Today s Outline Computer Security CS477 Electronic Mail Security Pretty Good Privacy Chap 5 1 mail server mail server What do you need in Email security Lecture 12 Ching Hua Chuan October 29th 2008 Pretty Good Privacy Why PGP PGP is an open source freely available software package for e mail security It is availiable free on a variety of platforms It is based on well studied algorithms PGP is created by Phil Zimmermann It has a wide range of applicability PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications It is not developed or controlled by any governmental or standards organizations PGP is now on an Internet standards track RFC 3156 Operational Description mail server Authentication Digital Signature mail server Five services Authentication Confidentiality Compression E mail compatibility E mail segmentation 1 2 3 4 PGP PGP Confidentiality 1 2 3 4 5 A generates M and a random 128 bit number to be used as session key Ks one Ks per M M is encrypted using CAST 128 or 3DES with Ks Ks is encrypted using RSA with PUB and prepended to M B uses RSA with PRB to recover Ks Ks is used to decrypt M 5 A creates a message M Use SHA 1 to generate a 160 bit hash H H is encrypted with PRa using RSA and prepended to M B uses RSA with PUa to decrypt and recover H B generates a new hash and compares it with the decrypted hash H Authentication and Confidentiality confidentiality authentication Compression Compression PGP compresses the message after applying the signature but before encryption Compression after signature The compression algorithm used is ZIP described in appendix 5A Compression before encryption ZIP LZ77 Compression Algorithm The algorithm looks for repeated sequences and replace them with a pointer to the prior sequence and the length of the sequence Strengthen cryptographic security because the compressed message has less redundancy E mail Compatibility PGP s encryption and signature Result in a stream of arbitrary 8 bit octets Many electronic mail systems only permit the use of blocks consisting of ASCII text Radix 64 conversion PGP provides the service of converting the raw 8 bit binary stream to a stream of printable ASCII characters the brown fox jumped over the brown foxy jumping frog 00b 26d 13d One can store only the uncompressed message together with the signature for verification Applying the hash function and signature after compression would constrain all PGP implementations to the same version of compression Relations Between Services Summary of PGP Services Segmentation and Reassembly E mail is often restricted to a maximum message length of 50 000 octets PGP automatically subdivides a message that is too large Segmentation is done after all other processing First segment contains session key and signature The receiver strip of all e mail headers and reassemble the block before other processing PGP Desktop http tw youtube com watch v LkSe6IdauUY feature related http tw youtube com watch v 3t eFIYhIYk Today s Summary Electronic Mail Security Pretty Good Privacy Chap 5 1 Five services authentication confidentiality compression e mail compatibility segmentation and reassembly The order of the five services