Chapter 4

Electronic Mail Security-PGP

After studying this chapter students

should be able to present:
Course Learning Outcome:
✔ Internet mail architecture:
o Demonstrate techniques components, protocols
and mechanisms for web ✔ Email security requirements
application security.
✔ Pretty good privacy (PGP):
operation, algorithms, keys

1/28
MUA: Operates on behalf of user actors
and user applications.
MSA: Accepts the message submitted by
an MUA and enforces the policies of
hosting domain and requirements of
Internet standards.
MTA: Relays mail for one application-
level hop (like a packet switch or IP
router) for routing
SMTP: is used between MTAs and bet
MTA and MSA/MDA.
MDA: Responsible for transferring the
message from the MHS to the MS.
MS: can be located on a remote server
or on the same machine as the MUA.
MUA: retrieves messages from a remote
server using POP (Post Office Protocol)
or IMAP (Internet Message Access
Protocol).

2/28
 Email Protocols

❏ Two types of protocols are used for

transferring email:
❏ Used to move messages through the Internet from
source to destination
❏ Simple Mail Transfer Protocol (SMTP)
❏ Used to transfer messages between mail servers
❏ IMAP and POP are the most commonly used

3/28
 SMTP
Encapsulates an email
message in an envelope
and is used to relay the
Simple Mail Transfer
encapsulated messages
Protocol
from source to
destination through
multiple MTAs

Is a text-based client-
server protocol

The term Extended

Was originally specified SMTP (ESMTP) is often
in 1982 as RFC 821 used to refer to later
versions of SMTP

4/28
 STARTTLS

❏ A significant security-related extension for SMTP

❏ Defined in RFC 3207 (SMTP Service Extension for Secure

SMTP over Transport Layer Security, February 2002)

❏ Enables the addition of confidentiality and authentication

in the exchange between SMTP agents

❏ This gives SMTP agents the ability to protect some or all

of their communication from eavesdroppers and attackers

❏ Advantage of using STARTTLS is that the server can

offer SMTP service on a single port, rather than
requiring separate port numbers for secure and cleartext
operations

5/28
 Mail Access Protocols
POP3 IMAP
● Post Office Protocol ● Internet Mail Access
Protocol
● Allows an email client to
download an email from ● Enables an email client to
an email server (MTA) access mail on an email
server
● POP3 user agents
connect via TCP to the ● Also uses TCP, with
server server TCP port 143

● After authorization, ● Is more complex than

the UA can issue POP3 POP3
commands to retrieve
and delete mail ● Provides stronger
authentication and
provides other functions
not supported by POP3
6/28
 Email Security
❑ email is one of the most widely used and regarded
network services
❑ If message contents are not secure
o may be inspected either in transit
o or by suitably privileged users on destination system

❑ Security Requirements
o confidentiality
● protection from disclosure
o authentication
● of sender of message
o message integrity
● protection from modification
o non-repudiation of origin
● protection from denial by sender

7/28
 Pretty Good Privacy (PGP)
❏ PGP is one of the protocols to provide security
at the application layer.
❏ PGP is designed to create authenticated and
confidential e-mails.
❏ developed by Phil Zimmermann
❏ selected best available crypto algs to use
❏ integrated into a single program
❏ on Unix, PC, Macintosh and other systems
❏ the sender of the message needs to include the
identifiers of the algorithms used in the
message as well as the values of the keys.
❏ originally free, now also have commercial
versions available

8/28
 PGP Operation – Authentication
1. sender creates message
2. make SHA-1, 160-bit hash of message
3. attached RSA signed hash to message
4. receiver decrypts & recovers hash code
5. receiver verifies received message hash

9/28
 Example – PGP Authentication
❑ Alice wants to provide sender authentication, message
integrity

K-A K+
A
-
m .
H( ) .
-
K ()
A
-
KA(H(m)) KA(H(m)) +
KA( )
. H(m )

+ Internet
- compare

m H( ). H(m )
m

❑ Alice digitally signs message ❑ Bob uses Alice Public-key to

❑ sends both message (in the decrypt and recover H(m)
clear) and digital signature ❑ Creates H(m) and compares with
the recovered one

10/28
 PGP Operation – Confidentiality

1. sender forms 128-bit random session key

2. encrypts message with session key
3. attaches session key encrypted with RSA
4. receiver decrypts & recovers session key
5. session key is used to decrypt message

11/28
 Example-PGP Confidentiality
❑ Alice wants to send confidential e-mail, m, to Bob.
KS

m KS( ). KS(m ) KS(m )

KS ( ) . m
+ Internet
- K
KS + .
KB ( ) + +
S-
KB( )
.
KB(KS ) KB(KS )
K+
B K-B
❑ Alice:
o generates random symmetric private key, KS ❑ Bob:
❑ uses his private key to
o encrypts message with KS (for efficiency)
decrypt and recover KS
o also encrypts KS with Bob’s public key
❑ uses KS to decrypt KS(m)
o sends both KS(m) and KB(KS) to Bob
to recover m

12/28
PGP Operation – Confidentiality & Authentication
❏ can use both services on same message
❏ create signature & attach to message
❏ encrypt both message & signature
❏ attach RSA encrypted session key

13/28
 Example PGP – Authentication & Confidentiality
❑ Alice wants to provide secrecy, sender authentication,
message integrity. -
KA
-
m .
H( ) -
KA( )
. KA(H(m))
KS

+ KS( ) .
m + Internet

KS +
KB ( )
. +
❑ KB(KS )
Alice:
❑ signs message, H(m) K+
B
❑ Bob:
❑ generates random symmetric
❑ uses his private key to decrypt,
private key, KS
recover KS
❑ encrypts message with KS
❑ uses KS to decrypt KS(m) to
❑ encrypts KS with Bob’s public
recover m, genrates H(m)
key ❑ uses Alice Public-key to decrypt,
❑ sends both KS(m) and KB(KS) to
recover H(m) and generated one
Bob 14/28
A scenario in which an e-mail message is
authenticated & encrypted

15/28
 PGP Operation – Compression

❏ by default PGP compresses message after

signing but before encrypting
❏ so can store uncompressed message & signature for
later verification
❏ & because compression is non deterministic
❏ uses ZIP compression algorithm

16/28
 PGP Operation – Email Compatibility

❏ when using PGP will have binary data to send

(encrypted message etc)
❏ however email was designed only for text
❏ hence PGP must encode raw binary data into
printable ASCII characters
❏ uses radix-64 algorithm
❏ maps 3 bytes to 4 printable chars
❏ also appends a CRC
❏ PGP also segments messages if too big

17/28
PGP Operation – Summary

18/28
 PGP Session Keys

❏ need a session key for each message

❏ of varying sizes: 56-bit DES, 128-bit CAST or
IDEA, 168-bit Triple-DES
❏ generated using ANSI X12.17 mode
❏ uses random inputs taken from previous uses
and from keystroke timing of user

19/28
 PGP Public & Private Keys

❏ since many public/private keys may be in use,

need to identify which is actually used to
encrypt session key in a message
❏ could send full public-key with every message
❏ but this is inefficient
❏ rather use a key identifier based on key
❏ is least significant 64-bits of the key
❏ will very likely be unique
❏ also use key ID in signatures

20/28
PGP Message Format

21/28
 PGP Key Rings
❑ each PGP user has a pair of keyrings:
o public-key ring contains all the public-keys of other
PGP users known to this user, indexed by key ID
o private-key ring contains the public/private key pair(s)
for this user, indexed by key ID & encrypted keyed
from a hashed passphrase
❑ security of private keys thus depends on the
pass-phrase security

22/28
PGP Key Rings

23/28
PGP Algorithms

24/28
 PGP Message Generation

1. Signing
a. retrieves sender's
private key using
your_userid
b. prompts the user
for the passphrase
to recover
unencrypted private
key.
c. The signature is
constructed.
2. Encrypting
a. generates a
session key and
encrypts M
b. retrieves the
recipient's public key
using her_userid
c. The session key is
encrypted.

25/28
 PGP Message Reception
1. Decrypting
a. retrieves the receiver's
private key using the Key
ID
b. prompts the user for
passphrase to recover
unencrypted private key.
c. recovers the session key
and decrypts the message.
2. Authenticating
a. PGP retrieves the
sender's public key using
the Key ID
b. recovers the
transmitted message
digest.
c. PGP computes the
message digest for the
received message and
compares it to the
transmitted one to
authenticate.

26/28
 PGP Key Management
❏ rather than relying on certificate authorities
❏ in PGP every user is own CA
❏ can sign keys for users they know directly
❏ forms a “web of trust”
❏ trust keys have signed
❏ can trust keys others have signed if have a chain of
signatures to them
❏ key ring includes trust indicators
❏ users can also revoke their keys

27/28
 Summary
● Internet mail architecture
○ Email components
○ Email protocols

● Email security requirements

● Pretty Good Privacy (PGP)

○ Authentication & Confidentiality
○ Compression
○ Email Compatibility
○ Session Keys
○ Public & Private Keys
○ Algorithms
○ Message Generation & Reception

● Key Management

28/28