E-MAIL SECURITY - PowerPoint PPT Presentation

1 / 35
About This Presentation
Title:

E-MAIL SECURITY

Description:

E-MAIL SECURITY Chapter 15 .for authentication and confidentiality PGP Uses best algorithms as building blocks General purpose Package/source code free – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 36
Provided by: Matth576
Category:
Tags: mail | security | lempel

less

Transcript and Presenter's Notes

Title: E-MAIL SECURITY


1
E-MAIL SECURITY Chapter 15
  • .for authentication and confidentiality
  • PGP
  • Uses best algorithms as building blocks
  • General purpose
  • Package/source code free
  • Low-cost commercial version
  • No government

2
PGP CRYPTOGRAPHIC FUNCTIONS
3
PGP for.
Authentication Confidentiality
Compression e-mail Segmentation
4
DIGITAL SIGNATURES (fig 15.1a)
SHA-1 with RSA ? Signature (RSA,
KUa) ? KRa (H, KRa)
? Signed (alternative
DSS/SHA-1)
5
DETACHED SIGNATURES
instead of.. Attached
Signatures use.. Detached
Signatures - Separate Transmission
- separate log detect
virus many signatures one doc
6
CONFIDENTIALITY (fig 15.1b)
CAST or IDEA or 3DES CFB 64 Key
Distribution
RSA/Diffie-Hellman/El Gamal Symmetric Key used
once/message Random ? 128-bit key, Ks
key sent with message

7
SYMMETRIC/PUBLIC COMBINATION
  • Faster than just PUBLIC
  • PUBLIC solves key distribution
  • No protocol one-time message
  • No handshaking
  • One-time keys strengthen security
  • (weakest link is public)

8
CONFIDENTIALITY and AUTHENTICATION (fig 15.c)
Authentication - plaintext mess. stored
third-party can verify signature without
needing to know secret key Compression
Confidentiality
9
COMPRESSION - why?
  • Benefit - efficiency
  • Why,
  • Signature then Compression then
    Confidentiality ?
  • Sign Uncompressed Message
  • - off-line storage
  • No need for single compression algorithm
  • Encryption after compression is stronger

10
E-Mail COMPATIBILITY
e-mail uses ASCII PGP(8-bit) ?
ASCII Base-64 3x8 ? 4 x ASCII CRC 33
Expansion !! (fig 15.2)
11
RADIX-64 FORMAT
12
Tx and Rx of PGP Messages
13
SEGMENTATION / REASSEMBLY
Max length restriction e.g. internet 50,000
x 8-bits PGP Segments automatically but, One
session key,signature/message
14
PGP KEYS
  • one-time session
  • use random number gen.
  • 2. public
  • 3. private
  • 4. passphrase-based


key id file of key pairs for all users
multiple pairs
15
SESSION-KEY GENERATION
CAST / IDEA / 3DES in CFB mode
plaintext - user key strokes
64
64
K
K user key strokes and old session key
128
64
64

New Session Key
16
KEY IDENTIFIERS
Which public key? each public key has
key ID (least
64 bits) With high prob., no key ID collision
17
MESSAGE FORMAT (fig 15.3)
Message,m data, filename, timestamp signature
(optional) includes digest
hash(m(data)T) therefore signature is T,
EKRa(digest),2x8(digest), KeyID session key
(optional) key, IDKUb
18
MESSAGE FORMAT
19
KEY RINGS (fig 15.4)
Private Key Ring store public/private pairs
of node A Public Key Ring store public keys
of all other nodes
20
KEY RINGS
21
ENCRYPTED PRIVATE KEYS on PRIVATE KEY-RING
  • User passphrase
  • System asks user for passphrase
  • Passphrase ? 160-bit hash
  • Ehash(private key)
  • subsequent access requires passphrase

22
PGP MESSAGE GENERATION
23
PGP MESSAGE RECEPTION
24
PUBLIC KEY MANAGEMENT
Problem need tamper-resistant public-keys
(e.g. in case A thinks KUc is KUb) Two
threats C ? A (forge Bs signature)
A ? B (decrypt by C) solution
Key-Revoking
25
PGP TRUST MODEL EXAMPLE
26
ZIP
freeware (c) UNIX, PKZIP Windows LZ77
(Ziv,Lempel) Repetitions ? short code (on
the fly) codes re-used algorithm
MUST be reversible
27
ZIP (example)
(Fig 15.9) char ? 9 bits 1 bit 8-bit
ascii look for repeated sequences continue
until repetition ends e.g. the brown fox
? 8-bit pointer, 4-bit length, 00 ?
12-bit pointer, 6-bit length, 01 then jump ?
ptr length, ind compressed to 35x9-bit
two codes 343 bits Compression Ratio
424/343 1.24
28
ZIP (example)
29
COMPRESSION ALGORITHM
  • Sliding History Buffer last N chars
  • Look-Ahead Buffer next N chars
  • Algorithm tries to match chars from 2. to 1.
  • if no match,
  • 9 bits LAB ? 9 bits SHB
  • else if match found output
  • indicator for length K string, ptr, length
  • K bits LAB ? K bits SHB

30
COMPRESSION ALGORITHM

31
PGP RANDOM NUMBER GENERATION
32
S/MIME

(Secure/Multipurpose Mail Extension) S/MIME -
commercial PGP - private S/MIME - based
on MIME (designed for
RFC822) RFC822 - traditional text-mail
internet standard Envelope
Contents
33
CRYPTO ALGORITHMS USED in S/MIME

(Table 15.6) Sender/Recipients must agree on
common encryption algorithm S/MIME secures MIME
entity with signature and/or encryption MIME
entity entire message subpart of
message
34
SECURING a MIME ENTITY

security data
MIME ENTITY
WRAPPED in MIME
MIME PREPARE
PKCS OBJECT
S/MIME
35
S/MIME CERTIFICATE PROCESSING
Hybrid of X.509 certification authority
and PGPs web of trust Configure each client
? Trusted Keys Certification
Revocation List
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "E-MAIL SECURITY " is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!