Скачать презентацию CSCE 815 Network Security Lecture 11 Email Security Скачать презентацию CSCE 815 Network Security Lecture 11 Email Security

f639bc4034311ae49c0ff27aa072f33d.ppt

  • Количество слайдов: 30

CSCE 815 Network Security Lecture 11 Email Security PGP February 25, 2003 CSCE 815 Network Security Lecture 11 Email Security PGP February 25, 2003

Email Security email is one of the most widely used and regarded network services Email Security email is one of the most widely used and regarded network services currently message contents are not secure n n – 2– may be inspected either in transit or by suitably privileged users on destination system CSCE 815 Sp 03

Email Overview SMTP – Simple Mail Transfer Protocol – 3– CSCE 815 Sp 03 Email Overview SMTP – Simple Mail Transfer Protocol – 3– CSCE 815 Sp 03

Email Overview SMTP – runs on top of TCP/IP Port 25 SMTP Commands 1. Email Overview SMTP – runs on top of TCP/IP Port 25 SMTP Commands 1. HELO – identifies the client machine 2. MAIL – identifies the originator of the message 3. RCPT – identifies the recipient 4. DATA – the message 5. QUIT 6. RSET – abort 7. VRFY - to verify a recipients address 8. EXPN - expands a mailing list 9. TURN – client plays server 10. Parts of email message: envelope, headers, body – 4– CSCE 815 Sp 03

Email Overview SMTP Session 1. HELO erdos. cse. sc. edu 2. MAIL From: matthews@erdos. Email Overview SMTP Session 1. HELO erdos. cse. sc. edu 2. MAIL From: matthews@erdos. cse. sc. edu 3. RCPT To: CSCE 815 -001@cse. sc. edu 4. DATA – the message (max 1000 bytes segmenttation) 5. QUIT 6. Each message 4 byte command, operand, terminates with rn 7. Each message is acknowledged with 3 digit reply-code 8. Email Spoofing 1. 2. 3. telnet to a machine with port 25 type in “SMTP” packets changing From Does not change IP address so there is a good trail 9. http: //raddist. rad. com/networks/1998/smtp. htm (SMTP tutor. ) – 5– CSCE 815 Sp 03

Email Security Enhancements confidentiality n protection from disclosure authentication n of sender of message Email Security Enhancements confidentiality n protection from disclosure authentication n of sender of message integrity n protection from modification non-repudiation of origin n – 6– protection from denial by sender CSCE 815 Sp 03

Pretty Good Privacy (PGP) widely used de facto secure email developed by Phil Zimmermann Pretty Good Privacy (PGP) widely used de facto secure email developed by Phil Zimmermann selected best available cryptography algorithms integrated into a single program available on Unix, PC, Macintosh and Amiga systems originally free, now have commercial versions available also – 7– CSCE 815 Sp 03

PGP Operation – Authentication 1. sender creates a message 2. SHA-1 used to generate PGP Operation – Authentication 1. sender creates a message 2. SHA-1 used to generate 160 -bit hash code of message 3. hash code is encrypted with RSA using the sender's private key, and result is attached to message 4. receiver uses RSA or DSS with sender's public key to decrypt and recover hash code 5. receiver generates new hash code for message and compares with decrypted hash code, if match, message is accepted as authentic 6. From the strengths of RSA and SHA-1 the recipient is assured that only the possessor of the private key could generate the signature. – 8– CSCE 815 Sp 03

PGP Operation – Confidentiality 1. sender generates message and random 128 -bit number to PGP Operation – Confidentiality 1. sender generates message and random 128 -bit number to be used as session key for this message only. 2. message is encrypted, using CAST-128 / IDEA/3 DES with session key using 64 bit CFB(cipher feedback) 3. session key is encrypted using RSA with recipient's public key, then attached to message 4. receiver uses RSA with its private key to decrypt and recover session key 5. session key is used to decrypt message 6. Option to RSA – Diffie-Hellman variant E 1 Gamal – 9– CSCE 815 Sp 03

PGP Operation – Confidentiality & Authentication uses both services on same message n create PGP Operation – Confidentiality & Authentication uses both services on same message n create signature & attach to message n encrypt both message & signature n attach RSA encrypted session key – 10 – CSCE 815 Sp 03

