Professional Documents
Culture Documents
VI Network Secirity-Email Security PGP SMIME
VI Network Secirity-Email Security PGP SMIME
VI Network Secirity-Email Security PGP SMIME
1
E-mail Architecture
2
E-mail Security
Cryptographic Algorithms
Certificates
It is obvious that some public-key algorithms must be
used for e-mail security.
3
Cryptographic Secrets
4
Pretty Good Privacy (PGP)
⚫Pretty Good Privacy (PGP) can be used to
create a secure e-mail message
⚫or to store a file securely for future
retrieval.
5
Pretty Good Privacy (PGP)
PGP provides four services:
1. Authentication
2. Compression
3. Confidentiality
4. Email compatibility
6
PGP operation
7
PGP operation: 1)Digital Signature
8
PGP operation: 2) Compression
⚫The message IS compressed using ZIP
program which is based on Lempel-Ziv
Algorithm.
⚫ Lempel-Ziv Algorithm looks for repeated
strings or words creates corresponding
variables for them.
9
PGP operation: 2) Compression
⚫Coding using Lempel-Ziv Algorithm.
10
PGP operation: 2) Compression
⚫Decoding using Lempel-Ziv Algorithm.
11
PGP operation: 2) Compression
12
PGP operation: 3) Encryption
⚫Compressed form of original email and
digital signature are encrypted
symmetric key.
⚫For this IDEA algorithm in CFB mode
is used.
13
PGP operation: 4) Digital Enveloping
⚫The encrypted message is again
encrypted with receiver’s public
key.
14
PGP operation: Radix 64 Encoding
⚫Most email systems allow the
message to consists of only ASCII
characters.
⚫To translate the characters in
15
Radix 64 Encoding Process
16
Radix 64 Encoding Example
17
Radix 64 Mapping Table
18
PGP operation: 6. Segmentation
⚫To accommodate maximum
segment size PGP uses
Segmentation and Reassembly.
19
PGP operation
20
Key Rings in PGP
16.22
PGP Certificates
• In PGP, there is no need for CAs.
• Anyone in the ring can sign a certificate for
anyone else in the ring.
16.25
Example 16.1
Let us show a private key ring table for Alice. We assume that
Alice has only two user IDs, alice@some.com and alice@anet.net.
We also assume that Alice has two sets of private/public keys, one
for each user ID.
16.26
Format of a public key ring table
16.27
Example 16.2
A series of steps will show how a public key ring table is formed
for Alice.
16.28
Example 16.2
16.29
Example 16.2
16.30
Example 16.2
16.31
S/MIME
• Another security service designed for electronic mail
is Secure/Multipurpose Internet Mail Extension
(S/MIME).
• The protocol is an enhancement of the Multipurpose
Internet Mail Extension (MIME) protocol.
32
MIME FORMAT
33
MIME-Version
This header defines the version of MIME used. The
current version is 1.1.
Content-Type
The content type and the content subtype are separated
by a slash. Depending on the subtype, the header may
contain other parameters.
34
35
36
Radix-64 conversion
37
S/MIME
• S/MIME adds some new content types to include
security services to the MIME.
• All of these new types include the parameter
“application/pkcs7-mime,” in which “pkcs” defines
“Public Key Cryptography Specification.”
41
Enveloped-data content type
42
Digest-data content type
43
Authenticated-data content type
44
Cryptographic Algorithms
S/MIME defines several cryptographic algorithms. The
term “must” means an absolute requirement; the term
“should” means recommendation.
45
The following shows an example of an enveloped-data in which a
small message is encrypted using triple DES.
46
47
48
49