ECE 646 Lecture 4. Pretty Good Privacy PGP

Similar documents
Pretty Good Privacy PGP. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

ECE 646 Lecture 4A. Pretty Good Privacy PGP. Short History of PGP based on the book Crypto by Steven Levy. Required Reading

Key management. Pretty Good Privacy

Pretty Good Privacy (PGP)

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

ECE 646 Lecture 3. Key management

Pretty Good Privacy (PGP

Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

Introduction and Overview. Why CSCI 454/554?

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

NETWORK SECURITY & CRYPTOGRAPHY

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

ECE 646 Lecture 3. Key management. Required Reading. Using Session Keys & Key Encryption Keys. Using the same key for multiple messages

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Cryptography and Network Security. Sixth Edition by William Stallings

The evolving storage encryption market

Cryptographic Systems

Key Exchange. Secure Software Systems

PROTECTING CONVERSATIONS

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Security PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India

BCA III Network security and Cryptography Examination-2016 Model Paper 1

CPSC 467: Cryptography and Computer Security

Diffie-Hellman. Part 1 Cryptography 136

ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

Cryptography and Network Security

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

CS 161 Computer Security

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

Public Key Algorithms

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Chapter 8 Information Technology

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

CCNA Security 1.1 Instructional Resource

Kurose & Ross, Chapters (5 th ed.)

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Ralph Durkee Independent Consultant Security Consulting, Security Training, Systems Administration, and Software Development

Topics. Number Theory Review. Public Key Cryptography

APNIC elearning: Cryptography Basics

Overview. Public Key Algorithms I

Chapter 5 Electronic mail security

Number Theory and RSA Public-Key Encryption

Lecture 6: Overview of Public-Key Cryptography and RSA

Public-key encipherment concept

Cryptographic Concepts

Using Cryptography CMSC 414. October 16, 2017

Introduction to Cryptography. Vasil Slavov William Jewell College

CS Computer Networks 1: Authentication

Grenzen der Kryptographie

Summary of PGP Services

Public Key Cryptography

Ref:

EEC-682/782 Computer Networks I

2.1 Basic Cryptography Concepts

Encryption 2. Tom Chothia Computer Security: Lecture 3

The Research on PGP Private Key Ring Cracking and Its Application

CS 425 / ECE 428 Distributed Systems Fall 2017

ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

Channel Coding and Cryptography Part II: Introduction to Cryptography

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

HOST Cryptography I ECE 525. Cryptography Handbook of Applied Cryptography &

Cryptography (Overview)

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Chapter 3 Public Key Cryptography

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Encrypted Data Deduplication in Cloud Storage

PUBLIC KEY CRYPTO. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

CRYPTOGRAPHY & DIGITAL SIGNATURE

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Cryptography and Network Security Chapter 14

Cryptography V: Digital Signatures

14. Internet Security (J. Kurose)

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Cryptography and Network Security. Sixth Edition by William Stallings

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Symmetric, Asymmetric, and One Way Technologies

SSH PK Authentication and Auto login configuration for Chassis Management Controller

Encryption. INST 346, Section 0201 April 3, 2018

Other Topics in Cryptography. Truong Tuan Anh

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

CRYPTOGRAPHY AND NETWORK SECURITY

Public-key Cryptography: Theory and Practice

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Lecture III : Communication Security Mechanisms

Transcription:

ECE 646 Lecture 4 Pretty Good Privacy PGP

Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 6/E or 7/E Chapter 19.1 Pretty Good Privacy (PGP) On-line Chapters (available after registration): Appendix O Data Compression Using Zip Appendix P More on PGP

Short History of PGP based on the book Crypto by Steven Levy

Phil Zimmermann early years grew up in Florida, got interested in cryptography in teenage years studied physics at Florida Atlantic University, 1972-1977 learned about RSA shortly after its discovery, from the Mathematical Recreational column in Scientific American became active in the antinuclear political movement of 1970s-1980s

Collaboration with Charlie Merritt in 1984, Zimmermann was contacted by Charlie Merritt, who implemented RSA on a microcomputer based on Z80 8-bit microprocessor by 1986, Merritt passed to Zimmermann all his knowledge of multiprecision integer arithmetic required to implement RSA In 1986, Merritt and Zimmermann met with Jim Bidzos, the new CEO of RSA Data Security Inc., who brought with him a copy of Mailsafe, a program written by Rivest and Adleman, implementing RSA. After the meeting: Zimmermann claimed that Bidzos offered him a free license to RSA Bidzos strongly denied such claims

Early Work (1986-1991) in 1986, Zimmermann summarized his ideas in the paper published in IEEE Computer As a secret key cipher he chose a cipher developed by Merritt for navy, with his own security improvements. He called this cipher Bass-O-Matic, see http://www.nbc.com/saturday-night-live/video/bassomatic/n8631?snl=1 in 1990, he devoted his time completely to finishing the program he called Pretty Good Privacy In 1990 he called Jim Bidzos to confirm his free RSA license. Bidzos strongly denied ever making such offer.

