Electronic Mail Security

• Pretty Good Privacy

• S/MIME

Electronic Mail Security

• Electronic Mail
– the most heavily used network-based application
– the only distributed application that is widely used
across
all architectures and vendor platforms

• There grows a demand for authentication and

confidentiality services
– Pretty Good Privacy(PGP)
– S/MIME

Introduction
• Largely the effort of a single person, Phil Zimmermann
– selected the best available cryptographic algorithms
as building blocks
– integrated these algorithms into a general-purpose
application
– made the package and its documentation, including
the source
code, freely via the internet, bbs, and commercial
networks
– entered into an agreement with a company to
provide a fully
compatible, low-cost commercial version of PGP

• Provides a confidentiality and authentication.

• Used for electronic mail and file storage application.
Why PGP ?
• It is available free worldwide in versions that run on a
variety of platforms
• It is based on algorithms that have survived extensive
public review and are considered extremely secure
– public-key encryption : RSA, DSS, Diffie-Hellman
– conventional encryption : CAST-128, IDEA, 3-DES
– hash coding : SHA-1
• It has a wide range of applicability
• It was not developed by, nor is it controlled by, any
governmental or standards organization

Notation
• Ks = session key
• Kra = private key of user A
• Kua = public key of user A
• EP = public-key encryption
• DP = public-key decryption
• EC = conventional encryption
• DC = conventional decryption
• H = hash function
• || = concatenation
• Z = compression using ZIP algorithm
• R64 = conversion to radix 64 ASCII format

Operational Description(1/2)
• Digital signature(authentication)
• Message encryption(confidentiality)
• Compression
• Email compatibility
• Segmentation
Operational Description(2/2)

Summary of PGP Services

Authentication / Confidentiality

Authentication and Confidentiality

Compression
• PGP compresses the message
– after applying the signature
» can store only the uncompressed message
together with the signature for future
verification.
» generate dynamically a recompressed message
for verification.
– but before encryption to strengthen cryptographic
security
» the compressed message has less redundancy
than the original plaintext
 » cryptanalysis is more difficult

E-mail Compatibility(1/2)

• Part or all of the resulting block consists of a stream of

arbitrary 8-bit octets
• Many E-mail systems only permit the use of blocks
consisting of ASCII text
• Use radix-64 conversion(Appendix 12B)
» 3 octets of binary data -> 4 ASCII characters +
CRC
Transmission and Reception
Segmentation and Reassembly
• E-mail facilities often are restricted to a maximum message
length
• PGP automatically subdivides a message that is too large
into segments that are small enough to send via e-mail
• The segmentation is done after all of the other processing
– the session key component and signature component
appear only once, at the beginning of the first segment

PGP Message Format (A to B)

PGP Message Format (A to B)

publ
priv
ic
ate
key
Cryptographic Keys and Key Rings
• PGP makes use of four types of keys
– one-time session conventional keys
– public keys
– private keys
– passphrase-based conventional keys
• Three separate requirements can be identified with respect
to these keys
– a means of generating unpredictable session key is
needed
– multiple public-key/private-key pairs are allowed
– each PGP entity must maintain a file of its own
KU/KR pairs
as well as a file of public keys of correspondents
Session Key Generation
• Based on the one specified in ANSI X12.17
• Random 128-bit numbers are generated using CAST-128
• Using cipher feedback mode
• Two 64-bit cipher text block are concatenated to form the
128-bit session key
Key Identifiers
• Any given user may have multiple public/private key pairs
• The key ID of KUa = KUa mod 264
• Very high probability, unique within a user ID
• Signature component includes Key ID of senders’ public
key
• Session key component includes Key ID of recipients’
public key.

PGP Message Format (A to B)

PGP Message Format (A to B)
Key Rings(1/4)
• The private-key ring store the public/private key pairs
– secring.pkr

• The public-key ring store the public keys of other users

known
– pubring.pkr

• The private key is encrypted using CAST-128(or IDEA or

3DES)
– EH(Pi)[KRi] ( Pi : passphrase)
Key Rings(3/4)

Key Rings(2/4)
Private-Key Ring

Encrypted
Timestamp Key ID* Public Key User ID
Private Key
…

…
Ti KUi mod 264 KUi EH(Pi) [KRi] User i
…

…
Public-Key Ring
Key Rings(4/4)