No Slide Title

Report
ECE-8843
http://www.ece.gatech.edu/~copeland/jac/8843-03/
Prof. John A. Copeland
[email protected]
404 894-5177
fax 404 894-0035
Office: GCATT Bldg 579
email or call for office visit, or call Kathy Cheek, 404 894-5696
Chapter 5a - Pretty Good Privacy (PGP) Email
Electronic Mail
In 1982, ARPANET email proposals were published as RFC
821 (www.ietf.org/rfc/rfc0821.txt) and RFC 822
• Email services since are based on these RFC's
• CCITT X.400 & ISO MOTIS grew and waned as competitors
•
"User Agents" UA, and "Message Transfer Agents" MTA
Three parts to an email message:
• Envelope - information used to forward the contents
• Header - standard strings, some added in route.
> To:
Cc:
Bcc:
From:
Sender:
> Received: (added in route), Return-Path: (by final MTA)
> MIME headers added by RFC 1341 and 1521
> A. S. Tanenbaum, "Computer Networks," (3rd ed.) p.651
2
MIME Headers
Multipurpose Internet Mail Extensions (MIME)
RFC 1341 and RFC 1521
• MIME -Version:
• Content-Description:
version number
human-readable string
• Content-ID:
unique identifier
• Content-Transfer-Encoding:
>
>
ASCII (Plain, quoted-printable, or Richtext)
Binary (base64)
• Content-Type:
>
>
>
body encoding
nature of the message
Image (gif, jpeg), Video (mpeg),
Application (Postscript, octet-stream)
A.S.Tanenbaum, "Computer Networks," (3rd ed.) p.653
3
Received: from didier.ee.gatech.edu (didier.ee.gatech.edu
[130.207.230.10]) by eagle.gcatt.gatech.edu (8.8.8+Sun/8.7.1) with
ESMTP id UAA00818 for <[email protected]>; Fri, 30 Jul
1999 20:00:35 -0400 (EDT)
Received: from bwnewsletter.com (gw2.mcgraw-hill.com [198.45.19.20])
by didier.ee.gatech.edu (8.9.0/8.9.0) with ESMTP id UAA16500
for <[email protected] ece.gatech.edu >; Fri, 30 Jul 1999 20:00:33 -0400 (EDT)
Received: from NOP (152.159.60.175) by bwnewsletter.com with SMTP
(Eudora Internet Mail Server 2.1); Fri, 30 Jul 1999 16:24:21 -0400
Message-Id: <[email protected]>
X-Sender: [email protected] (Unverified)
X-Mailer: Windows Eudora Light Version 1.5.4 (32)
Mime-Version: 1.0
Date: Fri, 30 Jul 1999 16:21:37 -0400
To: [email protected]
(note: I was on a Bcc: list)
From: BW Online <[email protected]>
Subject: BUSINESS WEEK ONLINE INSIDER -- July 30
Content-Type: text/plain; charset="us-ascii"
Content-Length: 7694
4
$ nslookup -q=MX ee.gatech.edu
(nslookup -> host)
ee.gatech.edu preference = 10,
mail exchanger = mail.ee.gatech.edu
ee.gatech.edu nameserver = eeserv.ee.gatech.edu
ee.gatech.edu nameserver = duchess.ee.gatech.edu
ee.gatech.edu nameserver = didier.ee.gatech.edu
mail.ee.gatech.edu
eeserv.ee.gatech.edu
internet address = 130.207.230.10
internet address = 130.207.230.5
duchess.ee.gatech.edu internet address = 130.207.230.13
didier.ee.gatech.edu
internet address = 130.207.230.10
5
$ nslookup -q=mx mcgraw-hill.com
Non-authoritative answer:
mcgraw-hill.com preference = 20, mail exchanger =
interlock.mgh.com
Authoritative answers can be found from:
mcgraw-hill.com nameserver = NS-01A.ANS.NET
mcgraw-hill.com nameserver = NS-01B.ANS.NET
mcgraw-hill.com nameserver = NS-02A.ANS.NET
mcgraw-hill.com nameserver = NS-02B.ANS.NET
NS-01A.ANS.NET internet address = 199.221.47.7
NS-01B.ANS.NET internet address = 199.221.47.8
NS-02A.ANS.NET internet address = 207.24.245.179
NS-02B.ANS.NET internet address = 207.24.245.178
6
$ nslookup 198.45.19.20
Name: gw2.mcgraw-hill.com
Address: 198.45.19.20
$ nslookup 152.159.60.175
*** can't find 152.159.60.175: Non-existent host/domain
$ traceroute 152.159.60.175
1 24.88.12.129
(24.88.12.129 ): 17ms
2 stn-mtn-rtrb.atl.mediaone.net. (24.88.0.254 ): 18ms
3 24.93.64.69
(24.93.64.69 ): 20ms
4 24.93.64.61
(24.93.64.61 ): 17ms
5 24.93.64.57
(24.93.64.57 ): 25ms
6 sgarden-sa-gsr.carolina.rr.com. (24.93.64.30 ): 26ms
7 roc-gsr-greensboro-gsr.carolina. (24.93.64.17 ): 29ms
8 24.93.64.45
(24.93.64.45 ): 38ms
9 sjbrt01-vnbrt01.rr.com.
