ECE-8843 http://www.ece.gatech.edu/~copeland/jac/8843-03/ Prof. John A. Copeland [email protected] 404 894-5177 fax 404 894-0035 Office: GCATT Bldg 579 r call for office visit, or call Kathy Cheek, 404 8 Chapter 5a - Pretty Good Privacy (PGP) Email

ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland [email protected] 404 894-5177 fax 404 894-0035 Office: GCATT

Embed Size (px)

Citation preview

Page 1: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT


Prof. John A. [email protected]

404 894-5177fax 404 894-0035

Office: GCATT Bldg 579email or call for office visit, or call Kathy Cheek, 404 894-5696

Chapter 5a - Pretty Good Privacy (PGP) Email

Page 2: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

Electronic Mail

In 1982, ARPANET email proposals were published as RFC

821 (www.ietf.org/rfc/rfc0821.txt) and RFC 822

• Email services since are based on these RFC's

• CCITT X.400 & ISO MOTIS grew and waned as competitors

• "User Agents" UA, and "Message Transfer Agents" MTA

Three parts to an email message:

• Envelope - information used to forward the contents

• Header - standard strings, some added in route.

> To: Cc: Bcc: From: Sender:

> Received: (added in route), Return-Path: (by final MTA)

> MIME headers added by RFC 1341 and 1521

> A. S. Tanenbaum, "Computer Networks," (3rd ed.) p.651 2

Page 3: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

MIME HeadersMultipurpose Internet Mail Extensions (MIME)

RFC 1341 and RFC 1521

• MIME -Version: version number

• Content-Description: human-readable string

• Content-ID: unique identifier

• Content-Transfer-Encoding: body encoding

> ASCII (Plain, quoted-printable, or Richtext)> Binary (base64)

• Content-Type: nature of the message

> Image (gif, jpeg), Video (mpeg), > Application (Postscript, octet-stream)

> A.S.Tanenbaum, "Computer Networks," (3rd ed.) p.653


Page 4: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

Received: from didier.ee.gatech.edu (didier.ee.gatech.edu[]) by eagle.gcatt.gatech.edu (8.8.8+Sun/8.7.1) with

ESMTP id UAA00818 for <[email protected]>; Fri, 30 Jul1999 20:00:35 -0400 (EDT)

Received: from bwnewsletter.com (gw2.mcgraw-hill.com [])by didier.ee.gatech.edu (8.9.0/8.9.0) with ESMTP id UAA16500

for <[email protected]>; Fri, 30 Jul 1999 20:00:33 -0400 (EDT)

Received: from NOP ( by bwnewsletter.com with SMTP(Eudora Internet Mail Server 2.1); Fri, 30 Jul 1999 16:24:21 -0400

Message-Id: <[email protected]>X-Sender: [email protected] (Unverified)X-Mailer: Windows Eudora Light Version 1.5.4 (32)

Mime-Version: 1.0Date: Fri, 30 Jul 1999 16:21:37 -0400

To: [email protected] (note: I was on a Bcc: list)From: BW Online <[email protected]>Subject: BUSINESS WEEK ONLINE INSIDER -- July 30Content-Type: text/plain; charset="us-ascii"

Content-Length: 7694 4

Page 5: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

$ nslookup -q=MX ee.gatech.edu (nslookup -> host)

ee.gatech.edu preference = 10,

mail exchanger = mail.ee.gatech.edu

ee.gatech.edu nameserver = eeserv.ee.gatech.edu

ee.gatech.edu nameserver = duchess.ee.gatech.edu

ee.gatech.edu nameserver = didier.ee.gatech.edu

mail.ee.gatech.edu internet address =

eeserv.ee.gatech.edu internet address =

duchess.ee.gatech.edu internet address =

didier.ee.gatech.edu internet address = 5

Page 6: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

$ nslookup -q=mx mcgraw-hill.com

Non-authoritative answer:mcgraw-hill.com preference = 20, mail exchanger =


Authoritative answers can be found from:mcgraw-hill.com nameserver = NS-01A.ANS.NETmcgraw-hill.com nameserver = NS-01B.ANS.NETmcgraw-hill.com nameserver = NS-02A.ANS.NETmcgraw-hill.com nameserver = NS-02B.ANS.NET

NS-01A.ANS.NET internet address = internet address = internet address = internet address =


Page 7: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

$ nslookup gw2.mcgraw-hill.comAddress:

$ nslookup

*** can't find Non-existent host/domain

$ traceroute

1 ( ): 17ms 2 stn-mtn-rtrb.atl.mediaone.net. ( ): 18ms

3 ( ): 20ms 4 ( ): 17ms 5 ( ): 25ms

6 sgarden-sa-gsr.carolina.rr.com. ( ): 26ms 7 roc-gsr-greensboro-gsr.carolina. ( ): 29ms

8 ( ): 38ms 9 sjbrt01-vnbrt01.rr.com. ( ): 41ms10 pnbrt01-vnbrt01.rr.com. ( ): 42ms

11 p217.t3.ans.net. ( ): 51ms12 h13-1.t32-0.new-york.t3.ans.net. ( ): 49ms13 f0-0.cnss33.new-york.t3.ans.net. ( ): 53ms

14 s0.enss3339.t3.ans.net. ( ): 61ms15 * * * 16 * * *


Page 8: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

Security Services for Email

Privacy - only for intended recipient

Authentication - confidence in ID of sender

Integrity - assurance of no data alteration

Non-repudiation - proof that sender sent it

Proof of submission - was sent to email server

Proof of delivery - was received by addressee

Message flow confidentiality - no one can knowa message was sent (anti-traffic analysis)


Page 9: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

Anonymity - sender's ID hidden

Containment - message forwards to limited area

Audit - events recorded

Accounting - user statistics for allocating costs

Self-destruct - can not forward or store

Message sequence integrity - all messages

arrived in correct order

Security Services for Email - 2


Page 10: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

PrivacyEstablishing Keys

• Public Key Certification

• Exchange Public Keys

Multiple Recipients • Encrypt message m with session key, S

• Encrypt S with each recipient's key

• Send: {S; Kbob}, {S; Kann}, ... , {m; S}

Authentication of Source

• Hash (MD4, MD5, SHA1) of message, encrypt withprivate key (provides ciphertext/plaintext pair)

• Secret Key K: MIC is hash of K+m, or CBC residuewith K (assuming message not encrypted with K). 10

Page 11: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

Message IntegrityThe source authentication methods thatinclude a hash of the message provide MIC


Public-key signing provides non-repudiation.

Secret-key method requires a "Notary" to"Sign" a time-stamp + hash of the message

Proof of DeliveryAcknowledge before reading - can't prove m was read.

Acknowledge after - may have read without signing.11

Page 12: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

Proof of Submission

• CC yourself (unfortunately headers easilymodified) - CC Notary (if recipient not in Bcc)

Flow Confidentiality

• Encrypt message and headers, to third party.

• Send from the corner Cyber Cafe, fake HotMailaccount


• Several Web site services available


• Network Admin can set up filter tables onrouters.


Page 13: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

Names and AddressesX.500 Name (ISO standard)

• ?/C=US/O=CIA/OU=drugs/PN='Manny Norriega'

Internet Name

[email protected] or [email protected]

• <user account name> @ <DNS host name or alias>

• using the alias "mail" lets mail server program bemoved from one host to another

• in ece.gatech.edu domain, "mail" is an alias for"didier", also any email to "ece.gatech.edu"is ok.

Old message - later Non-reputiation• Need Notary to sign hash of message, Certificate

used to authenticate Public Key, and current CRL13

Page 14: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com


Compress Image Compress Text

Page 15: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com


with signatureattached ifthere is one

Page 16: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT



Page 17: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT


Page 18: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT


Page 19: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

To: "Khawar Azad" <[email protected]>From: John Copeland <[email protected]>Subject: ECE8813 : PGP Endeavor...Cc: Bcc: X-Attachments:

-----BEGIN PGP MESSAGE-----Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

qANQR1DBwU4D6cjDU+QAxCwQB/9IZFOIuDSIIQbwa28SQ63DDioFb4bH4bmKfopXcvdDVQ1X53fSJzyLt12RslfQToje8YxRNidYMNg1zDTT7CR9q7LRFoAwBFVtQhWJjFNXn1+aE8oePReMi6vS0DXSSDfgDuUb1R+c8htHoeik6Oebe9R90J3d51yyCojVP2zJ2C2DyZexiudHPuDF1NIeMX582ib70PNzZhigXZcZgCbzs7ppidhHoZaoFttKgoqLBFithU4ca0Xbh/11LDsUC7sY7DnAcjndFQA/7kduOATSlTYaltdaplJl7yAVOIaO+aOuXwpLfcPe9gcuVE43hAgiuy2Vxk1luc1w2MhsnaI2CACU45XGjirbKViVsQ/PJwoTI7Fwgc+Y8Swa0mqgLAeoU1gRpRnouXHrb4IKMzEKGVr6lhAxZ3oXu0h1zUST5p7EQn/hhGHWusEeUs8m4Q7pT39uIjYDfQTfeNxfEYnI+058QZDuovunzhx7xtT+CVz9H164uMIl4kTzjcrBqPAFN/MTAX/mJ9aAIEnaOAtO+WF/AteGda7pOhRSfeBsX0/4yMH0sv+Q2xrt1AzWOjCfb6vY8nZKeafr7UTfM3P0HpvTnjsIzeehtnRpSW/pKPCTD336unzHVASqdvkC4qlxHb3By8lp6LKD2e25PSWBB+9gJrjfeI2/AGIOsxFHdOU5ycGatX4tvNNZ0aGEJsZSUCirgcjp+ChqiuTGHTAOQsU5d5z/NeuAXHBT4WJteIrPo10vIbosI88vw5Nf5/MzCSMsIM9TfScwyGTP4B4t4laq4kywBkRXTX6YFAW34lHwGMxSNqwrST58QVr8j9SiQ9hA2PjRzuM62edMaFOAuMvm3h2Uc6MyDKJxkUk9jmPpuNOYqguruFdngmQatL00GTBr6jk5nzphoJQxUEJA0tTZOGAy8MsK4K+z/X2P1Wgx6M3eNpSoeNF6yqPAW93rl3Bpj27T39BWKjDT2Q5rXXztq6y07oolggh6nNTkBP17TmMXNhyeBNsUsw/bM0mZt8OrlEp6bB4hflmGC9sAP64KvnkTSK6F+QHTAHT01kWlpvJIZGKyT3PdCh9wlr1hQsUGto10t32fBGsJCXew/EClb554AnyYSzP8KAjuw1NdKOBlze0DCiO6Z5z+DAxAwlqTxcm42tthF5zFbTk4UKV6ORzIuHmRO7xR5Io5nlM7T11PDaWqsjLr2ttrSySzARt5fAJ9l1mOH+hSl1YebRjZPaxWw+bsYuqNa0GYr2UdwgE1u5HQuhZ+bOIbSliShfKiNuDGHe6VJrchROHnC9Po2JWAOD7wMFq6STZ/MPGzViaCUaaWPLSKleiURUh4Ly5/LaNYkaumO9vh+241FPqtZKqRVmHRg6dYUdgoI3yfc3JrvepFQT1yeRjEVrLQiUtyhcwdVoLjofgerGAfe3YuDCxM6wLIuCf7Ro9edu01qTiXJj25cXHxeNMdA1txLxR3ontbExow+ML5kxs==68Hd-----END PGP MESSAGE-----

Radix-64 encoding of a binary (all possible 8-bit bytes) message 6-bits at a time into 64 printable ASCII characters (A-Z, a-z , 0-9, +, / bytes 65-90, 97-122, 48-57, 47, 43) pad with =.


Page 20: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT


Page 21: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

PGP Certificates

Anyone can issue a Certificate to anyone elseCertificates can be revoked by the issuer

Where PEM expands data into canonical form,

• (+33% for text, +78% after encryption)

PGP compresses data using ZIP(-50%),encrypts, then (optionally) converts tobase64 (+33%)

Privacy Enhanced Mail,another standard


Page 22: ECE-8843 copeland/jac/8843-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT

Things of which to be aware

Neither PEM or PGP encode mail headers

• Subject can give away useful info

• To and From give an intruder traffic analysis info

PGP gives recipient the original file name and

modification date

PEM may be used in a local system with

unknown trustworthyness of certificates

Certificates often verify that sender is "John

Smith" but he may not be the "John Smith"

you think (PGP allows pictures in certificates)22