Академический Документы
Профессиональный Документы
Культура Документы
APPLICATION LAYER
EMAIL
Confidentiality
oprotection from disclosure
Authentication
o for sender of message
Message integrity
oprotection from modification
Non-repudiation of origin
o protection from denial by sender
PGP and S/MIME are two popular schemes
PRETT Y GOOD PRIVACY (PGP)
encrypt Message
Message Bob with
and Message Digest Concatenate
(compressed) PRB and PUA
digitally signed with
PRA
Encrypted with shared session key
Decrypt Decrypt
message session
Generate
Decompress and digest key using
Compare digest on
message using PUB
received and decompresse
generated d message session
digest key
PGP OPERATION SUMMARY
PGP OPERATION SUMMARY
PGP OPERATION SUMMARY
PGP OPERATION SUMMARY
PGP SERVICES
Authentication
Confidentiality
Compression
E-mail compatibility
segmentation
PGP SERVICES
Authentication
Confidentiality
Compression
E-mail compatibility
segmentation
PGP OPERATION AUTHENTICATION
(MESSAGES ARE NOT ALTERED IN TRANSIT AND ARE
FROM THE CLAIMED SENDER)
Ks
PGP OPERATION CONFIDENTIALIT Y
(INTENDED RECIPIENT CAN DECIPHER THE MESSAGE)
Ks
PGP OPERATION CONFIDENTIALIT Y
(INTENDED RECIPIENT CAN DECIPHER THE MESSAGE)
Ks
PGP OPERATION CONFIDENTIALIT Y
(INTENDED RECIPIENT CAN DECIPHER THE MESSAGE)
Ks
PGP OPERATION CONFIDENTIALIT Y
(INTENDED RECIPIENT CAN DECIPHER THE MESSAGE)
Ks
PGP OPERATION CONFIDENTIALIT Y
(INTENDED RECIPIENT CAN DECIPHER THE MESSAGE)
Ks
PGP SERVICES
Authentication
Confidentiality
Compression
E-mail compatibility
segmentation
PGP OPERATION CONFIDENTIALITY
& AUTHENTICATION
Create signature & attach to message
encrypt both message & signature
attach RSA/ElGamal encrypted session key
Ks is session key
PGP OPERATION CONFIDENTIALITY
& AUTHENTICATION
Create signature & attach to message
encrypt both message & signature
attach RSA/ElGamal encrypted session key
Ks is session key
PGP SERVICES
Authentication
Confidentiality
Compression
E-mail compatibility
segmentation
COMPRESSION ALGORITHM (ZIP)
Authentication
Confidentiality
Compression
E-mail compatibility
segmentation
BASE-64 (RADIX-64) ENCODING AND
SEGMENTATION
01010101010101000011000101011111001001
6 26 56 63 Decimal equivalent
G a 4 /
four 8-bit
10010101 01001111 11010101 00100011 blocks
BASE-64 (RADIX-64) ENCODING
01010101010101000011000101011111001001
6 26 56 63 Decimal equivalent
G a 4 /
four 8-bit
10010101 01001111 11010101 00100011 blocks
BASE-64 (RADIX-64) ENCODING
01010101010101000011000101011111001001
6 26 56 63 Decimal equivalent
G a 4 /
four 8-bit
10010101 01001111 11010101 00100011 blocks
BASE-64 (RADIX-64) ENCODING
01010101010101000011000101011111001001
6 26 56 63 Decimal equivalent
G a 4 /
four 8-bit
10010101 01001111 11010101 00100011 blocks
BASE-64 (RADIX-64) ENCODING
01010101010101000011000101011111001001
6 26 56 63 Decimal equivalent
G a 4 /
four 8-bit
10010101 01001111 11010101 00100011 blocks
BASE-64 (RADIX-64) ENCODING
01010101010101000011000101011111001001
6 26 56 63 Decimal equivalent
G a 4 /
four 8-bit
10010101 01001111 11010101 00100011 blocks
BASE-64 (RADIX-64) ENCODING
01010101010101000011000101011111001001
6 26 56 63 Decimal equivalent
Corresponding Printable
G a 4 / Character
four 8-bit
10010101 01001111 11010101 00100011 blocks
PGP KEYS
Session keys
o One time session key depending on algorithm
o 56-bit DES, 128-bit CAST or IDEA, 168-bit 3-DES
o Random numbers based on key stroke timings, mouse
movements etc are used to create the keys
Public-private key pair
o Users private key encrypted using passphrase.
o Based on private key public key is generated.
o User can have multiple pairs of private -public keys for the use
of different groups
o Receiver must know which public key is used for a sender
o Key -ID identifies the public key
Passphrase based conventional key
o Hash code of passphrase is stored securely
o Used to retrieve the private key
KEY MANAGEMENT
Key rings
PGP certificates
Introducer trust
Certificate trust
Key legitimacy
Web of trust
KEY MANAGEMENT
Key rings
PGP certificates
Introducer trust
Certificate trust
Key legitimacy
Web of trust
PGP KEY RINGS
abcs
abcs
Key rings
PGP certificates
Introducer trust
Certificate trust
Key legitimacy
Web of trust
PGP CERTIFICATES
Digital Certificate
User: C
A Trust: Full
Issued by: A C
Digital Certificate
B User: C
Trust: Partial
Issued by: B
Digital Certificate
User: C
A Trust: Full
Issued by: A C
Digital Certificate
B User: C
Trust: Partial
Issued by: B
Key rings
PGP certificates
Introducer trust
Certificate trust
Key legitimacy
Web of trust
KEY LEGITIMACY
Key rings
PGP certificates
Introducer trust
Certificate trust
Key legitimacy
Web of trust
WEB OF TRUST
user user
UA UA
MIME MIME
MTA MTA
7-bit ASCII
FEATURES OF MIME
E-mail header
MIME version: 1.1
Content type: type/subtype parameter
Content transfer encoding: encoding type
ContentID: message id
Content description: description of non-text contents
Message body
E-mail header
MIME version: 1.1
Content type: --/HTML or image/jpeg or video/MPEG
Content transfer encoding: 7bit or radix 64 or binary
ContentID: message id
Content description: image or audio or video
Message body
S/MIME (SECURE/MULTIPURPOSE
INTERNET MAIL EXTENSIONS)
extension of MIME format which is an internet standard for the
format of e-mail
Secure version of MIME
In addition to MIME, S/MIME allows encryption and digital
signing of messages
Strength is its ability to validate the identities of e -mail senders
and recipients through digital signatures
Following services
Authentication
Message integrity
Non-repudiation of origin
Privacy and data security
have S/MIME support in many mail agents
MS Outlook, Mozilla, Mac Mail etc
SECURIT Y OF E-MAIL WITH S/MIME
Data
contains identifier to identify MIME message content
Signed data
provides integrity of data
Enveloped data
provides data confidentiality to a message. A sender needs to
have access to a public key for each recipient to use this service
Compressed data
Applies data compression to a message to reduce the message
size
SIGNED DATA T YPE
Signature +
Digital certificate +
Hash algorithm
digest signatu
algo
re algo
:
:
Digital Signature +
Content Hash digest signatu certificate +
(any type) algo re algo algorithm
Signed Content
with (any type)
private
key
ENVELOPED DATA T YPE
Recipient
identification,
public key
Public certificate,
key encrypted session
cipher key
:
Session key :
Recipient
Public identification,
key public key
cipher certificate,
encrypted session
key