(24.128.6.6 ): 41ms
10 pnbrt01-vnbrt01.rr.com.
(24.128.6.85 ): 42ms
11 p217.t3.ans.net.
(192.157.69.52 ): 51ms
12 h13-1.t32-0.new-york.t3.ans.net. (140.223.33.21 ): 49ms
13 f0-0.cnss33.new-york.t3.ans.net. (140.222.32.193 ): 53ms
14 s0.enss3339.t3.ans.net.
(199.222.77.70 ): 61ms
15 *
*
*
16 *
*
*
7
Security Services for Email
Privacy - only for intended recipient
Authentication - confidence in ID of sender
Integrity - assurance of no data alteration
Non-repudiation - proof that sender sent it
Proof of submission - was sent to email server
Proof of delivery - was received by addressee
Message flow confidentiality - no one can know
a message was sent (anti-traffic analysis)
8
Security Services for Email - 2
Anonymity - sender's ID hidden
Containment - message forwards to limited area
Audit - events recorded
Accounting - user statistics for allocating costs
Self-destruct - can not forward or store
Message sequence integrity - all messages
arrived in correct order
9
Privacy
Establishing Keys
• Public Key Certification
• Exchange Public Keys
Multiple Recipients
• Encrypt message m with session key, S
• Encrypt S with each recipient's key
• Send: {S; Kbob}, {S; Kann}, ... , {m; S}
Authentication of Source
• Hash (MD4, MD5, SHA1) of message, encrypt with
private key (provides ciphertext/plaintext pair)
• Secret Key K: MIC is hash of K+m, or CBC residue
with K (assuming message not encrypted with K).
10
Message Integrity
The source authentication methods that
include a hash of the message provide MIC
Non-repudiation
Public-key signing provides non-repudiation.
Secret-key method requires a "Notary" to
"Sign" a time-stamp + hash of the message
Proof of Delivery
Acknowledge before reading - can't prove m was read.
Acknowledge after - may have read without signing.
11
Proof of Submission
• CC yourself (unfortunately headers easily
modified) - CC Notary (if recipient not in Bcc)
Flow Confidentiality
• Encrypt message and headers, to third party.
• Send from the corner Cyber Cafe, fake HotMail
account
Anonymity
• Several Web site services available
Containment
• Network Admin can set up filter tables on
routers.
12
Names and Addresses
X.500 Name (ISO standard)
• ?/C=US/O=CIA/OU=drugs/PN='Manny Norriega'
Internet Name
• [email protected] or [email protected]
• <user account name> @ <DNS host name or alias>
• using the alias "mail" lets mail server program be
moved from one host to another
• in ece.gatech.edu domain, "mail" is an alias for
"didier", also any email to "ece.gatech.edu"is ok.
Old message - later Non-reputiation
• Need Notary to sign hash of message, Certificate
used to authenticate Public Key, and current CRL
13
Compress Image
Compress Text
14
with signature
attached if
there is one
From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com
15
compressed,
16
17
18
To: "Khawar Azad" <[email protected]>
From: John Copeland <[email protected]>
Subject: ECE8813 : PGP Endeavor...
Cc:
Bcc:
X-Attachments:
Radix-64 encoding of a binary (all
possible 8-bit bytes) message 6-bits at a
time into 64 printable ASCII characters
(A-Z, a-z , 0-9, +, / bytes 65-90, 97122, 48-57, 47, 43) pad with =.
-----BEGIN PGP MESSAGE----Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
qANQR1DBwU4D6cjDU+QAxCwQB/9IZFOIuDSIIQbwa28SQ63DDioFb4bH4bmKfopX
cvdDVQ1X53fSJzyLt12RslfQToje8YxRNidYMNg1zDTT7CR9q7LRFoAwBFVtQhWJ
jFNXn1+aE8oePReMi6vS0DXSSDfgDuUb1R+c8htHoeik6Oebe9R90J3d51yyCojV
P2zJ2C2DyZexiudHPuDF1NIeMX582ib70PNzZhigXZcZgCbzs7ppidhHoZaoFttK
goqLBFithU4ca0Xbh/11LDsUC7sY7DnAcjndFQA/7kduOATSlTYaltdaplJl7yAV
OIaO+aOuXwpLfcPe9gcuVE43hAgiuy2Vxk1luc1w2MhsnaI2CACU45XGjirbKViV
sQ/PJwoTI7Fwgc+Y8Swa0mqgLAeoU1gRpRnouXHrb4IKMzEKGVr6lhAxZ3oXu0h1
zUST5p7EQn/hhGHWusEeUs8m4Q7pT39uIjYDfQTfeNxfEYnI+058QZDuovunzhx7
xtT+CVz9H164uMIl4kTzjcrBqPAFN/MTAX/mJ9aAIEnaOAtO+WF/AteGda7pOhRS
feBsX0/4yMH0sv+Q2xrt1AzWOjCfb6vY8nZKeafr7UTfM3P0HpvTnjsIzeehtnRp
SW/pKPCTD336unzHVASqdvkC4qlxHb3By8lp6LKD2e25PSWBB+9gJrjfeI2/AGIO
sxFHdOU5ycGatX4tvNNZ0aGEJsZSUCirgcjp+ChqiuTGHTAOQsU5d5z/NeuAXHBT
4WJteIrPo10vIbosI88vw5Nf5/MzCSMsIM9TfScwyGTP4B4t4laq4kywBkRXTX6Y
FAW34lHwGMxSNqwrST58QVr8j9SiQ9hA2PjRzuM62edMaFOAuMvm3h2Uc6MyDKJx
kUk9jmPpuNOYqguruFdngmQatL00GTBr6jk5nzphoJQxUEJA0tTZOGAy8MsK4K+z
/X2P1Wgx6M3eNpSoeNF6yqPAW93rl3Bpj27T39BWKjDT2Q5rXXztq6y07oolggh6
nNTkBP17TmMXNhyeBNsUsw/bM0mZt8OrlEp6bB4hflmGC9sAP64KvnkTSK6F+QHT
AHT01kWlpvJIZGKyT3PdCh9wlr1hQsUGto10t32fBGsJCXew/EClb554AnyYSzP8
KAjuw1NdKOBlze0DCiO6Z5z+DAxAwlqTxcm42tthF5zFbTk4UKV6ORzIuHmRO7xR
5Io5nlM7T11PDaWqsjLr2ttrSySzARt5fAJ9l1mOH+hSl1YebRjZPaxWw+bsYuqN
a0GYr2UdwgE1u5HQuhZ+bOIbSliShfKiNuDGHe6VJrchROHnC9Po2JWAOD7wMFq6
STZ/MPGzViaCUaaWPLSKleiURUh4Ly5/LaNYkaumO9vh+241FPqtZKqRVmHRg6dY
UdgoI3yfc3JrvepFQT1yeRjEVrLQiUtyhcwdVoLjofgerGAfe3YuDCxM6wLIuCf7
Ro9edu01qTiXJj25cXHxeNMdA1txLxR3ontbExow+ML5kxs=
=68Hd
-----END PGP MESSAGE-----
19
20
PGP Certificates
Anyone can issue a Certificate to anyone else
Certificates can be revoked by the issuer
Privacy Enhanced Mail,
another standard
Where PEM expands data into canonical form,
• (+33% for text, +78% after encryption)
PGP compresses data using ZIP(-50%),
encrypts, then (optionally) converts to
base64 (+33%)
21
Things of which to be aware
Neither PEM or PGP encode mail headers
• Subject can give away useful info
• To and From give an intruder traffic analysis info
PGP gives recipient the original file name and
modification date
PEM may be used in a local system with
unknown trustworthyness of certificates
Certificates often verify that sender is "John
Smith" but he may not be the "John Smith"
you think (PGP allows pictures in certificates)
22

similar documents