Key Management and Pretty Good Privacy - Lecture Slides | ECE 646, Study notes of Cryptography and System Security

Download Key Management and Pretty Good Privacy - Lecture Slides | ECE 646 and more Study notes Cryptography and System Security in PDF only on Docsity! 1 Key management ECE 646 - Lecture 4 Pretty Good Privacy Using the same key for multiple messages M1 M2 M3 M4 M5 C1 C2 C3 C4 C5 EK time time 2 Using Session Keys & Key Encryption Keys M1 M2 M3 M4 M5 C1 C2 C3 C4 C5 EK1 EK2 EK3 time time K1 K2 timeK3 time EKEK EKEK(K1) EKEK(K2) EKEK(K3) Key Distribution Center (KDC) KA-KDC KB-KDC KC-KDC KD-KDC ……… A B C D E KDC KA-KDC KB-KDC KC-KDC KD-KDC KE-KDC 5 Man-in-the-middle attack Alice Bob A’s private key A’s public key B’s private key B’s public key Secret derivation Key derivation Key derivation Key of A and C Key of B and C C’s public key Secret derivation C’s public key Charlie Does public key cryptography have an Achilles’ heel? Alice Bob Bob, send me your public key, Alice Bob’s public key, Bob message encrypted using Bob’s public key Charlie 6 Does public key cryptography have an Achilles’ heel? Alice Bob Bob, send me your public key, Alice Bob’s public key, Bob message encrypted using Bob’s public key Charlie Charlie’s public key Charlie’s public key Does public key cryptography have an Achilles’ heel? Alice Bob Bob, send me your public key, Alice Bob’s public key, Bob message encrypted using Charlies’s public key Charlie Charlie’s public key message reencrypted using Bob’s public key 7 Directory of public keys (1) Alice Bob Bob, Bob’s public key message encrypted using Bob’s public key Charlie Alice, Alice’s public key Bob, Bob’s public key Charlie, Charlie’s public key Dave, Dave’s public key Eve, Eve’s public key ……………………………. On-line database Directory of public keys (2) Alice Bob Bob, Bob’s public key message encrypted using Bob’s public key Charlie Alice, Alice’s public key Bob, Bob’s public key Charlie, Charlie’s public key Dave, Dave’s public key Eve, Eve’s public key ……………………………. On-line database Charlie’s public key Charlie’s public key 10 Distinguished Name (DN) according to X.500 Example: Common name (CN) = Kris Gaj Country name (C) = US State or province name (ST) = VA Locality name (L) = Fairfax Organization name (O) = George Mason University Organizational unit name (OU) = ECE Other fields permitted: Street address (SA) Post office box (PO Box) Postal code (PC) Title (T) Description (D) Telephone number (TN) Serial number (SN) The exact X.509 Certificate Format [Stallings, 2003] 11 Non-repudiation only Alice Bob M, SGNA(M), CertCA(A, KUA) Alice’s private key - KRA CA’s public key - KUCA Notation: KUX - public key of X KRX - private key of X SGNX(M) - signature of X for the message M CertY(X, KUX) - certificate issued by Y for the user X Alice Bob CertCA(A, KUA) CertCA(B, KUB) CertCA(C, KUC) CertCA(D, KUD) ……………………………. On-line database Confidentiality only CertCA(B, KUB) CA’s public key - KUCA KAB(M), KUB(KAB) Bob’s private key - KRB 12 Alice Bob CertCA(A, KUA) CertCA(B, KUB) CertCA(C, KUC) CertCA(D, KUD) ……………………………. On-line database Confidentiality and Non-repudiation CertCA(B, KUB) Alice’s private key - KRA CA’s public key - KUCA SGNA(M), CertCA(A, KUA), KAB(M), KUB(KAB) Bob’s private key - KRB CA’s public key - KUCA Public Key Infrastructure US VA MA CA Fairfax Herndon Santa ClaraBoston MITGMU San JoseWorcester A B CertGMU(A, KUA), CertFairfax(GMU, KUGMU), CertVA(Fairfax, KUFairfax), CertUS(VA, KUVA), M, SGNA(M), 15 Authenticated key agreement Secret derivation Secret derivation Key derivation Key derivation key key A’s static public key B’s static public key A’s ephemeral public key B’s ephemeral public key A’s static private key A’s ephemeral private key certificates B’s static private key B’s ephemeral private key Pretty Good Privacy PGP 16 Email Security • email is one of the most widely used and regarded network services • currently message contents are not secure – may be inspected either in transit – or by suitably privileged users on destination system Pretty Good Privacy (PGP) • widely used de facto secure email • developed by Phil Zimmermann • selected best available crypto algs to use • integrated into a single program • available on Windows, Unix, Macintosh, and other systems • originally free, now have commercial versions available also 17 Notation: M - message H – hash function EP – public key encryption || - concatenation Z - compression using ZIP algorithm KRa – private key of user A KUa – public key of user A PGP – Authentication Only Message Hash function Public key cipher Alice Signature Alice’s private key Bob Hash function Alice’s public key Non-repudiation Hash value 1 Hash value 2 Hash value Public key cipher yes no Message Signature 20 Transmission and Reception of PGP Messages [Stallings, 2003] PGP Operation – Compression • by default PGP compresses message after signing but before encrypting – so can store uncompressed message & signature for later verification – & because compression is non deterministic • uses ZIP compression algorithm 21 Major idea behind ZIP compression [Stallings, 2003] Radix-64 Conversion [Stallings, 2003] 22 Radix-64 Encoding [Stallings, 2003] General Format of PGP Message [Stallings, 2003] 25 PGP Message Reception (without compression or radix-64 conversion) [Stallings, 2003] PGP: Flow of trust Bob (Washington) David (New York) Betty (London) Manual exchange of public keys: Las Vegas Bob ⇔ David Edinburgh David ⇔ Betty David, send me Betty’s public key Betty’s public key signed by David message encrypted using Betty’s public key 26 PGP Trust Model [Stallings, 2003] Contents of Trust Flag Byte [Stallings, 2003]