Department of CSE-H

COURSE NAME:NETWORK & INFRASTRUCTURE SECURITY

COURSE CODE:22CS2234F/22CSB3202

Topic:
Pretty Good Privacy(PGP) And E-mail security
Session - 23

CREATED BY K. VICTOR BABU

 AIM OF THE SESSION

To familiarize students with the basic concept of PGP and its operations and E-mail security .

INSTRUCTIONAL OBJECTIVES

This Session is designed to:

1. Describe the PGP and E-mail security.
2. Under stand the PGP operations.

LEARNING OUTCOMES

At the end of this session, you should be able to know the PGP operations and how to provide

E-mail security .

CREATED BY K. VICTOR BABU

 Email Security

 Email is one of the most widely used and regarded as a network service.

 During 1990’s the plain text mails are common Without ensuring the security,

 The message may be:

 may be inspected either in transit

Or

 viewed by privileged users on destination system

CREATED BY K. VICTOR BABU

 PGP Email Security Enhancements

• Pretty Good Privacy (PGP) was invented by Phil Zimmermann.

•PGP is an open source and freely available software package for email security.
A freeware PGP version can be downloaded here :
http://www.pgpi.org/products/pgp/versions/freeware/
PGP proposes the following Email Security Enhancements:
• confidentiality
– protection from disclosure
• authentication
– of sender of message
• message integrity
– protection from modification
• non-repudiation of origin
– protection from denial by sender

CREATED BY K. VICTOR BABU

 PGP offered security Operations

The following are the services offered by PGP :

1.Authentication

2.Confidentiality

3.Compression

4.Email Compatibility

CREATED BY K. VICTOR BABU

 PGP implementation

•PGP was designed to provide all four aspects of security, i.e., privacy, integrity, authentication, and
non-repudiation in the sending email.

•PGP provides authentication, non-repudiation and integrity through the use of Digital
Signature.

•It provides privacy / confidentiality through the use of symmetric block encryption.

•It provides compression by using the ZIP algorithm

•EMAIL compatibility using the radix-64 encoding scheme.

CREATED BY K. VICTOR BABU

 1.Confidentiality
• Here the confidentiality in the email service, only the sender and the receiver should be able
to read the message, that means the contents have to be kept secret from every other person,
except for those two.

• PGP provides that Confidentiality service in the following manner:

• The message is first compressed and a 128 bit session key (Ks), generated by the
PGP, is used to encrypt the message through symmetric encryption.
• Then, the session key (Ks) itself gets encrypted through public key encryption (EP)
using receiver’s public key(KUb).
• Both the encrypted entities are now concatenated and sent to the receiver.
• At the receiver’s end, the encrypted session key is decrypted using receiver’s
private key (KPb) and the message is decrypted with the obtained session key.
• Then, the message is decompressed to obtain the original message (M).

CREATED BY K. VICTOR BABU

 2. PGP Authentication

• Authentication basically means something that is used to validate something as true or

real.
• To login into portals (web sites) sometimes we give our account name and password,
that is an authentication verification procedure.
• The Authentication service in PGP is provided as follows:
• The Hash Function (H) calculates the Hash Value of the message
• For the hashing purpose, SHA-1 is used and it produces a 160 bit output hash value.
• Then, using the sender’s private key (KPa), it is encrypted and it’s called as Digital
Signature.

• The Message is then appended with signature.

• At the receiver’s end, the data is decompressed and the message, signature are
obtained.
• The signature is then decrypted using the sender’s public key(PUa) and the hash value
is obtained.
• Both the values, one from signature and another from the recent output of hash
function are compared and if both are same, it means that the email is actually sent
from a known one and is legitimate, else it means that it’s not a legitimate message.

CREATED BY K. VICTOR BABU

 3.Compression

• Compression is a mechanism to reduce the amount of data to be transferred.