Release of PGP 1.0-1991 In 1991, out of the fear of the government making all encryption illegal (prompted by an antiterrorist Senate bill 266 co-sponsored by Joe Biden) he decided to release PGP as soon as possible, and changed its classification from "shareware" to "freeware" In May 1991, Zimmermann passed the program to a fellow crypto enthusiast to spread it on the Internet "like dandelion seeds"

Release of PGP 1.0-1991 In the first weekend of June 1991, PGP 1.0 was uploaded to multiple servers (all located in the U.S.). Its documentation included a motto: "When crypto is outlawed, only outlaws will have crypto". The very next day people were encrypting messages with PGP all over the world (in violation of the U.S. crypto export regulations)

Legal Problems RSA Data Security Inc. and Public Key Partners accused Zimmermann of violating their patents PGP 2.0, released in September 1992 from Amsterdam and Auckland, replaced Bass-O-Matic by a much stronger Swiss cipher called IDEA with the 128-bit key In February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license. In 1996, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else. PGP 5 released in 1997 introduced use of the CAST-128 symmetric key algorithm, and the ElGamal asymmetric key algorithm (referred in the documentation as Diffie- Hellman), mitigating patent dispute with RSA Data Security Inc. and PKP.

Later Years In 1997, IETF (Internet Engineering Task Force) started the development of a standard called OpenPGP The Free Software Foundation has developed its own OpenPGP-compliant program called GNU Privacy Guard (abbreviated GnuPG or GPG) Most recently, several ios and Android OpenPGPcompliant applications have been released, such as ipgmail for ios and APG for Android

Internal Operation of PGP: Implementation of Security Services

PGP Authentication Only Notation: M - message H hash function EP public key encryption - concatenation Z - compression using ZIP algorithm KR a private key of user A KU a public key of user A

Non-repudiation Alice Message Signature Message Signature Bob Hash function Hash function Hash value 1 Hash value yes no Public key cipher Hash value 2 Public key cipher Alice s private key Alice s public key

PGP Confidentiality Only Notation: M - message Z - compression using ZIP algorithm EC / DC classical (secret-key) encryption / decryption EP / DP public key encryption / decryption - concatenation K s - session key KR b private key of user B KU b public key of user B

Hybrid Systems - Sender s Side (2) Alice 1 session key random message Secret key cipher Public key cipher 3 Bob s public key 2 Session key encrypted using Bob s public key Message encrypted using session key

Hybrid Systems - Receiver s Side (2) Bob session key random 1 Public key cipher Bob s private key message 2 Secret key cipher Session key encrypted using Bob s public key Message encrypted using session key

PGP Confidentiality and Authentication Notation: M - message H hash function Z - compression using ZIP algorithm EP / DP public key encryption / decryption - concatenation EC / DC classical (secret-key) encryption / decryption K s - session key KR a / KR b private key of user A / B KU a / KU b public key of user A / B

Transmission and Reception of PGP Messages [Stallings, 2014]

PGP Operation Compression by default PGP compresses message after signing but before encrypting so can store uncompressed message & signature for later verification because compression is non deterministic uses ZIP compression algorithm

Major idea behind ZIP compression [Stallings, 2014]

Radix-64 Conversion The '==' sequence indicates that the last group contained only one byte, and '=' indicates that it contained two bytes. [Stallings, 2014]

Radix-64 Encoding [Stallings, 2014]

General Format of PGP Message [Stallings, 2014]

Summary of PGP functions [Stallings, 2010]

Private Key Ring [Stallings, 2014]

Public Key Ring [Stallings, 2014]

PGP Message Generation (without compression or radix-64 conversion) [Stallings, 2014]

PGP Message Reception (without compression or radix-64 conversion) [Stallings, 2014]

Manual exchange of public keys: PGP: Flow of trust Las Vegas Bob Û David Edinburgh David Û Betty Bob (Washington) David (New York) Betty (London) David, send me Betty s public key Betty s public key signed by David message encrypted using Betty s public key

PGP Trust Model [Stallings, 2010]

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback