ECE 646 Lecture 4A. Pretty Good Privacy PGP. Short History of PGP based on the book Crypto by Steven Levy. Required Reading

Similar documents
Pretty Good Privacy PGP. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

ECE 646 Lecture 4. Pretty Good Privacy PGP

Key management. Pretty Good Privacy

Pretty Good Privacy (PGP)

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Pretty Good Privacy (PGP

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

ECE 646 Lecture 3. Key management

Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Introduction and Overview. Why CSCI 454/554?

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

NETWORK SECURITY & CRYPTOGRAPHY

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Security PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

Cryptography and Network Security

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Cryptography and Network Security. Sixth Edition by William Stallings

The evolving storage encryption market

Ralph Durkee Independent Consultant Security Consulting, Security Training, Systems Administration, and Software Development

Using Cryptography CMSC 414. October 16, 2017

CPSC 467: Cryptography and Computer Security

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

PROTECTING CONVERSATIONS

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

Cryptographic Systems

ECE 646 Lecture 3. Key management. Required Reading. Using Session Keys & Key Encryption Keys. Using the same key for multiple messages

The Research on PGP Private Key Ring Cracking and Its Application

CS 425 / ECE 428 Distributed Systems Fall 2017

CS 161 Computer Security

ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Key Exchange. Secure Software Systems

CCNA Security 1.1 Instructional Resource

Encrypted Data Deduplication in Cloud Storage

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Diffie-Hellman. Part 1 Cryptography 136

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Cryptography V: Digital Signatures

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Topics. Number Theory Review. Public Key Cryptography

Cryptography and Network Security Chapter 14

Public Key Algorithms

Kurose & Ross, Chapters (5 th ed.)

Public-key Cryptography: Theory and Practice

Chapter 5 Electronic mail security

Chapter 8 Information Technology

Lecture III : Communication Security Mechanisms

APNIC elearning: Cryptography Basics

Overview. Public Key Algorithms I

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Authentication Part IV NOTE: Part IV includes all of Part III!

What did we talk about last time? Public key cryptography A little number theory

Sharing Secrets using Encryption Facility - Handson

Grenzen der Kryptographie

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Lecture 1 Applied Cryptography (Part 1)

EEC-682/782 Computer Networks I

Public-key encipherment concept

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Gestion et sécurité des réseaux informatiques. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:

Lecture 6: Overview of Public-Key Cryptography and RSA

Cryptography V: Digital Signatures

ASYMMETRIC CRYPTOGRAPHY

CS Computer Networks 1: Authentication

Number Theory and RSA Public-Key Encryption

HOST Cryptography I ECE 525. Cryptography Handbook of Applied Cryptography &

Lecture 4: Cryptography III; Security. Course Administration

Introduction to Cryptography. Vasil Slavov William Jewell College

2.1 Basic Cryptography Concepts

1 Introduction Creating tar archives Extracting tar archives Creating tarballs Extracting tarballs...

Public Key Cryptography

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

Cryptography. Cryptography is much more than. What is Cryptography, exactly? Why Cryptography? (cont d) Straight encoding and decoding

Cryptography (Overview)

Cryptography. Seminar report. Submitted in partial fulfillment of the requirement for the award of degree. Of Computer Science

Channel Coding and Cryptography Part II: Introduction to Cryptography

Lecture 3.4: Public Key Cryptography IV

Security. Communication security. System Security

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

PUBLIC KEY CRYPTO. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Cryptographic Concepts

CSC 474/574 Information Systems Security

CRYPTOGRAPHY & DIGITAL SIGNATURE

IEEE Std and IEEE Std 1363a Ashley Butterworth Apple Inc.

14. Internet Security (J. Kurose)

Transcription:

ECE 646 Lecture 4A Pretty Good Privacy PGP Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 18.1 or 19.1 Pretty Good Privacy (PGP) On-line Chapters (available after registration): Appendix O Data Compression Using Zip Appendix P PGP Random Number Generation Short History of PGP based on the book Crypto by Steven Levy 1

