power point presentation about email security using PGP method
Comments
Content
EMAIL SECURITY
1
Email Security
Student: Ashraf Gamal Ahmed El-Bialy CS634 – data Security Fall 2012-2013
Supervisor: DR. Hisham ElZoka
College of Computing and Information Technology Arab Academy For Science, Technology And Maritime Transport's
EMAIL SECURITY
• email is one of the most widely used and regarded network services • The protection of email from unauthorized access and inspection is known as electronic privacy.
CRYPTOGRAPHY AND NETWORK SECURITY
3
RISKS TO USER
• Email is vulnerable to both passive and active attacks.
•
Passive threats include Release of message contents, and Traffic analysis .
• Active threats include Modification of message contents, Masquerade, Replay, and Denial of Service (DoS). • Actually, all the mentioned threats are applicable to the traditional email protocols
Email Pathway
EMAIL SECURITY ENHANCEMENTS
Confidentiality
• protection from disclosure
Authentication • of sender of message Message integrity • protection from modification Non-repudiation of origin • protection from denial by sender
CRYPTOGRAPHY AND NETWORK SECURITY
6
METHODS/ALGORITHMS
• Pretty Good Privacy (PGP)
• Secure/Multipurpose Internet Mail Extensions (S/MIME)
• Transport Layer Security (TLS) • Domain Keys Identified Mail (DKIM) • . • .
PRETTY GOOD PRIVACY (PGP)
• Essentially the product of one single person – Phil Zimmermann
• Released in 1991 Complete email security package providing privacy, authentication, digital signatures, and compression.
• Available on Unix, Linux, Windows, Mac OS • It is based on algorithms that have survived extensive public review and are considered extremely secure. Specifically, the package includes RSA, DSS, and Diffie-Hellman for public-key encryption(Key Management); CAST-128, IDEA, and 3DES for symmetric encryption; and SHA-1 for hash coding.
PGP OPERATION – AUTHENTICATION
1. sender creates a message 2. SHA-1 used to generate 160-bit hash code of message 3. hash code is encrypted with RSA using the sender's private key, and result is attached to message 4. receiver uses RSA or DSS with sender's public key to decrypt and recover hash code 5. receiver generates new hash code for message and compares with decrypted hash code, if match, message is accepted as authentic
CRYPTOGRAPHY AND NETWORK SECURITY
10
PGP OPERATION – AUTHENTICATION
PGP CRYPTOGRAPHIC FUNCTIONS
11
PGP OPERATION – CONFIDENTIALITY
1. sender generates message and random 128-bit number to be used as session key for this message only 2. message is encrypted, using CAST-128 / IDEA/3DES with session key
3. session key is encrypted using RSA with recipient's public key, then attached to message
4. receiver uses RSA with its private key to decrypt and recover session key 5. session key is used to decrypt message
CRYPTOGRAPHY AND NETWORK SECURITY
12
PGP OPERATION – CONFIDENTIALITY
PGP OPERATION – CONFIDENTIALITY & AUTHENTICATION
• uses both services on same message • create signature & attach to message • encrypt both message & signature
• attach RSA encrypted session key
CRYPTOGRAPHY AND NETWORK SECURITY
14
PGP OPERATION – CONFIDENTIALITY & AUTHENTICATION
PGP OPERATION – COMPRESSION
• by default PGP compresses message after signing but before encrypting • so can store uncompressed message & signature for later verification • & because compression is non deterministic • uses ZIP compression algorithm
CRYPTOGRAPHY AND NETWORK SECURITY
16
PGP OPERATION – EMAIL COMPATIBILITY
• when using PGP will have binary data to send (encrypted message etc)
• however email was designed only for text
• hence PGP must encode raw binary data into printable ASCII characters • uses radix-64 algorithm • maps 3 bytes to 4 printable chars • also appends a CRC • PGP also segments messages if too big
• Identifying keys
• Multiple public, private key pairs for a user • Maintain keys • Its own public, private keys of a PGP entity • Public keys of correspondents
CRYPTOGRAPHY AND NETWORK SECURITY
19
SESSION KEY GENERATION
• Algorithm used: CAST-128 • Input to CAST-128 • A 128-bit key • Two 64 bits plaintexts to be encrypted • Output using cipher feedback mode • Generates 2 64-bits ciphers form session key • Plaintexts are from 128-bits randomized number • Based on key stroke of user (timing and actual keys) • Then combined with previous session key
CRYPTOGRAPHY AND NETWORK SECURITY
20
S/MIME (SECURE/MULTIPURPOSE INTERNET MAIL EXTENSIONS)
• security enhancement to MIME email
• original Internet RFC822 email was text only
• MIME provided support for varying content types and multipart messages
• with encoding of binary data to textual form
• S/MIME added security enhancements • have S/MIME support in various modern mail agents: MS Outlook, Netscape etc