  • 12. Using PGP for securing the e-mail 12 WoT: Disadvantages and attacks Loss of keys: who lost private key can no longer decrypt messages sent to them by using the corresponding public key. Solution: expiry dates or designated revokers. Possible slow start: it may take a long time before reaching an adequate level of trust or sometimes can be difficult to readily find someone to sign a new certificate. Solution: key signing parties. Small world phenomenon: all complex networks present in nature are such that two nodes can be linked by a path consisting of a relatively small number of links. This is not enough because in order to state that a key is valid is also necessary that each person of that chain is honest and competent about signing keys. Attack a keyserver: Denial-Of-Service, compromised by an attacker that could change some public key to perform a MITM or could insert on the server a lot of keys similar to a target key in order to make difficult the search of it. Data mining: same risks we have whenever we release personal information on internet. Emails good for spammers. By analyzing available data an attacker could identify groups of users who share goals or interests. 10/06/2017
  • 13. Using PGP for securing the e-mail 13 Multiple recipients: Hybrid encryption PGP uses the hybrid encryption seen before instead of encrypt the message directly with the public key of the recipient. RSA encryption and decryption are fast, but not very fast. RSA enlarges your data. RSA encrypts only messages with a limited size. Hybrid encryption allows for efficient multi recipient data. 10/06/2017
  • 14. Using PGP for securing the e-mail 14 Multiple recipients: Two recipients PGP will perform the same steps described in the previous section but this time the output is composed by: Encrypted signature and message. Session key encrypted with Alice’s public key. Session key encrypted with Bob’s public key. Header containing the key IDs and user IDs of Alice and Bob. Alice and Bob are the two recipients. Message is also encrypted with sender’s public key. All recipients receive the same header. Reduced output’s size. 10/06/2017
  • 15. Using PGP for securing the e-mail 15 WoT: Mailing lists Problem: PGP does not provide a direct management of mailing lists. Objective: encrypt messages’ content in such a way that all mailing lists members can: read it, post without loosing confidentiality, prove their membership to mailing list and their personal identity to other members. Assumptions: every user knows other members’ public key and all of them are part of a Google group. Idea: create and use a common keypair. Implementation: Configure Google groups to send messages to all members when there is a new post. Choose a group leader who creates a new keypair and then sends it to all group’s member by using PGP. Each member encrypts their posts with group’s public key, signs them with his private key, and decrypts them locally with group’s private key. Advantages: limited complexity, new users have full access, stronger signatures. Disadvantages: group’s leader needed, exiting users can continue decrypting messages. 10/06/2017
  • 16. Using PGP for securing the e-mail 16 Open-source clients 10/06/2017 Mozilla Thunderbird + GnuPG + Enigmail Open-source client for Windows, Mac OS, Linux Mozilla Thunderbird is a free, open source, cross-platform email, news, RSS, and chat client developed by the Mozilla Foundation. Enigmail is an extension for Thunderbird and other Mozilla-based mail clients. It allows you to encrypt and digitally sign emails using the OpenPGP standard. GnuPG is a complete and free implementation of the OpenPGP standard. It allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories.
  • 17. Using PGP for securing the e-mail 17 Open-source clients 10/06/2017 Firefox + Gmail + Mailvelope Web mail browser based for Windows, Mac OS, Linux Mozilla Firefox is a free and open-source web browser developed by the Mozilla Foundation. Gmail is a free, advertising-supported email service developed by Google.. Mailvelope is a free software for end-to-end encryption of email traffic inside of a web browser that integrates itself into existing webmail applications. It can be used to encrypt and sign electronic messages, including attached files, without the use of a separate, native email client using the OpenPGP standard.
  • 18. Using PGP for securing the e-mail 18 Open-source clients 10/06/2017 OpenKeychain + Gmail Android OpenKeychain helps you to communicate more privately and securely. It uses encryption to ensure that your messages can be read only by the people you send them to, others can send you messages that only you can read, and these messages can be digitally signed so the people getting them are sure who sent them. OpenKeychain is based on the well established OpenPGP standard making encryption compatible across your devices and systems.