Phil Zimmermann early years grew up in Florida, got interested in cryptography in teenage years studied physics at Florida Atlantic University, 1972-1977 learned about RSA shortly after its discovery, from the Mathematical Recreational column in Scientific American became active in the antinuclear political movement of 1970s-1980s Collaboration with Charlie Merritt in 1984, Zimmermann was contacted by Charlie Merritt, who implemented RSA on a microcomputer based on Z80 8-bit microprocessor by 1986, Merritt passed to Zimmermann all his knowledge of multiprecision integer arithmetic required to implement RSA In 1986, Merritt and Zimmermann met with Jim Bidzos, the new CEO of RSA Data Security Inc., who brought with him a copy of Mailsafe, a program written by Rivest and Adleman, implementing RSA. After the meeting: Zimmermann claimed that Bidzos offered him a free license to RSA Bidzos strongly denied such claims Early Work (1986-1991) in 1986, Zimmermann summarized his ideas in the paper published in IEEE Computer As a secret key cipher he chose a cipher developed by Merritt for navy, with his own security improvements. He called this cipher Bass-O-Matic, see http://www.hulu.com/watch/19046 in 1990, he devoted his time completely to finishing the program he called Pretty Good Privacy In 1990 he called Jim Bidzos to confirm his free RSA license. Bidzos strongly denied ever making such offer. 2

Release of PGP 1.0-1991 In 1991, out of the fear of the government making all encryption illegal (prompted by an antiterrorist Senate bill 266 co-sponsored by Joe Biden) he decided to release PGP as soon as possible, and changed its classification from "shareware" to "freeware" In May 1991, Zimmermann passed the program to a fellow crypto enthusiast to spread it on the Internet "like dandelion seeds" Release of PGP 1.0-1991 In the first weekend of June 1991, PGP 1.0 was uploaded to multiple servers (all located in the U.S.). Its documentation included a motto: "When crypto is outlawed, only outlaws will have crypto". The very next day people were encrypting messages with PGP all over the world (in violation of the U.S. crypto export regulations) Legal Problems RSA Data Security Inc. and Public Key Partners accused Zimmermann of violating their patents PGP 2.0, released in September 1992 from Amsterdam and Auckland, replaced Bass-O-Matic by a much stronger Swiss cipher called IDEA with the 128-bit key In February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license. In 1996, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else. PGP 5 released in 1997 introduced use of the CAST-128 symmetric key algorithm, and the ElGamal asymmetric key algorithm (referred in the documentation as DiffieHellman), mitigating patent dispute with RSA Data Security Inc. and PKP. 3

Later Years In 1997, IETF (Internet Engineering Task Force) started the development of a standard called OpenPGP The Free Software Foundation has developed its own OpenPGP-compliant program called GNU Privacy Guard (abbreviated GnuPG or GPG) Most recently, several ios and Android OpenPGPcompliant applications have been released, such as ipgmail for ios and APG for Android Internal Operation of PGP: Implementation of Security Services PGP Authentication Only Notation: M - message H hash function EP public key encryption - concatenation Z - compression using ZIP algorithm KR a private key of user A KU a public key of user A 4

Non-repudiation Alice Message Signature Message Signature Bob Hash function Hash function Hash value Public key cipher yes Hash value 1 Hash value 2 no Public key cipher Alice s private key Alice s public key PGP Confidentiality Only Notation: M - message Z - compression using ZIP algorithm EC / DC classical (secret-key) encryption / decryption EP / DP public key encryption / decryption - concatenation K s - session key KR b private key of user B KU b public key of user B Hybrid Systems - Sender s Side (2) Alice 1 session key random message Secret key cipher Public key cipher 3 Bob s public key 2 Session key encrypted using Bob s public key Message encrypted using session key 5

Hybrid Systems - Receiver s Side (2) Bob session key random 1 Public key cipher Bob s private key message 2 Secret key cipher Session key encrypted using Bob s public key Message encrypted using session key PGP Confidentiality and Authentication Notation: M - message H hash function Z - compression using ZIP algorithm EP / DP public key encryption / decryption - concatenation EC / DC classical (secret-key) encryption / decryption K s - session key KR a / KR b private key of user A / B KU a / KU b public key of user A / B Transmission and Reception of PGP Messages 6

PGP Operation Compression by default PGP compresses message after signing but before encrypting so can store uncompressed message & signature for later verification because compression is non deterministic uses ZIP compression algorithm Major idea behind ZIP compression Radix-64 Conversion The '==' sequence indicates that the last group contained only one byte, and '=' indicates that it contained two bytes. 7

Radix-64 Encoding General Format of PGP Message Summary of PGP functions 8

Private Key Ring Public Key Ring PGP Message Generation (without compression or radix-64 conversion) 9

PGP Message Reception (without compression or radix-64 conversion) Manual exchange of public keys: PGP: Flow of trust Las Vegas Bob David Edinburgh David Betty Bob (Washington) David (New York) Betty (London) David, send me Betty s public key Betty s public key signed by David message encrypted using Betty s public key PGP Trust Model 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback