ECE 646 Lecture 4A. Pretty Good Privacy PGP. Short History of PGP based on the book Crypto by Steven Levy. Required Reading

Transcription

1 ECE 646 Lecture 4A Pretty Good Privacy PGP Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 18.1 or 19.1 Pretty Good Privacy (PGP) On-line Chapters (available after registration): Appendix O Data Compression Using Zip Appendix P PGP Random Number Generation Short History of PGP based on the book Crypto by Steven Levy 1

2 Phil Zimmermann early years grew up in Florida, got interested in cryptography in teenage years studied physics at Florida Atlantic University, learned about RSA shortly after its discovery, from the Mathematical Recreational column in Scientific American became active in the antinuclear political movement of 1970s-1980s Collaboration with Charlie Merritt in 1984, Zimmermann was contacted by Charlie Merritt, who implemented RSA on a microcomputer based on Z80 8-bit microprocessor by 1986, Merritt passed to Zimmermann all his knowledge of multiprecision integer arithmetic required to implement RSA In 1986, Merritt and Zimmermann met with Jim Bidzos, the new CEO of RSA Data Security Inc., who brought with him a copy of Mailsafe, a program written by Rivest and Adleman, implementing RSA. After the meeting: Zimmermann claimed that Bidzos offered him a free license to RSA Bidzos strongly denied such claims Early Work ( ) in 1986, Zimmermann summarized his ideas in the paper published in IEEE Computer As a secret key cipher he chose a cipher developed by Merritt for navy, with his own security improvements. He called this cipher Bass-O-Matic, see in 1990, he devoted his time completely to finishing the program he called Pretty Good Privacy In 1990 he called Jim Bidzos to confirm his free RSA license. Bidzos strongly denied ever making such offer. 2

3 Release of PGP In 1991, out of the fear of the government making all encryption illegal (prompted by an antiterrorist Senate bill 266 co-sponsored by Joe Biden) he decided to release PGP as soon as possible, and changed its classification from "shareware" to "freeware" In May 1991, Zimmermann passed the program to a fellow crypto enthusiast to spread it on the Internet "like dandelion seeds" Release of PGP In the first weekend of June 1991, PGP 1.0 was uploaded to multiple servers (all located in the U.S.). Its documentation included a motto: "When crypto is outlawed, only outlaws will have crypto". The very next day people were encrypting messages with PGP all over the world (in violation of the U.S. crypto export regulations) Legal Problems RSA Data Security Inc. and Public Key Partners accused Zimmermann of violating their patents PGP 2.0, released in September 1992 from Amsterdam and Auckland, replaced Bass-O-Matic by a much stronger Swiss cipher called IDEA with the 128-bit key In February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license. In 1996, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else. PGP 5 released in 1997 introduced use of the CAST-128 symmetric key algorithm, and the ElGamal asymmetric key algorithm (referred in the documentation as DiffieHellman), mitigating patent dispute with RSA Data Security Inc. and PKP. 3

4 Later Years In 1997, IETF (Internet Engineering Task Force) started the development of a standard called OpenPGP The Free Software Foundation has developed its own OpenPGP-compliant program called GNU Privacy Guard (abbreviated GnuPG or GPG) Most recently, several ios and Android OpenPGPcompliant applications have been released, such as ipgmail for ios and APG for Android Internal Operation of PGP: Implementation of Security Services PGP Authentication Only Notation: M - message H hash function EP public key encryption - concatenation Z - compression using ZIP algorithm KR a private key of user A KU a public key of user A 4

5 Non-repudiation Alice Message Signature Message Signature Bob Hash function Hash function Hash value Public key cipher yes Hash value 1 Hash value 2 no Public key cipher Alice s private key Alice s public key PGP Confidentiality Only Notation: M - message Z - compression using ZIP algorithm EC / DC classical (secret-key) encryption / decryption EP / DP public key encryption / decryption - concatenation K s - session key KR b private key of user B KU b public key of user B Hybrid Systems - Sender s Side (2) Alice 1 session key random message Secret key cipher Public key cipher 3 Bob s public key 2 Session key encrypted using Bob s public key Message encrypted using session key 5

6 Hybrid Systems - Receiver s Side (2) Bob session key random 1 Public key cipher Bob s private key message 2 Secret key cipher Session key encrypted using Bob s public key Message encrypted using session key PGP Confidentiality and Authentication Notation: M - message H hash function Z - compression using ZIP algorithm EP / DP public key encryption / decryption - concatenation EC / DC classical (secret-key) encryption / decryption K s - session key KR a / KR b private key of user A / B KU a / KU b public key of user A / B Transmission and Reception of PGP Messages 6

7 PGP Operation Compression by default PGP compresses message after signing but before encrypting so can store uncompressed message & signature for later verification because compression is non deterministic uses ZIP compression algorithm Major idea behind ZIP compression Radix-64 Conversion The '==' sequence indicates that the last group contained only one byte, and '=' indicates that it contained two bytes. 7

8 Radix-64 Encoding General Format of PGP Message Summary of PGP functions 8

9 Private Key Ring Public Key Ring PGP Message Generation (without compression or radix-64 conversion) 9

10 PGP Message Reception (without compression or radix-64 conversion) Manual exchange of public keys: PGP: Flow of trust Las Vegas Bob David Edinburgh David Betty Bob (Washington) David (New York) Betty (London) David, send me Betty s public key Betty s public key signed by David message encrypted using Betty s public key PGP Trust Model 10