4. Everyone on the way can read it!!
No Authentication. Everyone can pose as everyone
Size Limit
5. There are two main schemes which are especially
designed to provide confidentiality and
authentication for electronic mail systems.
These are:
PGP
(Pretty Good Privacy)
S/MIME
(Secure/Multipurpose Internet Mail Extension)
5
6. PGP
• Developed by Phil Zimmerman in 1995.
• Documentation and source code is freely available.
• The package is independent of operating system and
processor.
• PGP does not rely on the “establishment” and it’s
popularity and use have grown extensively since
1995.
6
7. Why PGP?
•PGP combines the best available cryptographic
algorithms to achieve secure e-mail communication.
•It is assumed that all users are using public key
cryptography and have generated a private/public key
pair.
•Either RSA (with RSA digital signatures) or
El Gamal (with DSA) can be used.
•All users also use a symmetric key system such as
triple DES or Rijndael.
7
11. 1. PGP Authentication
This is a digital signature scheme with hashing.
1. Alice has (private/public) key pair (Ad/Ae) and she
wants to send a digitally signed message m to Bob.
2. Alice hashes the message using SHA-1 to obtain
SHA(m).
3. Alice encrypts the hash using her private key Ad to
obtain ciphertext c given c=pk.encryptAd(SHA(m))
4. Alice sends Bob the pair (m,c)
5. Bob receives (m,c) and decrypts c using Alice's
public key Ae to obtain signature s
s=pk.decryptAe(c)
11
12. 6. He computes the hash of m using SHA-1 and if this
hash value is equal to s then the message is
authenticated.
Bob is sure that the message is correct and that is
does come from Alice.
Furthermore Alice cannot later deny sending the
message since only Alice has access to her private
key Ad which works in conjunction with the public
key Ae.
12
13.
14. 2. PGP Confidentiality
1. Alice wishes to send Bob a confidential message m.
2. Alice generates a random session key k for a symmetric
cryptosystem.
3. Alice encrypts k using Bob’s public key Be to get
k’ = pk.encryptBe(k)
4. Alice encrypts the message m with the session key k to
get ciphertext c c=sk.encryptk(m)
5. Alice sends Bob the values (k’,c)
6. Bob receives the values (k’,c) and decrypts k’ using his
private key Bd to obtain k k=pk.decryptBd(k’)
14
15. 7. Bob uses the session key k to decrypt the
ciphertext c and recover the message m
m=sk.decryptk(c)
Public and symmetric key cryptosystems are
combined in this way to provide security for key
exchange and then efficiency for encryption. The
session key k is used only to encrypt message m
and is not stored for any length of time.
15
16.
17. PGP Authenticaton and Confidentiality (at
the same time)
The schemes for authentication and confidentiality can
be combined so that Alice can sign a confidential
message which is encrypted before transmission. The
steps required are as follows:
1. Alice generates a signature c for her message m as in
the Authentication scheme c=pk.encryptAd(SHA(m))
2. Alice generates a random session key k and encrypts the
message m and the signature c using a symmetric
cryptosystem to obtain ciphertext C=sk.encryptk(m,c)
3. She encrypts the session key k using Bob’s public key
k’ = pk.encryptBe(k)
4. Alice sends Bob the values (k’,C)
17
18. 5. Bob recieves k’ and C and decrypts k’ using his
private key Bd to obtain the session key k
k=pk.decryptBd(k’)
6. Bob decrypts the ciphertext C using the session key k
to obtain m and c
(m,c) = sk.decryptk(C)
7. Bob now has the message m. In order to authenticate
it he uses Alice’s public key Ae to decrypt the signature
c and hashes the message m using SHA-1.
If SHA(m) = pk.decryptAe(c)
Then the message is authenticated.
18
19. 3. PGP Compression
PGP can also compress the message if desired. The
compression algorithm is ZIP and the decompression
algorithm is UNZIP.
1. The original message m is signed as before to obtain
c=pk.encryptAd(SHA(m))
2. Now the original message m is compressed to obtain
M=ZIP(m)
3. Alice generates a session key k and encrypts the
compressed message and the signature using the
session key C=sk.encryptk(M,c)
19
20. 4. The session key is encrypted using Bob’s public
key as before.
5. Alice sends Bob the encrypted session key and
ciphertext C.
6. Bob decrypts the session key using his private key
and then uses the session key to decrypt the
ciphertext C to obtain M and c
(M,c) = sk.decryptk(C)
7. Bob decompresses the message M to obtain the
original message m
m=UNZIP(M)
8. Now Bob has the original message m and
signature c. He verifies the signature using SHA-1
and Alice’s public key as before.
20
21. 4. PGP E-Mail Compatibility
Many electronic mail systems can only transmit blocks
of ASCII text. This can cause a problem when sending
encrypted data since ciphertext blocks might not
correspond to ASCII characters which can be
transmitted.
PGP overcomes this problem by using radix-64
conversion.
21
22. Radix-64 conversion
Suppose the text to be encrypted has been converted
into binary using ASCII coding and encrypted to give a
ciphertext stream of binary.
Radix-64 conversion maps arbitrary binary into
printable characters as follows:
22
23. Radix-64 conversion
1. The binary input is split into blocks of 24 bits (3
bytes).
2. Each 24 block is then split into four sets each of 6-
bits.
3. Each 6-bit set will then have a value between 0 and
26-1 (=63).
4. This value is encoded into a printable character.
23
24. 24
6 bit
value
Character
encoding
6 bit
value
Character
encoding
6 bit
value
Character
encoding
6 bit
value
Character
encoding
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Q
R
S
T
U
V
W
X
Y
Z
a
b
c
d
e
f
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
(pad)
w
x
y
z
0
1
2
3
4
5
6
7
8
9
+
/
=
25. 5. PGP Segmentation
Another constraint of e-mail is that there is usually a
maximum message length.
PGP automatically blocks an encrypted message into
segments of an appropriate length.
On receipt, the segments must be re-assembled
before the decryption process.
25
26. Key Issues
1. Key Generation
Recall that a new session key is required each time
a message is encrypted. How are these keys
generated?
PGP uses the timing of key strokes and key
patterns to generate random numbers.
26
27. So a PGP message might consist of:
• Message component – the actual data to be
transmitted + a filename + a timestamp;
• Signature component – timestamp + hash of
message and timestamp + first part of message (so
user can check that they are decrypting correctly) +
Key ID of sender’s public key
• Session Key component – session key + key ID of
recipient’s public key
29
28. S/MIME – RFC5322
• Defines a format for text messages that are sent using
electronic mail
• Messages are viewed as having an envelope and
contents
• The envelope contains whatever information is needed to
accomplish transmission and delivery
• The contents compose the object to be delivered to the recipient
The content standard includes a set of header fields that
may be used by the mail system to create the envelope
33. S/MIME Functions
• enveloped data
• encrypted content and associated keys
• signed data
• encoded message + signed digest
• clear-signed data
• cleartext message + encoded signed digest
• signed & enveloped data
• nesting of signed & encrypted entities
34. S/MIME Cryptographic Algorithms
• hash functions: SHA-1 & MD5
• digital signatures: DSS & RSA
• session key encryption: ElGamal & RSA
• message encryption: Triple-DES, RC2/40 and others
• have a procedure to decide which algorithms to use
35. S/MIME Certificate Processing
• S/MIME uses X.509 v3 certificates
• managed using a hybrid of a strict X.509 CA hierarchy &
PGP’s web of trust
• each client has a list of trusted CA’s certs
and own public/private key pairs & certs
• certificates must be signed by trusted CA’s
36. Certificate Authorities
• have several well-known CA’s
• Verisign one of most widely used
• Verisign issues several types of Digital IDs
• with increasing levels of checks & hence trust
Class Identity Checks Usage
1 name/email check web browsing/email
2+ enroll/addr check email, subs, s/w validate
3+ ID documents e-banking/service access