PGP and S/MIME are two standards for securing email. PGP uses asymmetric encryption and digital signatures to provide authentication, confidentiality, and compression of messages. It utilizes public/private key pairs and trust is established through signatures on public keys. S/MIME is an Internet standard that provides similar security services to MIME messages as PGP, using PKI/certificates and industry standard algorithms. Both standards encrypt messages and attach digital signatures to authenticate senders and guarantee message integrity.
A hash function usually means a function that compresses, meaning the output is shorter than the input
A hash function takes a group of characters (called a key) and maps it to a value of a certain length (called a hash value or hash).
The hash value is representative of the original string of characters, but is normally smaller than the original.
This term is also known as a hashing algorithm or message digest function.
Hash functions also called message digests or one-way encryption or hashing algorithm.
http://phpexecutor.com
Pgp-Pretty Good Privacy is the open source freely available tool to encrypt your emails then you can very securely send mails to others over internet without fear of eavesdropping by cryptanalyst.
A hash function usually means a function that compresses, meaning the output is shorter than the input
A hash function takes a group of characters (called a key) and maps it to a value of a certain length (called a hash value or hash).
The hash value is representative of the original string of characters, but is normally smaller than the original.
This term is also known as a hashing algorithm or message digest function.
Hash functions also called message digests or one-way encryption or hashing algorithm.
http://phpexecutor.com
Pgp-Pretty Good Privacy is the open source freely available tool to encrypt your emails then you can very securely send mails to others over internet without fear of eavesdropping by cryptanalyst.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Pretty Good Privacy (PGP) is strong encryption software that enables you to protect your email and files by scrambling them so others cannot read them. It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.
PGP was first released in 1991 as a DOS program that earned a reputation for being difficult. In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.
Pretty Good Privacy,PGP Confidentiality and Authentication,Secure/Multipurpose Internet Mail Extension (S/MIME),Secure/Multipurpose Internet Mail Extension (S/MIME),Enhanced Security Services,E-mail Threats
Today in modern era of internet we share some sensitive data to information transmission. but need to ensure security. So we focus on Cryptography modern technique for secure transmission of information over network.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Pretty Good Privacy (PGP) is strong encryption software that enables you to protect your email and files by scrambling them so others cannot read them. It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.
PGP was first released in 1991 as a DOS program that earned a reputation for being difficult. In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.
Pretty Good Privacy,PGP Confidentiality and Authentication,Secure/Multipurpose Internet Mail Extension (S/MIME),Secure/Multipurpose Internet Mail Extension (S/MIME),Enhanced Security Services,E-mail Threats
Today in modern era of internet we share some sensitive data to information transmission. but need to ensure security. So we focus on Cryptography modern technique for secure transmission of information over network.
This presentation is based on the paper :
"A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" by R.L. Rivest, A. Shamir, and L. Adleman
This presentation introduces the Basics of Cryptography and Network Security concepts. Heavily derived from content from William Stalling's book with the same title.
This is Cryptography presentation. This explains fundamental concepts of cryptography.This starts from very basic topics and then moving to the important concepts used in today's cryptosystems. This can be used by college students as their project ppts.
o Review of PGP - Authentication and Confidentiality.
o Review of MIME and S/MIME with a short review of SMTP.
o Review of S/MIME in MS-Outlook - worksheet.
o Review of SSL Protocols.
o Review of SSH, its phases and its supported channel types.
o Demonstration SSL through Wireshark
o Demonstration SSH Channel
o Need for IPSec
o Details of ESP and brief idea of AH.
o SAD and SPD with inbound/outbound packet processing.
The design criteria behind TLS/SSL, presented at Cal Poly on 2010/6/3. An updated version of a previous talk, this presentation includes descriptions of the Null-byte certificate attack and the recent session renegotiation attack (both from 2009).
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
3. 3
What is PGP?
PGP - Pretty Good Privacy
general purpose application to protect (encrypt and/or sign)
files
can be used to protect e-mail messages
can be used by corporations as well as individuals
based on strong cryptographic algorithms (IDEA, RSA, SHA-1)
available free of charge at http://www.pgpi.org
first version developed by Phil Zimmermann
PGP is now on an Internet standards track (RFC 3156)
4. 4
PGP services
messages
– authentication
– confidentiality
– compression
– e-mail compatibility
– segmentation and reassembly
key management
– generation, distribution, and revocation of public/private keys
– generation and transport of session keys and IVs
PGP/services
5. 5
Message authentication
based on digital signatures
supported algorithms: RSA/SHA and DSS/SHA
hashhash encenc
hashhash decdeccomparecompare
accept / reject
m h σ
Ksnd
-1
Ksnd
m h σh
senderreceiver
PGP/services
6. 6
Message confidentiality
symmetric key encryption in CFB mode with a random session
key and IV
session key and IV is encrypted with the public key of the
receiver
supported algorithms:
– symmetric: CAST, IDEA, 3DES
– asymmetric: RSA, ElGamal
prngprng
s.encs.enc
m
Krcv
sender
a.enca.enc
k, iv
{m}k
{k, iv}Krcv
PGP/services
7. 7
Compression
applied after the signature
– enough to store clear message and signature for later verification
– it would be possible to dynamically compress messages before
signature verification, but …
– then all PGP implementations should use the same compression
algorithm
– however, different PGP versions use slightly different compression
algorithms
applied before encryption
– compression reduces redundancy → makes cryptanalysis harder
supported algorithm: ZIP
PGP/services
8. 8
E-mail compatibility
encrypted messages and signatures may contain arbitrary
octets
most e-mail systems support only ASCII characters
PGP converts an arbitrary binary stream into a stream of
printable ASCII characters
radix 64 conversion: 3 8-bit blocks → 4 6-bit blocks
0 7 0 7 0 7
0 5 0 5 0 5 0 5
character
encoding
6-bit
value
52 0
… …
61 9
62 +
63 /
(pad) =
0 A
… ...
25 Z
26 a
… …
51 z
character
encoding
6-bit
value
PGP/services
9. 9
Combining services
X := fileX := file
signature?signature?
compress
X := Z(X)
compress
X := Z(X)
encryption?encryption?
radix 64
X := R64(X)
radix 64
X := R64(X)
generate signature
X := σ(X) || X
generate signature
X := σ(X) || X
generate envelop
X := {k}Krcv || {X}k
generate envelop
X := {k}Krcv || {X}k
yes
yes
no
no
PGP/services
10. 10
PGP message format
session key
component
signature
message
key ID of Krcv
session key k
timestamp
key ID of Ksnd
leading two octets of hash
hash
filename
timestamp
data
{}Krcv{}Ksnd
-1
{}k
ZIP
R64
PGP/messageformat
11. 11
Key IDs
a user may have several public key – private key pairs
– which private key to use to decrypt the session key?
– which public key to use to verify a signature?
transmitting the whole public key would be wasteful
associating a random ID to a public key would result in
management burden
PGP key ID: least significant 64 bits of the public key
– unique within a user with very high probability
PGP/keyandtrustmanagement
12. 12
Random number generation
true random numbers
– used to generate public key – private key pairs
– provide the initial seed for the pseudo-random number generator
(PRNG)
– provide additional input during pseudo-random number generation
pseudo-random numbers
– used to generate session keys and IVs
PGP/keyandtrustmanagement
13. 13
True random numbers
PGP maintains a 256-byte buffer of random bits
each time PGP expects a keystroke from the user, it records
– the time when it starts waiting (32 bits)
– the time when the key was pressed (32 bits)
– the value of the key stroke (8 bits)
the recorded information is used to generate a key
the generated key is used to encrypt the current value of the
random-bit buffer
PGP/keyandtrustmanagement
14. 14
Pseudo-random numbers
based on the ANSI X9.17 PRNG standard
3DES3DES
3DES3DES
3DES3DES
+
+
DTi
Vi
Vi+1
K1, K2
Ri
PGP/keyandtrustmanagement
16. 16
Pseudo-random numbers
dtbuf[0..3] = current time, dtbuf[4..7] = 0
pre-wash
– take the hash of the message
• this has already been generated if the message is being signed
• otherwise the first 4K of the message is hashed
– use the result as a key, use a null IV, and encrypt (rkey, rseed)previous in
CFB mode
• if (rkey, rseed)previous is empty, it is filled up with true random bits
– set (rkey, rseed)current to the result of the encryption
post-wash
– generate 24 more bytes as before but without XORing in true random
bytes
– encrypt the result in CFB mode using K and IV
– set (rkey, rseed)previous to the result of the encryption
PGP/keyandtrustmanagement
17. 17
Private-key ring
used to store the public key – private key pairs owned by a
given user
essentially a table, where each row contains the following
entries:
– timestamp
– key ID (indexed)
– public key
– encrypted private key
– user ID (indexed)
encencpassphrase
hashhash
private key
encrypted private key
PGP/keyandtrustmanagement
18. 18
Public-key ring
used to store public keys of other users
a table, where each row contains the following entries:
– timestamp
– key ID (indexed)
– public key
– user ID (indexed)
– owner trust
– signature(s)
– signature trust(s)
– key legitimacy
PGP/keyandtrustmanagement
19. 19
Trust management
owner trust
– assigned by the user
– possible values:
• unknown user
• usually not trusted to sign
• usually trusted to sign
• always trusted to sign
• ultimately trusted (own key, present in private key ring)
signature trust
– assigned by the PGP system
– if the corresponding public key is already in the public-key ring, then its
owner trust entry is copied into signature trust
– otherwise, signature trust is set to unknown user
PGP/keyandtrustmanagement
20. 20
Trust management
key legitimacy
– computed by the PGP system
– if at least one signature trust is ultimate, then the key legitimacy is 1
(complete)
– otherwise, a weighted sum of the signature trust values is computed
• always trusted signatures has a weight of 1/X
• usually trusted signatures has a weight of 1/Y
• X, Y are user-configurable parameters
– example: X=2, Y=4
• 1 ultimately trusted, or
• 2 always trusted, or
• 1 always trusted and 2 usually trusted, or
• 4 usually trusted signatures are needed to obtain full legitimacy
PGP/keyandtrustmanagement
21. 21
Example – key legitimacy
X = 1, Y = 2
user
A
B
C
D
E
F
G H
I
J
K
M
L
untrusted / usually untrusted
usually trusted
always trusted
ultimately trusted (you)
signature
legitimate
PGP/keyandtrustmanagement
22. 22
Public-key revocation
why to revoke a public key?
– suspected to be compromised (private key got known by someone)
– re-keying
the owner issues a revocation certificate …
– has a similar format to normal public-key certificates
– contains the public key to be revoked
– signed with the corresponding private key
and disseminates it as widely and quickly as possible
if a key is compromised:
– e.g., Bob knows the private key of Alice
– Bob can issue a revocation certificate to revoke the public key of Alice
– even better for Alice
PGP/keyandtrustmanagement
23. 23
What is S/MIME?
Secure / Multipurpose Internet Mail Extension
a security enhancement to MIME
provides similar services to PGP
based on technology from RSA Security
industry standard for commercial and organizational use
RFC 2630, 2632, 2633
24. 24
RFC 822
defines a format for text messages to be sent using e-mail
Internet standard
structure of RFC 822 compliant messages
– header lines (e.g., from: …, to: …, cc: …)
– blank line
– body (the text to be sent)
example
Date: Tue, 16 Jan 1998 10:37:17 (EST)
From: “Levente Buttyan” <buttyan@hit.bme.hu>
Subject: Test
To: afriend@otherhost.bme.hu
Blablabla
S/MIME/introduction
25. 25
Problems with RFC 822 and SMTP
executable files must be converted into ASCII
– various schemes exist (e.g., Unix UUencode)
– a standard is needed
text data that includes special characters (e.g., Hungarian text)
some servers
– reject messages over a certain size
– delete, add, or reorder CR and LF characters
– truncate or wrap lines longer than 76 characters
– remove trailing white space (tabs and spaces)
– pad lines in a message to the same length
– convert tab characters into multiple spaces
S/MIME/introduction
26. 26
MIME
defines new message header fields
defines a number of content formats (standardizing
representation of multimedia contents)
defines transfer encodings that protects the content from
alteration by the mail system
S/MIME/introduction
27. 27
MIME - New header fields
MIME-Version
Content-Type
– describes the data contained in the body
– receiving agent can pick an appropriate method to represent the
content
Content-Transfer-Encoding
– indicates the type of the transformation that has been used to represent
the body of the message
Content-ID
Content-Description
– description of the object in the body of the message
– useful when content is not readable (e.g., audio data)
S/MIME/introduction
29. 29
MIME – Transfer encodings
7bit
– short lines of ASCII characters
8bit
– short lines of non-ASCII characters
binary
– non-ASCII characters
– lines are not necessarily short
quoted-printable
– non-ASCII characters are converted into hexa numbers (e.g., =EF)
base64 (radix 64)
– 3 8-bit blocks into 4 6-bit blocks
x-token
– non-standard encoding
S/MIME/introduction
30. 30
MIME – Example
MIME-Version: 1.0
From: Nathaniel Borenstein <nsb@nsb.fv.com>
To: Ned Freed <ned@innosoft.com>
Date: Fri, 07 Oct 1994 16:15:05 -0700 (PDT)
Subject: A multipart example
Content-Type: multipart/mixed; boundary=unique-boundary-1
This is the preamble area of a multipart message. Mail readers that understand multipart format
should ignore this preamble. If you are reading this text, you might want to consider changing to a mail reader
that understands how to properly display multipart messages.
