7cffe14d8a226b61c04d9c0ee9f73fe0.ppt
- Количество слайдов: 17
Trust Analysis of PGP based on Mean Shortest Distance School of Engineering 2001814 Kyusuk Han
Contents n 1. Introduction n 2. What is PGP? n 3. Web of trust n 4. Difference to Hierarchical trust structure n 5. Trust analysis n 6. source code n 7. Sample result n 8. Conclusion n 9. Further works n 10. Reference 2
What is PGP? n What is PGP? PGP - Pretty Good Privacy n Developed by Phil Zimmerman in 1991 n From v 2. 0, well-known algorithms was begun to be used. 3
Web of Trust § Assume Alice signed Bob, Bob signed Charlie, and Charlie signed Alice. They can reach any one. If Alice cannot reach Charlie directly, Alice can reach him via Bob. It's strong set § There are many small strong set in whole PGP users. With exchanging keys between these small strong set, strong set will be combined and be bigger. After all, strong set will be one. (In ideal assumption) 4
Web of Trust 5
Difference between Hierarchical trust and web of trust § Root CA can selfcertificate, and ultimately trusted. § Alice and Bob are under the CAs. § bottom one trust upper CA. 6
Difference between Hierarchical trust and web of trust § The most difference between Hierarchical trust and web of trust is existence of Root CA. In Hierarchical trust, A users can ultimately trust himself and Root CA. § In hierarchical trust structure, CA manage user's key information. In PGP, users manage their key ring in their personal computer. 7
Trust analysis § To measure each key's mean shortest distance. Sometimes user can reach others in 1 or 2 times, but also 20 or 30 times. § Mean shortest distance, MSD to signee is more important than MSD from signer, because of the possibility like any user sign all key in the world. § Lowest MSD means the user are in the centre of web of trust. § But more than anything else, every decision is up to users themselves. Even though Phil Zimmerman, the inventor of PGP, is not trustful than user himself. 8
Example: Finding Mean Shortest Distance of A When A can reach B, and B can reach A, there is 'strong set'. 'hop' means unit distance to contact beside one. To contact C : 1 hop To contact B : 2 hop To contact D : 2 hop To contact E : 3 hop To contact F : 4 hop To contact G : 3 hop Total distance : 15 MSD : 15/6 = 2. 5 9
Source Code § pre-process. keys raw data of public keys and signed keys. It can be gathered by export_keys. sh, precess_keys. pl. (They are shell script, and perl script. I used the scrpit made by Drew Streib. ) 10
Source Code int main () { pthread_t *slave 0, *slave 1; threadparam arg 0, arg 1; void *retval; printf("running"); if (Open. Files()) { fprintf(fpout, "Error opening files. n"); exit(); } Read. Input(); Test. Connectivity(); pthread_mutex_init(&mean_l, NULL); slave 0 = (pthread_t *) calloc(1, sizeof(pthread_t)); slave 1 = (pthread_t *) calloc(1, sizeof(pthread_t)); arg 0. threadnum = 0; arg 1. threadnum = 1; if (pthread_create(slave 0, NULL, thread_slave, &arg 0)) { fprintf(stderr, "Cannot create thread 0. "); } if (pthread_create(slave 1, NULL, thread_slave, &arg 1)) { fprintf(stderr, "Cannot create thread 1. "); } pthread_join(*slave 0, &retval); pthread_join(*slave 1, &retval); fprintf(fpout, "Average mean is %9. 4 fn", meantotal/numconnected); Report. Most. Signatures(); Close. Files(); } main() -Open. Files() : open preprocess. keys -Read. Input() : read public keys and signed keys from preprocess. keys -Test. Connectivity() : find strongset from read data 11
Source Code float Mean. Distance(int id) { int dist[MAXKEYS]; int i; int numstrong = 0; int totaldist = 0; /* init to a large value here, so shortest distance will always be * less */ memset(dist, 100, sizeof(int)*MAXKEYS); Mean. Crawler(dist, id, 0); for (i=0; i<numkeys; i++) { if (connected[i]) { numstrong++; totaldist += dist[i]; } } return ((float)totaldist / numstrong); } Mean Distance finder. Mean Crawler operate repeatly until it find shortest pass. 12
Source Code §Compile gcc(or cc) -o keyanalyze. c -lpthread §Run keyanalyze §Input data preprocess. keys §output data keyanalyze. out 13
Sample Result 1 8 E 02 CDBB 9590 CFD 4. 1056 2 C 795 C 78 F 1 A 37611 4. 1580 3 441570 CD 466 B 4289 4. 1709 4 144 F 2 D 45 4 F 570 BA 3 4. 2124 5 9 E 777 C 30 8 B 4608 A 1 4. 2554 6 CC 1 E 20 B 1 C 2009841 4. 2614 7 367 C 16 A 6 A 2 F 87 E 5 4. 2615 8 EF 6 D 8241 F 081195 D 4. 2661 9 657984 B 8 C 7 A 966 DD 4. 2851 10 C 52 D 476 D DBF 906 D 4. 2889 11 38742 B 5 C C 1 B 06 AF 1 4. 2905 12 86 BED 457 7 DFF 8533 4. 3487 13 6 CA 1 D 087 679 ED 91 4. 3552 14 5 F 803718 DA 0 EDC 81 4. 3780 15 EFC 93 F 81 1 CF 27 FD 5 4. 3915 16 87401 CE 1 8 C 95 A 15 4. 4209 10812 CFC 09 C 2 B 2991 DCD 14. 0568 10813 4 B 63591 B E 31 D 6 A 7 F 14. 6050 10814 4 C 1 EE 63 E E 660211 D 14. 6050 10815 501 AA 815 87 DD 2 B 6 E 14. 6050 10816 6 C 2 A 72 D 2 DBCF 6729 14. 6052 10817 1 DA 4 EB 40 6 EEEF 1 E 3 14. 6053 10818 21 A 8 AC 46 E 3468605 15. 0432 10819 78 C 3 DA 93 7 F 71 DBA 7 16. 0414 10820 4 C 209 F 16 C 6 BC 57 D 2 17. 0397 10821 C 911 A 442 7 DFEB 713 18. 0394 10822 9 F 3315 E ABAC 582 B 18. 0395 10823 21951 E 97 A 206 A 38 C 18. 0395 10824 4471 C 908 12 C 8 D 46 E 18. 0395 10825 5 EA 8 FE 02 FAFC 8 CBE 18. 0395 10826 63 BD 829 D BB 1 A 31 AC 18. 0395 10827 6 DC 6 C 8 F 4 83 E 4562 18. 0395 10828 B 880 F 8 CD 373 B 50 E 2 18. 0395 14
Conclusion § Trust Analysis can be used as a measurement of trust. § Lower MSD means the key owner is in the center of web of trust. Actually there are many famous people like Phil Zimmerman. But, it doesn't mean higher MSD is not trusted. 15
Further work § Performance problem- it takes many days to show the result with pc. § Not only analyze source code, but also make own part based on GPL. 16
Reference 1. Cryptography and Network Security 2 nd, William Stallings, Prentice Hall 2. Cryptography Decrypted, H. X. Mel, Doris Baker, Addison-Wesley 3. Handbook of Applied Cryptography, Alfread J. Menezes, Paul C. van Oorschot, Scott A. Vanstone, CRC 4. PGP - Pretty Good Privacy, Simson Garfinkel, O'reilly&Associates, Inc. 5. The C Programming Language, Brian W. Kernighan, Dennis M. Ritchie, Prentice Hall 6. dtype. org - Open. PGP keyanalyzing 17
7cffe14d8a226b61c04d9c0ee9f73fe0.ppt