Real-World Protocols - Real-World Protocols On the Internet nobody knows you're a dog Peter Steiner cartoon in The New Yorker(5 July 1993 Real-world

Real-World Protocols - Real-World Protocols On the Internet...

This preview shows page 1 - 9 out of 85 pages.

On the Internet, nobody knows you're a dog. — Peter Steiner cartoon in The New Yorker (5 July 1993) Real-World Protocols
Until now, examined “abstract” cryptography and security Real protocols for authentication Kerberos PGP Real protocols for secure communications SSH SSL IPSec System builders have to get the details right! Even if crypto is strong, weak implementations can leave security holes Real-world protocols 2
PGP goals Provide authentication (without encryption) Provide encryption (includes authentication) PGP can use many algorithms RSA, DSS, Diffie-Hellman for public-key CAST-128, IDEA, 3DES for symmetric encryption SHA-1 for cryptographic hash PGP was designed for wide use No standards bodies or governments Source code widely available (and patent-free, now) Allows secure exchange of messages with minimal setup Just need the other person’s public key Lots of ways to get (and verify) this key Pretty Good Privacy (PGP) 3
K S :session key for conventional encryption KR A : private key of user A KU A : public key of user A EP: public key encryption DP: public key decryption EC: conventional encryption DC: conventional decryption H: hash function Z: compression using ZIP R64: conversion using radix 64 PGP notation 4
Digital signature: authentication Uses hash function (SHA-1 or others) Signs hash using DSS or RSA Message encryption Encrypts message with symmetric key algorithm TripleDES must be supported AES-128, CAST should be supported Encrypts key with public key algorithm El-Gamal must be supported RSA should be supported Many other public & symmetric algorithms supported Compression: compresses message with ZIP or other algorithms Text conversion: converts binary data to text with radix64 Allows binary data to be sent via conventional email Could also be done using MIME (which uses radix64…) PGP services 5
Sender creates a message SHA-1 hashes the message Hash code encrypted with RSA (or DSS) using sender’s private key, and is appended to the message Receiver uses RSA (or DSS) with sender’s public key to decrypt and recover the hash code Receiver generates a new hash code and compares it with the one from the message (match message is authentic) PGP authentication (only) 6 Sent Source A Destination B M
Sender creates a message SHA-1 hashes the message Hash code encrypted with RSA (or DSS) using sender’s private key, and is appended to the message Receiver uses RSA (or DSS) with sender’s public key to decrypt and recover the hash code Receiver generates a new hash code and compares it with the one from the message (match message is authentic) PGP authentication (only) 6 Sent Source A Destination B M H
Sender creates a message SHA-1 hashes the message Hash code encrypted with RSA (or DSS) using sender’s private key, and is

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture