Network Security

UNIT-3
Topics:

► Email Security Services

► Establishing Keys
► Privacy
► Authentication of Source
► Message Integrity
► Non-Repudiation
► Overview of PGP
► Cryptographic Keys
► Key Rings
► S/MIME Overview
Email Security
Security Services over Email:
► Privacy: No one should read message except recipient
► Authentication: Recipient should know exactly who the sender is
► Integrity: Recipient should be able to tell whether message was altered in transit
► Non-repudiation: Recipient can prove that the sender really sent it
► Proof of submission: Verification to the sender that the mailer got it
► Proof of delivery: Verification to sender that the recipient got it
► Message flow confidentiality: Eavesdropper cannot determine the sender's ID
► Anonymity: Ability to send so recipient does not know sender
► Containment: Ability to keep secure messages from "leaking" out of a region
► Audit: Logging of events having relevance to security
► Accounting: Maintain usage statistics (might charge for service)
► Self-destruct: Message is destroyed on delivery
► Message sequence integrity: Sequence of messages have arrived in order, without loss
Establishing Keys
► Most services are best provided using cryptographic means But the email infrastructure may re
quire many keys – where are they?
► Establishing Public Keys: Receiver may have sent it by some other means say NY times
► Receiver may have appended it to an email message (signed)
► Receiver may have certified it though a CA
► Receiver may have posted it on a Public Key Infrastructure
► Establishing Secret Keys:
► Both parties meet in private to set a key
► Communicate on the phone
► Sender gets a "ticket" from a KDC and includes it in the message
Privacy

► Also known as confidentiality

► The purpose of ‘Confidentiality’ is to ensure the protection of data by preventing
the unauthorized disclosure of information. Only individuals with the legitimate
authorization to access the required information should be permitted it

► Using end-to-end Privacy

► Using Privacy with distribution list exploders
Authentication
Authentication of the Source:
► Prevent C from sending mail to B with 'From: A'
Using Public Keys:
► Sender signs hash of message with its private key
► Works on multiple messages (same signature!)
► Public key might be sent with the message with a chain of certificates
Using Secret Keys:
► Sender computes a MAC with one of:
► CBC residue of the message computed with shared secret
► Hash of shared secret appended to message
► Encrypted message digest of message
Authentication
Authentication of the Source Using Distribution Exploders:
Public keys:
► Just forward the messages as is, use sender's public key to authenticate
Secret keys:
► Sender cannot be assumed to share secrets with all recipients or know who all the recipients are
► Distribution list exploder must remove sender's authentication
information from emails and replace it with its own
► Distribution list exploder must verify the source of the email
because recipients cannot do that themselves although they can authenticate the exploder
► Exploder may need to include the name of the sender in the body of the encrypted email.
Message Integrity

► Source authentication methods also provide message integrity

Does it make sense to provide integrity without authentication?
Message integrity without source authentication is meaningless
since someone could replace the message
with a completely different one and the recipient could not tell
Can't do message integrity check with secret key technology since both parties m
ust know each other to be able to use the same secret
Non-Repudiation

► One cannot deny that he/she send the particular message.

► Non-repudiation is the assurance that someone cannot deny the validity of something.
Non-repudiation is a legal concept that is widely used in information security and refers to a service,
which provides proof of the origin of data and the integrity of the data. In other words,
non-repudiation makes it very difficult to successfully deny who/where a message came from as
well as the authenticity and integrity of that message.
► Digital signatures (combined with other measures) can offer non-repudiation when it comes to online
transactions, where it is crucial to ensure that a party to a contract or a communication can't deny the
authenticity of their signature on a document or sending the communication in the first place. In this
context, non-repudiation refers to the ability to ensure that a party to a contract or a communication
must accept the authenticity of their signature on a document or the sending of a message.
PGP(Pretty Good Privacy)

• PGP was designed to provide all four aspects of security, i.e., privacy, integrity,
authentication, and non-repudiation in the sending of email.
• PGP uses a digital signature (a combination of hashing and public key encryption) to
provide integrity, authentication, and non-repudiation. PGP uses a combination of
secret key encryption and public key encryption to provide privacy. Therefore, we can
say that the digital signature uses one hash function, one secret key, and two
private-public key pairs.

• PGP is an open source and freely available software package for email security.
• PGP provides authentication through the use of Digital Signature.
• It provides confidentiality through the use of symmetric block encryption.
• It provides compression by using the ZIP algorithm, and EMAIL compatibility using the
radix-64 encoding scheme.
PGP

► PGP has grown explosively and is now very widely used. A number of reasons
are sited for such growth:
► It is available free worldwide in versions that run on many different
platforms, Windows, UNIX, Mac etc. In addition the commercial version
satisfies those who want vendor support.
► The package includes RSA, DSS and Diffie-Hellman for public-key encryption;
CAST-128, IDEA, and 3DES for symmetric encryption; and SHA-1 for hash
coding.
► It has a wide range of applicability, encrypting files and messages to
individuals who wish to communicate securely with others worldwide over the
Internet.
PGP

PGP consists of the following five services:

1. Authentication
2. Confidentiality
3. Compression
4. E-mail compatibility
5. Segmentation
PGP
Authentication

The digital signature service provided by PGP.