--unique-boundary-1
Content-type: text/plain; charset=US-ASCII
… Some text …
--unique-boundary-1
Content-Type: multipart/parallel; boundary=unique-boundary-2
--unique-boundary-2
Content-Type: audio/basic
Content-Transfer-Encoding: base64
... base64-encoded 8000 Hz single-channel mu-law-format audio data goes here ...
--unique-boundary-2
Content-Type: image/jpeg
Content-Transfer-Encoding: base64
... base64-encoded image data goes here ...
--unique-boundary-2--
S/MIME/introduction
31. 31
MIME – Example cont’d
--unique-boundary-1
Content-type: text/enriched
This is <bold><italic>enriched.</italic></bold><smaller>as defined in RFC 1896</smaller>
Isn’t it <bigger><bigger>cool?</bigger></bigger>
--unique-boundary-1
Content-Type: message/rfc822
From: (mailbox in US-ASCII)
To: (address in US-ASCII)
Subject: (subject in US-ASCII)
Content-Type: Text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: Quoted-printable
... Additional text in ISO-8859-1 goes here ...
--unique-boundary-1--
S/MIME/introduction
32. 32
S/MIME services
enveloped data (application/pkcs7-mime; smime-type = enveloped-data)
– standard digital envelop
signed data (application/pkcs7-mime; smime-type = signed-data)
– standard digital signature (“hash and sign”)
– content + signature is encoded using base64 encoding
clear-signed data (multipart/signed)
– standard digital signature
– only the signature is encoded using base64
– recipient without S/MIME capability can read the message but cannot
verify the signature
signed and enveloped data
– signed and encrypted entities may be nested in any order
S/MIME/services
34. 34
Securing a MIME entity
MIME entity is prepared according to the normal rules for MIME
message preparation
prepared MIME entity is processed by S/MIME to produce a
PKCS object
the PKCS object is treated as message content and wrapped in
MIME
S/MIME/services
35. 35
PKCS7 “signed data”
Version
(Set of) Digest Algorithms
Content Info
Set of certificates
Set of CRLs
Signer Info
Version
Signer ID (issuer and ser. no.)
Digest Algorithm
Authenticated Attributes
Digest Encryption Alg.
Encrypted digest (signature)
Content type
Content
S/MIME/messageformats
36. 36
PKCS7 “enveloped data”
Version
Encrypted Content Info
Recipient Info
Version
Recipient ID (issuer and s.no.)
Key Encryption Algorithm
Encrypted Key
Content Encryption Alg.
Content type
Encrypted Content
Originator Info
S/MIME/messageformats
37. 37
Enveloped data – Example
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m
rfvbnj756tbBghyHhHUujhJhjH77n8HHGT9HG4VQpfyF467GhIGfHfYT6
7n8HHGghyHhHUujhJh4VQpfyF467GhIGfHfYGTrfvbnjT6jH7756tbB9H
f8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4
0GhIGfHfQbnj756YT64V
S/MIME/messageformats
38. 38
Clear-signed data – Example
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary=boundary42
--boundary42
Content-Type: text/plain
This is a clear-signed message.
--boundary42
Content-Type: application/pkcs7-signature; name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s
ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6
4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj
n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4
7GhIGfHfYT64VQbnj756
--boundary42--
S/MIME/messageformats
39. 39
Key management
S/MIME certificates are X.509 conformant
key management scheme is between strict certification hierarchy and
PGP’s web of trust
– certificates are signed by certification authorities (CA)
– key authentication is based on chain of certificates
– users/managers are responsible to configure their clients with a list of trusted
root keys
K
S/MIME/keymanagement