Scribd
Upload
33 views42 pages

unit-5-PGP and SMIME

Uploaded by

poshitha.inaganti246
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
33 views42 pages

unit-5-PGP and SMIME

Uploaded by

poshitha.inaganti246
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 42

PGP and S/MIME

Security at Application Layer


Dr. D K Bebarta
1. Security at Application Layer:
Pretty Good Privacy (PGP)
S/MIME(Secure/Multipurpose Internet Mail Extension)
2. Security at Transport Layer:
Secure Socket Layer (SSL)
Transport Layer Securities (TLS)
3. Security at Transport Layer:
Internet Protocol Security (IPsec)
E-Mail Architecture
• E-mail from A to B, store-retrieve activity
• Two application program will be used MTA (push program)
and MAA (pull program)
E-Mail Security
Pretty Good Privacy (PGP)
Overview:
• PGP stands for Pretty Good Privacy (PGP) which is invented by
Phil Zimmermann.
• Used to create a secure e-mail message or to store a file securely
for future retrieval.
• PGP was designed to provide all four aspects of security, i.e.,
confidentiality, integrity, authentication, and non-repudiation in the
sending of email.
• PGP is an open source and freely available software package for
email security.
• PGP uses a combination of secret key encryption and public key
encryption to provide privacy.
• PGP provides authentication through the use of Digital Signature.
• It provides compression by using the ZIP algorithm, and EMAIL
compatibility using the radix-64 encoding scheme.
Notation
• Ks = session key
• Kra = private key of user A
• Kua = public key of user A
• EP = public-key encryption
• DP = public-key decryption
• EC = conventional encryption
• DC = conventional decryption
• H = hash function
• || = concatenation
• Z = compression using ZIP algorithm
• R64 = conversion to radix 64 ASCII format
The following are the services offered by PGP:

1. Authentication
2. Confidentiality
3. Compression
4. Email Compatibility
5. Segmentation
PGP Scenarios
• Plaintext Message

• An Authenticated Message

• A Compressed Message
• A Confidential Message

• Key Rings in PGP


Format of private key ring table

Format of a public key ring table


PGP Algorithms:
Available in a table with two fields ID and Description
• Public-Key Algorithms
• Symmetric-key Algorithms
• Hash Algorithms
• Compression Algorithms
PGP Packets

PGP Consists of one more packets


1. A Header has Two fields
a) Tag: 8 bit flag, first bit is 1, second bit is 0/1 to represent
old/new format and remaining 6 bit can define up to 64
different packet types.
b) Length: variable size 1, 2, or 5. receiver can determine if
value of the 6 bit is less than 192 it is one byte, between
192-223 it is 2 bytes, and between 224-255 then 5 bits.
Literal Data Packet

Compressed Data Packet


Encrypted Data Packet
Signature Packet
Session-key Packet
User ID Packet

Public-key Packet
PGP Messages
Encrypted Message
Signed Message
Certificate Message
AB
PGP message
format
PGP Message Generation
PGP Message Reception
Radix-64 conversion
Email Security
• email is one of the most widely used and
regarded network services
• currently message contents are not secure
– may be inspected either in transit
– or by suitably privileged users on destination
system
Email Security Enhancements
• confidentiality
– protection from disclosure
• authentication
– of sender of message
• message integrity
– protection from modification
• non-repudiation of origin
– protection from denial by sender
S/MIME
• S/MIME(Secure/Multipurpose Internet Mail Extension)
– Security enhancement to the MIME, based on RSA data security
– IETF standard as well PGP
– Industry standard for commercial and organizational use, while PGP for
personal e-mail security
– It is an enhancement of the Multipurpose Internet Mail Extension
protocol
• RFC 822
– Format for text message that are using e-mail
– The header and the body
– The header is separated from the body by a blank line
– A message is ASCII text
– Ex)
Date : Tue, 16 Jan 1998 10:37:17
From : “William Stallings” ws@shore.net
Subject: The Syntax in RFC 822
To: Smith@other-host.com
Cc: Jones@another-host.com

Hello. This section begins the actual message body, which is


Delimited from the message heading by a blank line
MIME
MIME Header

• Five header fields


– MIME-Version : Must have the parameter value 1.0
– Content-Type : Describes the data contained in the body
– Content-Transfer-Encoding : Indicates the type of transformation that
has been used to represent the body of the message in a way that is
acceptable for mail transport
– Content-ID : Used to identify MIME entities
– Content-Description : A text description of the object with the body
S/MIME (Secure/Multipurpose Internet
Mail Extensions)
• security enhancement to MIME email
– original Internet RFC822 email was text only
– MIME provided support for varying content types
and multi-part messages
– with encoding of binary data to textual form
– S/MIME added security enhancements
• have S/MIME support in various modern mail
agents: MS Outlook, Netscape etc
S/MIME Cryptographic Algorithms
• hash functions: SHA-1 & MD5
• digital signatures: DSS & RSA
• session key encryption: ElGamal & RSA
• message encryption: Triple-DES, RC2/40 and
others
• have a procedure to decide which algorithms
to use
S/MIME Functions
• enveloped data
– encrypted content and associated keys
• signed data
– encoded message + signed digest
• clear-signed data
– cleartext message + encoded signed digest
• signed & enveloped data
– nesting of signed & encrypted entities
Enveloped-data content type
Signed-data content type
Digest-data content type

clear-signed data
cleartext message + encoded signed digest
signed & enveloped data
nesting of signed & encrypted entities
Comparison Chart

BASIS FOR
PGP S/MIME
COMPARISON
Stands for Pretty Good Privacy Multipurpose
Secure Internet Mail
Extensions
Effectively process Plain text Various multimedia
files
Depends on Every user key Hierarchically
exchange validated certifier
for key exchange.
Cost Low High
Utilization Personal use Industrial
Certificates X.509 X.509V3

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy