Cybersecurity Lecture Notes PDF
Document Details
Uploaded by PortableAgate944
Rabie A. Ramadan
Tags
Summary
This document is a cybersecurity lecture covering Pretty Good Privacy (PGP) and related cryptographic functions. It discusses authentication, confidentiality, and other aspects of electronic mail security, offering summaries of key concepts and algorithms.
Full Transcript
CYBERSECURITY Rabie A. Ramadan CYBERSECURITY 2 Electronic Mail Security 3 ELECTRONIC MAIL SECURITY AGENDA: Introduction to PGP 5 PGP Services Key Management Use of Trust Demo Of PGP In Use 4 PRETTY GOOD P...
CYBERSECURITY Rabie A. Ramadan CYBERSECURITY 2 Electronic Mail Security 3 ELECTRONIC MAIL SECURITY AGENDA: Introduction to PGP 5 PGP Services Key Management Use of Trust Demo Of PGP In Use 4 PRETTY GOOD PRIVACY 1991 – Creation of a single person, Phil Zimmermann Provides confidentiality and authentication services for electronic mail and file storage applications 03/21/06 5 PHIL ZIMMERMANN Target of three year criminal investigation Gave software away to friend who put it on the Internet in 1991 Intended to give individuals "the right to be let alone” US export restrictions violated – same class as “PGP has spread like a prairie munitions and nuclear fire, fanned by countless people weapons who fervently want their privacy restored in the information age” Government dropped the - Phil Zimmermann, case in 1996 testifying before the US Senate, 1996 6 PRETTY GOOD PRIVACY Selected best available cryptographic algorithms Integrated these algorithms into a general purpose application Source code and doc freely available on the net Agreement with company (Viacrypt) for low cost commercial version 7 NOTATION KS = session key used in conventional encryption KRa = private key of user A, used in public key encryption KUa = public key of user A, used in public key encryption EP = public-key encryption DP = public-key decryption EC = conventional encryption DC = conventional decryption H = hash function || = concatenation Z = compression using ZIP algorithm R64 = conversion to radix 64 ASCII format 8 SUMMARY OF 5 PGP SERVICES authentication confidentiality 9 RECALL ONE WAY HASH FUNCTION Digital signature No key distribution Less computation since message does not have to be encrypted 10 RECALL SHA-1 SECURE HASH FUNCTION Developed by NIST in 1995 Input is processed in 512-bit blocks Produces as output a 160-bit message digest Every bit of the hash code is a function of every bit of the input Very secure – so far! 11 AUTHENTICATION 1. Sender creates a message 2. Generate a hash code with SHA-1 3. Using sender’s private key and RSA, encrypt the hash code and prepend to the message 4. Receiver uses sender’s public key to decrypt and recover the hash code 5. Receiver generates a new hash code for the message and compares with the decrypted hash code. If matching, then message is authentic 12 PGP CRYPTOGRAPHIC FUNCTIONS 13 RECALL OTHER PUBLIC KEY ALGORITHMS Digital Signature Standard (DSS) – makes use of SHA-1 and presents a new digital signature algorithm (DSA) Only used for digital signatures not encryption or key exchange 14 AUTHENTICATION Other alternatives can be used, e.g., DSS Detached signatures are supported Good for executables and multi- party signatures (legal contract) 15 SUMMARY OF 5 PGP SERVICES authentication confidentiality 16 RECALL CAST-128 1997, Entrust Technologies RFC 2144 Extensively reviewed Variable key length, 40-128 bits Used in PGP 17 RECALL CONVENTIONAL ENCRYPTION ALGORITHMS We have choices in PGP for confidentiality! 18 CONFIDENTIALITY 1. Sender creates a message and random 128bit number for session key 2. Message encrypted using CAST-128 with the session key 3. Session key encrypted with recipient’s public key and prepended to the message 4. Receiver uses it’s private key to decrypt and recover the session key 5. Session key is used to decrypt the message 19 PGP CRYPTOGRAPHIC FUNCTIONS 20 CONFIDENTIALITY Alternatives for conventional encryption: RSA or Diffie-Hellman (ElGamal) Conventional algorithms are much faster Each message is a one time independent event with its own key 768 key size 3072 21 CONFIDENTIALITY & AUTHENTICATION Both services can be used for the same message First, signature is generated for plaintext and prepended Message is encrypted with a session key Session key is encrypted with recipient’s public key 22 PGP CRYPTOGRAPHIC FUNCTIONS 23 SUMMARY OF 5 PGP SERVICES authentication confidentiality 24 IMPORTANT URLS http://www.npr.org/templates/story/story.php?storyId=5227744 Story at NPR about how very few people use encryption http://www.clairewolfe.com/wolfesblog/00001945.htmlNPR story about how very few people use encryption, and then gives a tutorial on installing and using GNU Privacy Guard and Enigmail with the Thunderbird email program 03/21/06 25 DOWNLOAD PGP http://www.pgpi.org/download/gnupg/Windows version is: GnuPG 1.2.2 http://enigmail.mozdev.org/download.html Enigmail download 26 HAVE A NICE WEEK!!! 27
