A series of cryptography and network security study notes................ (Email Security= PGP)

1. Lec-7: Cryptography & Network
Security
Mr. Islahuddin Jalal
MS (Cyber Security) – UKM Malaysia
Research Title – 3C-CSIRT Model for Afghanistan
BAKHTAR UNIVERSITY ‫باخترپوهنتون‬ ‫د‬
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬
112/17/2017

2. Introduction
• Email is one of the most widely used service on internet
• Mail servers are favorite target after web server
• Normally message contents are not secured
• Can be read/edit while on transit from sender to receiver
• Can be read/edit at destination
212/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

3. 3
Architecture of E-mail
• To explain the architecture of e-mail, we give four
scenarios. We begin with the simplest situation
and add complexity as we proceed. The fourth
scenario is the most common in the exchange of
e-mail.
• First Scenario
• Second Scenario
• Third Scenario
• Fourth Scenario
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

4. 4
First scenario
1
2
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

5. 5
When the sender and the receiver of an e-
mail are on the same mail server,
we need only two user agents.
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

6. 6
Second scenario
1
2 3 4
5
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

7. 7
When the sender and the receiver of an e-
mail are on different mail servers,
we need two UAs and a pair of MTAs (client
and server).
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

8. 8
Third scenario
1
2
3
4
5
6
7
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

9. 9
When the sender is connected to the mail
server via a LAN or a WAN, we
need two UAs and two pairs of MTAs
(client and server).
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

10. 10
Fourth scenario
1
2
3
4
5
6
8
9
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

11. 11
When both sender and receiver are
connected to the mail server via a LAN or a
WAN, we need two UAs, two pairs of MTAs
(client and server), and a pair of MAAs
(client and server). This is the most
common situation today.
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

12. 12
Push versus pull
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

13. 13
USER AGENT
The first component of an electronic mail system is
the user agent (UA). It provides service to the user to
make the process of sending and receiving a
message easier.
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

14. 14
Format of an email
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

15. 15
E-mail address
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

16. Message Transfer Agent
• Mail transfer is done through Message Transfer Agent (MTAs)
• To send mail
• System must have client MTA
• To receive mail
• System must have server MTA
• Note
• The formal protocol that defines the MTA client and server in the internet is
called SMTP
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬
16

17. 17
SMTP range
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

18. 18
Commands and responses
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

19. 1912/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

20. 2012/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

21. 21
Connection establishment
220 service ready 1
HELO: deanza.edu2
250 OK 3
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

22. 22
Message transfer
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

23. 23
Connection termination
1 QUIT
2221 service closed
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

24. 24
MESSAGE ACCESS AGENT
The first and the second stages of mail delivery use
SMTP. However, SMTP is not involved in the third
stage because SMTP is a push protocol; it pushes
the message from the client to the server. In other
words, the direction of the bulk data (messages) is
from the client to the server. On the other hand, the
third stage needs a pull protocol; the client must pull
messages from the server. The direction of the bulk
data are from the server to the client. The third stage
uses a message access agent.
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

25. 25
Pop3 and IMAP4
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

26. 26
Pop3
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

27. Threats
• Email Confidentiality (protection from disclosure)
• Email Integrity (Protection from modification)
• Email Authentication (verification of sender)
• Lack of non-repudiation ( protection from denial by sender)
2712/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

28. Two systems for Email Security
• PGP
• SMIME
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬
28

29. PGP
• Pretty Good Privacy
• Developed by Phil Zimmermann
• Using best well known crypto algorithms
• Available for free on many platforms with source code
• Not controlled by a governmental or standards organizations
2912/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

30. PGP
• Has 5 components/service
• Authentication
• Confidentiality
• Compression
• Email compatibility
• Segmentation
3012/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

31. PGP - Authentication
• Achieved by digital signature
• The sender creates a message.
• The message is hashed, using SHA-1 algorithm to generate a 150-bit hash code of
the message.
• The hash code is encrypted with the sender’s private key and appended to the
message
3112/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

32. PGP - Authentication
32
H( ). KA( ).-
+ -
H(m )KA(H(m))
-
m
KA
-
Internet
m
KA( ).+
KA
+
KA(H(m))
-
m
H( ). H(m )
compare
Hash the message
Private key of A
Public key of A
Recomputed and compare
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

33. PGP - Confidentiality
• Protection from disclosure
• Achieved by encrypting the message
• Message is encrypted using conventional symmetric shared secret key (DES, CAST-
128, etc)
• Key distribution between sender and receiver is a problem
• In PGP, each key is used only once.
• A new key is generated for each message
3312/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

34. PGP - Confidentiality
34
KS( ).
KB( ).+
+ -
KS(m )
KB(KS )
+
m
KS
KS
KB
+
Internet
KS( ).
KB( ).-
KB
-
KS
m
KS(m )
KB(KS )
+
Sending encrypted email Receiving and decrypting email
Secret key
Encrypt Ks using
B’s public key
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

35. • Sending /encrypting
• Generate random symmetric secret key, Ks
• Encrypts message with Ks
• Encrypts Ks with Bob’s public key
• Send both Ks(m) and Kb(Ks) to Bob
3512/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

36. • Receiving / Decrypting
• Use own private key to decrypt and recover Ks
• Uses Ks to decrypt Ks(m)
3612/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

37. • Confidentiality and Authentication:
Both can be achieved simultaneously
• Sender generates a signature of the plaintext message and attaches it to the
message
• The plaintext message and signature are encrypted using the public key of the
receiver and attached to the message
3712/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

38. PGP - Compression
• PGP compresses message after applying signature but before encryption
• Encrypt the compressed version of message
• Use ZIP as compression algorithm
3812/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

39. PGP – Email compatibility
• PGP must ensure the message transmission format must be the same in
both sender and receiver’s machine
• PGP will encrypt part of the message
• The encrypted part will consists of a stream of arbitrary 8-bit octets
• Thus some of them will be non-printed character
• E.g.: null, space, escape, etc
• While many e-mail system will only permit use of blocks consisting of
ASCII text
3912/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

40. PGP – Email compatibility
• Uses radix-64 algorithm
• Maps 3 bytes (or 8 bit) to 4 printable chars
• PGP provide service to convert raw 8-bit binary stream to a stream of
printable ASCII characters.
• Each group of three octets of binary data is mapped into four Base 64
characters.
4012/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

41. 41
Convert into 8-bit octet
Encode to form 6-bit
Map into four Base64
character
Decimal value
http://en.wikipedia.org/wiki/Base64
http://en.wikipedia.org/wiki/ASCII
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

42. • On receiver side, the incoming block is first converted back to 8-bit octet
binary format.
• Then message is decrypted and verified using the attached keys.
4212/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

43. PGP - Segmentation
• Many email system restricted the maximum message length to 50,000
octets
• Email system will segmentize / divide a long message into smaller
segments
• Each segment is mailed separately.
4312/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

44. • PGP subdivides large message into segments
• Segmentation is done after all other processing (including radix-64
conversion) has been done
• At receiver ends, all email header will be strips off and then reassemble as
the original message.
4412/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

45. PGP Operation Summary
4512/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

46. PGP Message Format
46
Encrypted with
public key
Encrypted and Sign
with private key
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

47. Symmetric vs Asymmetric Key
4712/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

48. Key Rings
• Two key IDs (private and public key) are included in each message
• Provide confidentiality and authentication
• A user often have many public/private key pairs in use
• The keys need to be stored and organized systematically.
• Key IDs also used in signatures
• Key IDs are sent together with messages
4812/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

49. Key Rings
• PGP user has a pair of key rings to store public and private keys
• Public-key ring contains all the public-keys of other PGP users known to
the user
• Indexed by Key ID
• Private-key ring contains the private/public key pairs for the user
• The stored private keys are encrypted using a key derived from a hashed passphrase
4912/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

50. 5012/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

51. Key Ring - Private
• Each row of the table represents a private/public key pair
owned by the user.
• Key_ID: The least significant 64 bits of the public key (for that
entry)
• Timestamp: The timestamp when this key pair was generated.
• Public_Key : The Public key
• Private_Key: Encrypted private key
5112/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

52. Key Ring – Private
• Private key is encrypted using CAST-128, IDEA, or 3DES algorithms
• Encryption procedure
• Users selects a password to be used for encryption
• System will asks the user for a password before generating a new key pair
• Using SHA-1, a 160 bit hash code is generated from the password.
• System encrypts the private key using CAST-128, and use 128 bits (from the 160-bit
generated) from the hash, as the key.
• Encrypted private key stored in ring
5212/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

53. Key Ring - Public
• Stores the public keys of other users known to this user.
• User ID: Owner of the key.
5312/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

54. PGP Key Management
• PGP uses trust, associates trust with public keys
• Public-key rings has 3 fields:
1. Key legitimacy field (computed by PGP)
“indicate the extent to which PGP will trust the validity of a public key
of any user”
5412/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

55. PGP Key Management
2. Signature trust field:
“indicates the degree to which the user trusts the signer to certify any public keys”
>Key legitimacy field is derived from the collection of signature trust fields.
5512/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

56. 3. Owner trust field:
“indicates the degree to which this public key is trusted to sign other public key
certificates”
>Level of trust is assigned by the user.
5612/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

57. • Relation between ‘Signature trust’ and ‘Key legitimacy’ is illustrated by
figure on next slide
• The figure shows the structure of a public-key ring.
• The user has acquired several public-keys.
• Some directly from their owners.
• Some from a third party (key server)
5712/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

58. 58
A public key
ring owned by
“you”
This is calculated
“fully”/”partially” are
assigned by “You”
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

59. • Users D, E, F, and L are always trusted to sign other keys
• legitimate and fully trusted
• Users A and B are partially trusted to sign other keys.
• All keys whose owners are fully or partially trusted are signed by this user
“You”.
• Exception user L: (such a user signature is not always necessary.)
• Both D and L are fully trusted by “You”
5912/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

60. • Key H is deemed legitimate: two partially trusted users are sufficient to
certify a key.
• H is signed by A and B
• A legitimate key user may not be trusted to sign other keys.
• Example: User N signs R’s key but PGP does not consider R’s key legitimate
• S is a detached orphan with two unknown signatures.
• Such key acquired from a key server.
• PGP cannot assume the key to be legitimate.
6012/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

61. Revoking Public Key
• A user might want to revoke his current key due to any reason.
• Key Revocation procedure:
• The owner issues a key revocation certificate.
• the corresponding private key is used to sign the revocation certificate.
• has the same form as normal signature certificate with a revoke indicator.
• disseminated as widely and as quickly as possible.
• receiving nodes updates their rings.
6112/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬

62. Thank You
For Your Patience
12/17/2017
Bakhtar University
‫پوهنتون‬ ‫باختر‬ ‫د‬
62