set316 - < Dr. Cunsheng DING HKUST, Hong Kong...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Computer Security Cunsheng Ding, HKUST COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Lecture 16: Electronic Mail Security (I) Main Topics of this Lecture 1. Email security issues. 2. Brief introduction to PGP. Page 1 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security About Electronic Mail 1. In virtually all distributed environment, electronic mail is the most heavily-used network-based application. 2. It is also the only distributed application that is widely used across all architectures and platforms (PC, UNIX, Macintosh, etc). Consequence: With the explosively growing reliance on electronic mail, there is a growing demand for authentication and confidentiality services. Page 2 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Developing a System for Electronic Mail Security Having learned the basics of ciphers, digital signature, and authentication, you are asked to design a system to support the following for electronic email communication: 1. confidentiality of message; 2. digital signature of the sender; and 3. authentication of message. Question: How do you design your system? Page 3 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Developing a System for Electronic Mail Security Answer: You need to carry out the following: 1. Select the best available cryptographic algorithms as building blocks; and 2. integrate these algorithms into a general-purpose application that is independent of operating system and processor and that is based on a small set of easy-to-use commands. This is how PGP and S/MIME were developed. PGP: Pretty Good Privacy S/MIME: Secure/Multipurpose Internet Mail Extension Page 4 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security PGP: Pretty Good Privacy 1. It is a program for email communication security. 2. Phil Zimmermann started writing PGP in the mid 1980s and finished the first version in 1991. 3. It is available free worldwide in versions than runs on a variety of platforms, including DOS/Windows, UNIX, Macintosh, and many more. 4. It is based on cryptographic algorithms that have survived extensive public review. 5. It has a wide range of applicability: within corporations and for individuals within themselves. Page 5 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security A Summary of PGP Services 1. Nonrepudiation and authentication (Digital signature with DSS/SHA or RSA/SHA). 2. Message confidentiality (encryption with CAST or IDEA or 3DES, and session key encryption with ElGamal or RSA). 3. Compression (using ZIP) – A message may be compressed, for storage or transmission. 4. Email compatibility (using radix-64 conversion): To provide transparency for email applications, an encrypted message may be converted to an ASCII string using radix-64 conversion. 5. Segmentation – to accommodate maximum message size limitations, PGP performs segmentation and reassembly. Page 6 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Nonrepudiation and Authentication in PGP (A) kd Source A M h D || Z (A) ke Destination B Z−1 E M compare h Where DSS/SHA-1 or RSA/SHA-1, Z = ZIP algorithm. In new versions of PGP, SHA-256 and SHA-512 will be used. Remark: Detached signature are supported, and may be stored and transmitted separately from the message it signs. Page 7 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Confidentiality in PGP (B) ke Source A ks M E k (B) [ks] e E Z E || Destination B k (B) d D ks D Z−1 M A public-key cipher (RSA or ElGamal), a conventional cipher (CAST-128, IDEA or 3DES). ks the session per message. Page 8 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Authent., Confident., and Nonrepudiation in PGP (B) Source A ke (A) kd h D ks || Z E E || M E (B) [k ke s (A) k (B) d D D k (A) [h(M)] k e d ks D E −1 Z M h compare Destination B Page 9 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Compression in PGP Why compression? Save space both for email transmission and for file storage. Placement of compression: After applying the signature, but before encryption. Z indicates compression and Z −1 decompression. Why should Z be before encryption? Compression reduces the redundancy of messages and makes cryptanalysis more difficult! Why signature before compression? Left to you. Comment: It is interesting to note that finding the right placement of a building block is quite important for the whole system! Remark: See W. Stallings for details of ZIP. Page 10 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Email Compatibility The problem: When PGP is used, at least part of the block to be transmitted is encrypted, consists of a stream of arbitrary 8-bit octets. However, many electronic mail systems only permits the use of blocks consisting of ASCII text. Solution: To accommodate this restriction, PGP provides the service of converting the raw 8-bit binary stream to a stream of printable ASCII characters. The scheme used is the “radix-64 conversion”. Comment: The use of radix-64 conversion expands a message by 33%. Fortunately, the compression should be more than enough to compensate for the radix-64 conversion. Remark: See W. Stallings for details of the radix-64. Page 11 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Relationship among the four Services (a) generic transmission diagram (from A) x = file signature required? yes yes generate signature x = signature || x yes encrypt key and x x = E k(B) [ks] || E k [x] no compress x = Z(x) confidentiality required? no e s convert to radix 64 x = R64[x] R64: conversion to radix-64 ASCII format, always applied. Page 12 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Relationship among the four Services convert from radix 64 x = R64 −1 [x] confidentiality required? no (b) generic receiption diagram (to B) yes x=x1 || x 2 decrypt key and x k s = Dk(B) [x1 ] d x = Dk [x2 ] s decompress x = Z −1 (x) signature required? yes strip signature from x verify signature no x1 = Ek(B) [ks ], x2 = Eks [x]. e Page 13 COMP4631 < Dr. Cunsheng DING HKUST, Hong Kong Computer Security Segmentation and Reassembly The problem: Email facilities often are restricted to a maximum message length (e.g., 50, 000 octets). Any message longer than that must be broken into smaller segments, each of which is mailed separately. Solution: To accommodate this restriction, PGP automatically subdivides a message that is too large into segments that are small enough to send via email. When is segmentation done? After all of the other processing, including the radix-64 conversion. Reassembly: The session key component and signature component appear only once, at the beginning of the first segment. At the receiving end, PGP must strip off all email headers and reassemble the entire original block before performing the steps illustrated in the figure of the previous page. Page 14 COMP4631 ...
View Full Document

Ask a homework question - tutors are online