Securing Email Using PGP and Digital Certificates Putting

  • Slides: 34
Download presentation
Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD

Securing Email Using PGP and Digital Certificates Putting together cipher, digital signature, and MD 5 one-way hashing - email/PGP - Network security

Outline How email works? n Signing email n Securing contents n PGP -- Pretty

Outline How email works? n Signing email n Securing contents n PGP -- Pretty Good Privacy and PEM -- Privacy Enhanced Mail n Public Key Certificates n 2 - email/PGP - Network security

How does email work? n Suppose that Alice in Australia wants to send a

How does email work? n Suppose that Alice in Australia wants to send a message to Bob in USA via email çAlice starts an email program on her computer, and types in Bob’s email address çAlice composes (writes) the message çAlice hits a special key to tell the computer that the message is ready to go! 3 - email/PGP - Network security

How does email work ? (2) çAlice’s email system adds a header to the

How does email work ? (2) çAlice’s email system adds a header to the message (including destination, return address, time stamp etc), and sends it to the nearest email gateway (a computer) çThe message is relayed from computer to computer before finally reaching Bob’s computer 4 - email/PGP - Network security

A sample message to: bob@xyz. com. us from: alice@abc. com. au subject: hello date:

A sample message to: [email protected] com. us from: [email protected] com. au subject: hello date: Mon, 26 Aug 2001 13: 23: 47 Hi Bob, I am coming down to states in January. Alice 5 - email/PGP - Network security

header + message header message 6 - email/PGP - Network security

header + message header message 6 - email/PGP - Network security

Possible attacks n spoofing ça third party may impersonate Alice and send a fake/modified

Possible attacks n spoofing ça third party may impersonate Alice and send a fake/modified message to Bob n Eavesdropping ça party sitting between Alice and Bob may peep communications between them n Replay ça party sitting between Alice and Bob may re-send to Bob an old message from Alice 7 - email/PGP - Network security

Preventing spoofing & replay n Use çRSA digital signature çMD 5 one-way hash algorithm

Preventing spoofing & replay n Use çRSA digital signature çMD 5 one-way hash algorithm 8 - email/PGP - Network security

What Alice has to do? n prepares a pair of public and secret keys

What Alice has to do? n prepares a pair of public and secret keys çpublic key: (ea, na) çsecret key: da registers her public key in a publicly available site and circulates it among friends (and also attaches it to the end of all her email messages). n composes a message. n 9 - email/PGP - Network security

What Alice’s computer has to do? attaches to the message a header (to: ,

What Alice’s computer has to do? attaches to the message a header (to: , from: , date: subject: , etc) n uses MD 5 to hash the pair (message, header) into a 128 -bit value n uses Alice’s secret key da to sign (decrypt) the 128 -bit value n sends to the email gateway a triplet n ç(header, message, signature) 10 - email/PGP - Network security

header, message, signature header message 1 -way hashing by MD 5 t Alice’s RSA

header, message, signature header message 1 -way hashing by MD 5 t Alice’s RSA secret key ka 128 bits tka mod na signature 11 - email/PGP - Network security header message signature

What Bob’s computer has to do? finds out Alice’s public key (ea, na) n

What Bob’s computer has to do? finds out Alice’s public key (ea, na) n verifies (header, message, signature) n if OK, accepts that it is a message from Alice n Otherwise, informs Bob that it is NOT a genuine message from Alice n 12 - email/PGP - Network security

Check how does the previous scheme prevent spoofing and replaying ? n does Bob

Check how does the previous scheme prevent spoofing and replaying ? n does Bob have to have his public and secret keys ? why ? n 13 - email/PGP - Network security

Preventing peeping n the basic idea to encrypt each message by the use of

Preventing peeping n the basic idea to encrypt each message by the use of hybrid RSA and IDEA çIDEA is a private key cipher lkey: 128 bits, plain/ciphertext: 64 bits n an extra requirement: çBob should lpublish his public key (eb, nb) lkeeps his secret key db in a safe place 14 - email/PGP - Network security

Alice’s computer As before, uses Alice’s secret key da to sign a message and

Alice’s computer As before, uses Alice’s secret key da to sign a message and gets a triplet (header, message, signature) n picks a random 128 -bit IDEA key k n encrypts (message, signature) using IDEA under the key k n finds out Bob’s public key (eb, nb) n encrypts k using (eb, nb) n 15 - email/PGP - Network security

Message format header IDEA key k message signature e k b mod n EIDEA

Message format header IDEA key k message signature e k b mod n EIDEA header message signature 16 - email/PGP - Network security IDEA key k b Bob’s RSA public key (eb, nb)

Message sent by Alice n Alice’s computer sends to Bob’s computer four (4) parts

Message sent by Alice n Alice’s computer sends to Bob’s computer four (4) parts çheader, un-encrypted çmessage, encrypted using IDEA under k çsignature, encrypted using IDEA under k çIDEA key k, encrypted using Bob’s RSA public key (eb, nb) 17 - email/PGP - Network security

header + message to: bob@xyz. com. us from: alice@uvw. com. au subject: hello date:

header + message to: [email protected] com. us from: [email protected] com. au subject: hello date: Mon, 26 Feb 1996 13: 23: 47 Hi Bob, Meet in January at home ? Alice 18 - email/PGP - Network security

header + message + signature to: bob@xyz. com. us from: alice@uvw. com. au subject:

header + message + signature to: [email protected] com. us from: [email protected] com. au subject: hello date: Mon, 26 Feb 1996 13: 23: 47 -----BEGIN PGP SIGNED MESSAGE----Hi Bob, Meet in January at home ? Alice -----BEGIN PGP SIGNATURE----Version: 2. 6. 3 i Charset: noconv i. QBVAw. UBMT 5 d. Aj. Fq. X 5 n. L 8 le. RAQGKo. AH+LKirz 3 r. Vncj. Q 7 x. YZ+q/no. L 9 MJGVmeu. Dz F 0 Fj. Dt. E 2 Ng. Zo. LQh 7 H 6 tl. K 3 Hzv. MLCMK 1 a 53 xb. Mf. PEBd. Yq/hv. F 7 B 3/x. Q== =Fu. R 2 -----END PGP SIGNATURE----- 19 - email/PGP - Network security

header + encrypted (message + signature) to: bob@xyz. com. us from: alice@uvw. com. au

header + encrypted (message + signature) to: [email protected] com. us from: [email protected] com. au subject: hello date: Mon, 26 Feb 1996 13: 23: 47 -----BEGIN PGP MESSAGE----Version: 2. 6. 3 i h. Ew. De 3 NF 6 ydtp 0 k. BAf 9 p. UR 0 Yf 71 c. GBSEIYYvi. DZw. WSEQd. Zde. P 8 ul. MZofa. Chx. Qn. EE T+1 Z 7 m 1 Gz. T/qwfr. W 7 ed. YEHb 1 U/Jk 5 Pu. Gy. O 56 Jl. Yipg. AAAJ 1 H 4 ubd. Ee. EAc. Iaf. D+IO h. Fv. Ht 7 qi. Iq+OIz. R 3 NDxl. Xtxp 5 IIBKj. Qq. XLJduu. Fk. TUlq 0 G 3 v 1 QTa. R/K 7 Ic. EMGBEH ZVxye 3 qs. Rv. DN 7 TGgl+PIx. NS 7 g. C 6 rgq. Zp. J 5 M 0 d. Xd. As. G 1 L+3 GO 8 FFYv. PPf. UOjmst. Tn +O 5 BXMYPb. Yk. PE 2 f. BTZ/COGx. RIe 09 b. ULPw. W 6 hnnr 6 It 5 GFB 0 Id/XZVcznz. Aql 0 tj. O =6 p. ZH -----END PGP MESSAGE----- 20 - email/PGP - Network security

Bob’s computer n When receiving the parts from Alice, Bob’s computer çuses Bob’s secret

Bob’s computer n When receiving the parts from Alice, Bob’s computer çuses Bob’s secret key db to decrypt the 4 th part and extract IDEA key k çuses k and IDEA to decrypt the 2 nd & 3 rd parts çuses Alice’s public key (ea, na) to check Alice’s signature on the 1 st & 2 nd parts çif OK, accepts it as a genuine message from Alice 21 - email/PGP - Network security

Check by yourself n explain how çspoofing çeavesdropping çreplay are prevented n 22 why

Check by yourself n explain how çspoofing çeavesdropping çreplay are prevented n 22 why the 1 st part (the header) is NOT encrypted ? - email/PGP - Network security

Signature-and-encryption or encryption-and-signature n 2 alternative approaches to achieving authenticity and confidentiality çSignature-and-encryption Signing

Signature-and-encryption or encryption-and-signature n 2 alternative approaches to achieving authenticity and confidentiality çSignature-and-encryption Signing the message first, followed by “sealing” the message-signature pair çEncryption-and-signature “scrambling” the message first, following by signing the ciphertext 23 - email/PGP - Network security

Signature-and-encryption or encryption-and-signature (2) 24 message signature Signature-and-encryption-and-signature - email/PGP - Network security

Signature-and-encryption or encryption-and-signature (2) 24 message signature Signature-and-encryption-and-signature - email/PGP - Network security

A potential spoofing attack against encryption-then-signature Bob Bill Happy birthday ! Bob’s signature Bill’s

A potential spoofing attack against encryption-then-signature Bob Bill Happy birthday ! Bob’s signature Bill’s signature Thank you Bill ! sig Bob na ’s tu re Happy birthday ! 25 - email/PGP - Network security Cathy

The importance of order n 26 Use “signature followed by encryption” in your applications

The importance of order n 26 Use “signature followed by encryption” in your applications ! - email/PGP - Network security

Reminder: Marvin’s “Public Key Faking” Attack n n Instead of just eavesdropping, Marvin can

Reminder: Marvin’s “Public Key Faking” Attack n n Instead of just eavesdropping, Marvin can try a more active attack! Outline of the New Attack: ç Marvin generates an RSA key pair l Public key = Kpub_* = (N_*, e_*) l Secret key = Ksec_* = d_* ç Marvin sends the following email to Alice, pretending to be Bob: l Hi Alice, ¥ Please use my new public key from now on to encrypt messages to me. My new public key is Kpub_*. ¥ Yours sincerely, Bob. 27 ç Marvin decrypts any messages Alice sends to Bobsecurity (encrypted with Kpub_*), using Ksec_*. - email/PGP - Network

Preventing Marvin’s Attack (1) n Marvin’s Attack illustrates that: çIn the context of Public

Preventing Marvin’s Attack (1) n Marvin’s Attack illustrates that: çIn the context of Public Key Encryption, Alice must make sure she is not using a “fake public key” produced by Marvin (like Kpub_*) to encrypt messages to Bob çIn the context of Digital Signatures, Alice must make sure she is not using a “fake public key” produced by Marvin to verify digital signatures on documents claimed to be produced by Bob. 28 - email/PGP - Network security

Preventing Marvin’s Attack (2) n n n 29 When Alice obtains Bob’s public key

Preventing Marvin’s Attack (2) n n n 29 When Alice obtains Bob’s public key from some source, she is really receiving a document C containing a statement of the form “Bob’s public key is X”. To prevent Marvin’s attack, Alice wants to check the integrity of the document C before she believes the statement it contains. This is commonly done using a “Public Key Certification” system in conjunction with a digital signature scheme - This system is described in the following slides. - email/PGP - Network security

Public Key Certification System (1) n n A Public Key Certification System requires the

Public Key Certification System (1) n n A Public Key Certification System requires the establishment of (at least one) Trusted Certification Authority (CA). The CA is an organization known to all users and trusted by the users to: ç Issue Certificates by following properly the procedure described in following slide ç Guard its secret digital signature key SK_CA very well! n 30 All users obtain the CA’s public digital signature key PK_CA directly from the CA. - email/PGP - Network security

Issuing Digital Certificates (1) n The CA issues Digital Certificates to users as follows:

Issuing Digital Certificates (1) n The CA issues Digital Certificates to users as follows: çA user Bob generates a key pair (Kpub, Ksec). çBob goes (ideally physically) to the CA, gives his public key Kpub, and declares “I’m Bob Smith, and Kpub is my public key!” çThe CA asks Bob to present strong proof of identity (eg Passport, driver’s licence), to ensure that CA is really talking to Bob Smith (and not Marvin, for example). çIf CA is convinced it is really talking to Bob Smith, the CA produces a digital certificate for Bob (see next slide for detailed content). 31 - email/PGP - Network security

Issuing Digital Certificates (2) n The Digital Certificate C_Bob given to Bob by CA

Issuing Digital Certificates (2) n The Digital Certificate C_Bob given to Bob by CA consists of essentially FIVE parts: çPart A. Bob’s unique identification information (eg Full name, address, etc) çPart B. Bob’s public key, Kpub çPart C. A unique certificate serial no. çPart D. Issue time, Expiry time, and any other conditions of use. çPart E. The CA’s digital signature on the document consisting of Parts (A, B, C, D). n 32 So C_Bob = (A, B, C, D, E). - email/PGP - Network security

Using Digital Certificates (1) n n Bob distributes his digital certificate C_Bob. Note that:

Using Digital Certificates (1) n n Bob distributes his digital certificate C_Bob. Note that: çThe certificate C_Bob is NOT secret çBob CANNOT use the certificate C_Bob by itself as a proof of identity (since anyone can get a copy of it). n 33 When Alice needs Bob’s public key (eg to encrypt a message to Bob, or to verify Bob’s signature on a document) she obtains Bob’s digital certificate C_Bob (eg from Bob’s web server). - email/PGP - Network security

Using Digital Certificates (2) n n From Part B of the certificate C_Bob, Alice

Using Digital Certificates (2) n n From Part B of the certificate C_Bob, Alice extracts Bob’s public key PK_Bob. But before using PK_Bob, Alice verifies that the certificate C_Bob is a valid certificate for Bob - This means that Alice verifies that: ç 1. C_Bob contains (in part E) a valid signature by CA on the rest of the certificate (parts A, B, C, D). ç 2. Part A of C_Bob contains Bob’s correct (unique) identification details (name, address, …). ç 3. All the conditions stated in part D of the certificate C_Bob are valid (eg certificate has not expired yet). 34 Alice rejects C_Bob if it fails the test above! - email/PGP - Network security n