– 11 – CSCE 815 Sp 03 – 11 – CSCE 815 Sp 03

Notation for Figure 5. 1 Ks session key used in symmetric encryption scheme KRa Notation for Figure 5. 1 Ks session key used in symmetric encryption scheme KRa = private key of user A KUa = public key of user A EP = Encryption Public Key DP = Decryption Public Key EP = Symmetric Encryption DP = Symmetric Decryption H hash function, || concatenation Z compression using ZIP R 64 = conversion to radix 64 ASCII format – 12 – CSCE 815 Sp 03

PGP Operation – Compression by default PGP compresses message after signing but before encrypting PGP Operation – Compression by default PGP compresses message after signing but before encrypting n n so can store uncompressed message & signature for later verification & because compression is non deterministic (tradeoffs speed vs compression ratio) uses ZIP compression algorithm – 13 – CSCE 815 Sp 03

PGP Operation – Email Compatibility when using PGP will have binary data to send PGP Operation – Email Compatibility when using PGP will have binary data to send (encrypted message etc) however email was designed only for text hence PGP must encode raw binary data into printable ASCII characters uses radix-64 algorithm n n maps 3 bytes to 4 printable chars also appends a CRC PGP also segments messages if too big – 14 – CSCE 815 Sp 03

PGP Operation – Summary – 15 – CSCE 815 Sp 03 PGP Operation – Summary – 15 – CSCE 815 Sp 03

Summary of PGP Services – 16 – CSCE 815 Sp 03 Summary of PGP Services – 16 – CSCE 815 Sp 03

E-mail Compatibility The scheme used is radix-64 conversion (see appendix 5 B). The use E-mail Compatibility The scheme used is radix-64 conversion (see appendix 5 B). The use of radix-64 expands the message by 33%. – 17 – CSCE 815 Sp 03

Segmentation and Reassembly Often restricted to a maximum message length of 50, 000 octets. Segmentation and Reassembly Often restricted to a maximum message length of 50, 000 octets. Longer messages must be broken up into segments. PGP automatically subdivides a message that is to large. The receiver strip of all e-mail headers and reassemble the block. – 18 – CSCE 815 Sp 03

Format of PGP Message – 19 – CSCE 815 Sp 03 Format of PGP Message – 19 – CSCE 815 Sp 03

– 20 – CSCE 815 Sp 03 – 20 – CSCE 815 Sp 03

– 21 – CSCE 815 Sp 03 – 21 – CSCE 815 Sp 03

– 22 – CSCE 815 Sp 03 – 22 – CSCE 815 Sp 03

PGP Session Keys need a session key for each message n of varying sizes: PGP Session Keys need a session key for each message n of varying sizes: 56 -bit DES, 128 -bit CAST or IDEA, 168 -bit Triple-DES generated using ANSI X 12. 17 mode uses random inputs taken from previous uses and from keystroke timing of user – 23 – CSCE 815 Sp 03

PGP Public & Private Keys since many public/private keys may be in use, need PGP Public & Private Keys since many public/private keys may be in use, need to identify which is actually used to encrypt session key in a message n n could send full public-key with every message but this is inefficient rather use a key identifier based on key n n is least significant 64 -bits of the key will very likely be unique also use key ID in signatures – 24 – CSCE 815 Sp 03

PGP Key Rings each PGP user has a pair of keyrings: n n – PGP Key Rings each PGP user has a pair of keyrings: n n – 25 – public-key ring contains all the public-keys of other PGP users known to this user, indexed by key ID private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted keyed from a hashed passphrase CSCE 815 Sp 03

PGP Key Management rather than relying on certificate authorities in PGP every user is PGP Key Management rather than relying on certificate authorities in PGP every user is own CA n can sign keys for users they know directly forms a “web of trust” n n trust keys have signed can trust keys others have signed if have a chain of signatures to them key ring includes trust indicators users can also revoke their keys – 26 – CSCE 815 Sp 03

The Use of Trust Key legitimacy field Signature trust field Owner trust field See The Use of Trust Key legitimacy field Signature trust field Owner trust field See Table 5. 2 (W. Stallings) – 27 – CSCE 815 Sp 03

– 28 – CSCE 815 Sp 03 – 28 – CSCE 815 Sp 03

Revoking Public Keys The owner issue a key revocation certificate. Normal signature certificate with Revoking Public Keys The owner issue a key revocation certificate. Normal signature certificate with a revote indicator. Corresponding private key is used to sign the certificate. – 29 – CSCE 815 Sp 03

Recommended Web Sites PGP home page: www. pgp. com MIT distribution site for PGP Recommended Web Sites PGP home page: www. pgp. com MIT distribution site for PGP S/MIME Charter S/MIME Central: RSA Inc. ’s Web Site – 30 – CSCE 815 Sp 03