Secure e-mail

How do you do it? Need to worry about sniffing, modifying,

end-user masquerading, replaying. If sender and receiver have shared secret

keys, then straightforward. Can use public-key cryptography to

distribute keys. But users do not want to hassle with

certificate authority.

1

2

Secure e-mail: PGP

PGP = Pretty Good Privacy It is availiable free on a variety of

platforms. inventor, Phil Zimmerman, was target of 3-

year federal investigation. Based on well known algorithms. Not developed or controlled by

government or standards organizations

3

Sender Authentication and Message Integrity

• Alice wants to provide sender authentication message integrity.

• Alice digitally signs message.• sends both message (in the clear) and digital signature.

H( ). KA( ).-

+ -

H(m )KA(H(m))-

m

KA-

Internet

m

KA( ).+

KA+

KA(H(m))-

mH( ). H(m )

compare

4

PGP

Hash: SHA-1 160 bits

Public key cryptography: RSA

Question: Why digital signatures for authentication? Why not a MAC? Could use public-key crypto to get a shared

key. But if there are 100 recipients? Need to

distribute 100 MAC keys.

5

Confidentiality

Alice: generates random symmetric key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key. sends both KS(m) and KB(KS) to Bob.

Alice wants to send confidential e-mail, m, to Bob.

KS( ).

KB( ).+

+ -

KS(m

)

KB(KS )+

m

KS

KS

KB+

Internet

KS( ).

KB( ).-

KB-

KS

mKS(m

)

KB(KS )+

6

Confidentiality

Bob: uses private key to obtain KS

uses KS to decrypt KS(m)

Alice wants to send confidential e-mail, m, to Bob.

KS( ).

KB( ).+

+ -

KS(m

)

KB(KS )+

m

KS

KS

KB+

Internet

KS( ).

KB( ).-

KB-

KS

mKS(m

)

KB(KS )+

7

Confidentiality: PGP

Session key: 128 bits Symmetric encryption:

CAST-128 or IDEA or 3DES Public key encryption

RSA

8

Secure e-mail: Confidentiality and Authentication

• Alice wants to provide secrecy, sender authentication, message integrity.

Alice uses three keys: her private key, Bob’s public key, newly created symmetric key

H( ). KA( ).-

+

KA(H(m))-

m

KA-

m

KS( ).

KB( ).+

+

KB(KS )+

KS

KB+

Internet

KS

9

PGP key rings

Each node has two key rings: Public/private key pairs owned by that node Public key of other users

For the keys of other users, for each key track: user id: e-mail address, name, address, etc. public key timestamp: date when key was generated key ID key legitimacy signatures

10

Format of PGP Message

KA+

KA(H(m))-

+

Users may have multiple key pairs Key ID’s: last 64 bits of

public key Message component Signature component

Timestamp Key ID of Mess digest: Leading two octets in

clear, to verify correct key is being used

Session key component key ID of KB Session key: KS

11

PGP Trust

No certificate authorityHow does Alice obtain Bob’s

public key? Alice physically gets key

from Bob Or from phone

conversation Or gets Bob’s key from

Claire, who Alice may or may not trust

For a key in your key ring: Can you trust that key

really belongs to the person defined by the user-id?

Can you trust that user-id to vouch for other keys?

For each key on ring: Key legitimacy field

indicates how much you trust this key to be valid for the associated user. Determined by PGP

algorithm Signatures for key. Each

signature signed with private key of some user

Also, key ring includes trust values for owners of keys in key ring Determined by you.

12

Public key management: example Suppose Alice inserts

new public key in key ring. If Alice is owner, trust assigned to Alice is ultimate.

Otherwise, Alice must assign trust value to owner of key: unknown untrusted marginally trusted completely trusted.

New public key may come with signatures vouching for the key. For each signature, PGP searches ring to see if author of signature is in key ring.

Key legitimacy = legit if one signature completely trusted. Otherwise, determined from formula based on trust of signatures: above threshold, key is considered legit

13

Examplelegit and trusted

legit, not trusted

1) You first assign trustlevels to users2) PGP estimates whichkeys are legit

14

Examplelegit and trusted

legit, not trusted

1) You first assign trustlevels to users2) PGP estimates whichkeys are legit

15

PGP summary

PGP provides security at the application layer to a single application

Provides: Authentication, integrity, confidentiality

Public key verification Web of trust