1. The sender creates a message.
2. SHA-1 is used to generate a 160-bit hash code of the message.
3. The hash code is encrypted with RSA using the sender’s private key, and the result is prepended
to the message.
4. The receiver uses RSA with the sender’s public key to decrypt and recover the hash code.
5. The receiver generates a new hash code for the message and compares it with the decrypted
hash code. If the two match, the message is accepted as authentic.
PGP
Confidentiality

PGP’s another service is confidentiality, which is encrypting messages for transmitting or to store
files locally.
• In both cases, the symmetric encryption algorithm CAST-128 may be used. Alternatively, IDEA or
3DES may be used. And the 64-bit cipher feedback (CFB) mode is used.
• In PGP, each symmetric key is used only once. The session key is bound to the message. To
protect the key, it is encrypted with the receiver’s public key.
PGP

1. The sender generates a message and a random 128-bit number to be used as a session key for this
message only.
2. The message is encrypted using CAST-128 (or IDEA or 3DES) with the session key.
3. The session key is encrypted with RSA using the recipient’s public key and is prepended to the
message.
4. The receiver uses RSA with its private key to decrypt and recover the session key.
5. The session key is used to decrypt the message
PGP
Confidentiality & Authentication

• First, a signature is generated for the plaintext message and prepended to the
message. Then the plaintext message plus signature is encrypted using CAST-128
(or IDEA or 3DES), and the session key is encrypted using RSA (or ElGamal).
• In summary, when both services are used, the sender first signs the message
with its own private key, then encrypts the message with a session key, and
finally encrypts the session key with the recipient’s public key.
PGP
Compression

• PGP compresses the message after applying the signature but before encryption. This has the
benefit of saving space both for e-mail transmission and for file storage.
• Z for compression and Z–1 for decompression
The signature is generated before compression for two reasons:
• It is preferable to sign an uncompressed message so that one can store only the uncompressed
message together with the signature for future verification.
• If you generate signature after compression then there is a need recompression for message
verification, PGP’s compression algorithm presents a difficulty.
► Message encryption is applied after compression to strengthen cryptographic security. Therefore
cryptanalysis is more difficult.
• The compression algorithm used here is ZIP Algorithm
PGP
E-Mail-Compatibility

The resulting message block consists of a stream of arbitrary 8-bit octets.

• However, many electronic mail systems only permit the use of blocks consisting of ASCII text.
• To accommodate this restriction, PGP provides the service of converting the raw 8-bit binary
stream to a stream of printable ASCII characters.
• The scheme used for this purpose is radix-64 conversion. Each group of three octets of binary data
is mapped into four ASCII characters. This format also appends a CRC to detect transmission errors.
• The use of radix 64 expands a message by 33%. Fortunately, the session key and signature portions
of the message are relatively compact, and the plaintext message has been compressed.
• In fact, the compression should be more than enough to compensate for the radix-64 expansion.
PGP
Segmentation & Reassembly

► E-mail facilities often are restricted to a maximum length. To accommodate this, PGP
automatically subdivides a message that is too large into segments that are small enough to send
via e-mail.
► The segmentation is done after all of the other processing, including the radix-64 conversion.
Cryptographic Keys and Key Rings

► PGP makes use of four types of keys:

1. one-time session symmetric keys,
2. public keys,
3. private keys, and
4. passphrase-based symmetric keys
► Three separate requirements can be identified with respect to these keys.
1. generating unpredictable session keys is needed
2. 2. PGP would like to allow a user to have multiple public key/private-key pairs.
One reason is that the user may wish to change his or her key pair from time to
time.
3. 3. Each PGP entity must maintain a file of its own public/private key pairs as well
as a file of public keys of OTHERS.
Continued..

► The session key component includes

1. The session key and
2. The identifier of the recipient’s public key
• The session key is used to encrypt the plaintext.
• The identifier of the recipient’s public key was used by the sender to encrypt
the session key.
• The entire block is usually encoded with radix-64 encoding.
Key Rings

• These keys need to be stored and organized in a systematic way for efficient
and effective use by all parties.
• The scheme used in PGP is one to store the public/private key pairs owned by
that node and one to store the public keys of other users known at this node.
• These key rings are referred to, respectively, as the private-key ring and the
public-key ring.
Private-key Ring

We can view the ring as a table in which each row represents one of the public/private key pairs
owned by this user.
Each row contains the entries:
• Timestamp: The date/time when this key pair was generated.
• Key ID: The least significant 64 bits of the public key.
• Public key: The public-key portion of the pair.
• Private key: The private-key portion of the pair, this field is encrypted.
• User ID: Typically, this will be the user’s e-mail address
Public-key Ring

► This ring is used to store public keys of other users that are known to this
user.

• Timestamp: The date/time when this entry was generated.

• Key ID: The least significant 64 bits of the public key for this entry.
• Public Key: The public key for this entry.
• User ID: Identifies the owner of this key. Multiple user IDs may be associated
with a single public key.
S/MIME (Secure/Multipurpose Internet Mail
Extensions)

► security enhancement to MIME email

► original Internet RFC822 email was text only
► MIME provided support for varying content types and multi-part messages
► with encoding of binary data to textual form
► S/MIME added security enhancements
► have S/MIME support in various modern mail agents: MS Outlook, Netscape etc
S/MIME Functions

► enveloped data
► encrypted content and associated keys
► signed data
► encoded message + signed digest
► clear-signed data
► cleartext message + encoded signed digest
► signed & enveloped data
► nesting of signed & encrypted entities
S/MIME Cryptographic Algorithms

► hash functions: SHA-1 & MD5

► digital signatures: DSS & RSA
► session key encryption: ElGamal & RSA
► message encryption: Triple-DES, RC2/40 and others
► have a procedure to decide which algorithms to use
S/MIME Certificate Processing

► S/MIME uses X.509 v3 certificates

► managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust
► each client has a list of trusted CA’s certs
► and own public/private key pairs & certs
► certificates must be signed by trusted CA’s
Certificate Authorities

► have several well-known CA’s

► Verisign one of most widely used
► Verisign issues several types of Digital IDs
► with increasing levels of checks & hence trust
Class Identity Checks Usage
1 name/email check web browsing/email
2+ enroll/addr check email, subs, s/w validate
3+ ID documents e-banking/service access