• Compression is basically converting a message of n bits to m bits (n > m) using a compression
algorithm.
• Compression service in PGP is provided using ZIP Algorithm.
• The Compression is included in combined Authentication & Confidentiality of PGP as follows

• in the above figure Z– Compression function,Z-1– Decompression function

• In PGP, message is compressed only after the application of Signature.
• The compressed data is decompressed at the receiver’s end to obtain the original message and the
signature.

CREATED BY K. VICTOR BABU

 4.Email Compatibility

• Many electronic mail systems only permit the use of blocks consisting of ASCII text.
• The PGP protocol, the least part of the block to be transmitted will be encrypted.
• This basically produces a sequence of arbitrary binary words which some mail systems won’t accept.
• To ensure compatibility, PGP uses and algorithm known as radix64 which maps 6 bits of a binary data
into and 8 bit ASCII character.
• This encoding expands the message by 33%, However, with the compression algorithm the overall
compression will be about one third (in general).

CREATED BY K. VICTOR BABU

 PGP message format

CREATED BY K. VICTOR BABU

 PGP Operation – Summary

CREATED BY K. VICTOR BABU

 PGP message generation

• PGP message generation (without compression or radix64 conversion) using all the process is given below: PGP Message
generation (from User A to User B; without compression / radix64 conversion).

CREATED BY K. VICTOR BABU

 Cryptographic Keys and Key Rings

PGP use of four types of keys:

1. One-time session symmetric keys
2. Public keys
3. Private keys
4. Passphrase based symmetric keys to encrypt private key on your
machine.

The key management requires following actions :

• Generating unpredictable session keys

• To manage the multiple public-key/private-key pairs of the user.

• To manage a one-to-one correspondence between users and their public

keys.

• To ensure a method to identify particular keys is used to be comminuted to

recipient.
CREATED BY K. VICTOR BABU
 Key Identifiers

• To Manage the multiple keys the following procedure is adopted:

• Each key should contains an ID .

• The key ID of a public key is its least significant 64 bits.

• That is, the key ID of public key KUa is (KUa mod 264).

• As the sender use one of the private keys to encrypt the message digest, the recipient must know

which key was used, therefore, the key ID is used by sender to be shared by PGP to recipient

CREATED BY K. VICTOR BABU

 Key Rings

 To ensure the key management, Key IDs are critical to the operation of PGP.
 These keys need to be stored and organized in a systematic way for efficient and
effective use by all parties.
 The scheme used in PGP is to provide a pair of data structures at each node, one to store
the public/private key pairs owned by that node and one to store the public keys of other
users known at this node.
 These data structures are referred as private-key ring and the public key rings.

CREATED BY K. VICTOR BABU

 General structure of private and public-key rings

The row in the table represents one of the public/private key pairs owned by this
user. Each row contains the following:
• Timestamp: The date/time when this key pair was generated.

• Key ID: The least significant 64 bits of the public key for this entry.

• Public Key: The public-key portion of the pair.

• Private key: The private-key portion of the pair.

• User ID: Typically a user’s e-mail ID (address).

CREATED BY K. VICTOR BABU

 General structure of private and public-key rings

Figure 12.5: General structure of private and public-key rings.

CREATED BY K. VICTOR BABU

 S/MIME (Secure/Multipurpose Internet Mail
Extensions)

What Is S/MIME?

• S/MIME or Secure/Multipurpose Internet Mail Extension is a technology widely used by

corporations that enhances email security by providing encryption, which protects
the content of email messages from unwanted access.

• It also adds digital signatures, which confirm that you are the authentic sender of the
message, making it a powerful weapon against many email-based attacks.

CREATED BY K. VICTOR BABU

 S/MIME Uses

The use of S/MIME are:

• Check that the email you sent has not been tampered with by a third
party.

• Create digital signatures to use when signing emails.

• Encrypt all emails.

• Check the email client you’re using.

CREATED BY K. VICTOR BABU

 S/MIME Functions

S/MIME provides the following functions:

• Enveloped data: Encrypted content of any type and encrypted-content using encryption keys for one or
more recipients.

• Signed data: A digital signature is used for the message digest of the content to be signed and then
encrypting that with the private key of the signer. The content plus signature are then encoded using
base64 encoding. A signed data message can only be viewed by a recipient with S/MIME capability.

• Clear-signed data: with signed data(message), a digital signature of the content is formed. Only the
digital signature is encoded using base64. As a result, recipients without S/MIME capability can view the
message content, although they cannot verify the signature.

• Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that encrypted
data may be signed and signed data or clear-signed data may be encrypted.

CREATED BY K. VICTOR BABU

 S/MIME Cryptographic Algorithms

• S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol

used for securing email communications through the use of digital
certificates and cryptographic algorithms.

• S/MIME uses various cryptographic algorithms to provide message

confidentiality, integrity, authentication, and non-repudiation.

• Some of the cryptographic algorithms used in S/MIME include:

1. RSA (Rivest-Shamir-Adleman) based encryption will be used for key
exchange and digital signatures
2. DSA (Digital Signature Algorithm) for digital signatures
3. AES (Advanced Encryption Standard) and 3DES (Triple Data
Encryption Standard) for symmetric encryption
4. SHA (Secure Hash Algorithm) for message digest and hash
functions
CREATED BY K. VICTOR BABU
 S/MIME and Certificate Processing

• An S/MIME certificate needs to be installed on the email clients of both the recipient and the
sender to ensure email encryption at both ends.

• When an email is sent, the sender encrypts the email using the recipient's public key and the
recipient decrypts the email using the private key.
• In a nutshell, S/MIME is a commonly-used protocol for sending encrypted and digitally-
signed email messages and is implemented using S/MIME certificates.

CREATED BY K. VICTOR BABU

 Certificate Authorities In India

• In India we have several well-known CA’s under CCA. https://cca.gov.in/ in India.

• CDAC, IDRBT, SafeScript, Ncode, eMudhra etc.

• CCA authorized to issues several types of Digital IDs

• The types of digital certificates are issued based on the Identity checks and enforce trust

Class Identity Purpose of the Certificates

1 name/email check web browsing/email

2 + enroll/adders check email, subs, s/w validate

3 + ID documents + video verification e-banking/service access

CREATED BY K. VICTOR BABU

 SELF-ASSESSMENT QUESTIONS

1. …Pretty good privacy (PGP) security system uses

(a) …Public key cryptosystem

(b) …Private key cryptosystem

(c) …Symmetric key cryptosystem

(d) … all of the mentioned

2. …. Public key cryptosystem is used for the encryption of

(a) …Messages
(b) …Session key
(c) …Session key & Messages
(d) …None of the mentioned

CREATED BY K. VICTOR BABU

 TERMINAL QUESTIONS

1. Explain PGP and its operations?

2. Explain Cryptographic Keys and Key Rings?

3. Explain S/MIME functions?

4. Explain Cryptographic algorithms?

CREATED BY K. VICTOR BABU

 REFERENCES FOR FURTHER LEARNING OF THE SESSION

Reference Books:
1. Cryptography and Network Security Principles and Practice, by William Stallings, Pearson, 7th
edition, 2017.
2. Cryptography And Network Security by Behrouz A. Forouzan, Debdeep Mukhopadhyay,
TataMcGraw Hill Education Private Limited, Fourth edition 2015
3. William Stallings, “Network Security Essentials”, Pearson Education, 7th Edition, 2017.
Sites and Web links:
1. https://www.coursera.org/specializations/computer-network-security
2. https://www.coursera.org/learn/identifying-security-vulnerabilities

CREATED BY K. VICTOR BABU

 THANK YOU

Team – NETWORK & INFRA ATRUCTURE SECURITY

COURSE CODE: 21CS3042RA

CREATED BY K. VICTOR BABU