《信息系统安全第五章课件》由会员分享,可在线阅读,更多相关《信息系统安全第五章课件(32页珍藏版)》请在金锄头文库上搜索。
1、1,Chapter 5,Electronic mail security,2,Outline,Pretty good privacy(PGP) S/MIME Recommended web sites,3,5.1 Pretty Good Privacy,Philip R. Zimmerman is the creator of PGP. PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications.,4,Wh
2、y Is PGP Popular?,It is availiable free on a variety of platforms. Based on well known algorithms. Wide range of applicability Not developed or controlled by governmental or standards organizations PGP is now on an Internet standard track-RFC3156,5,Operational Description,Consist of five services: A
3、uthentication Confidentiality Compression E-mail compatibility Segmentation and reassemblely,6,7,8,detached signature: Although signatures normally found attached to the message or file that they sign, Detached signatures are supported. A detached signatures may be stored and transmitted separately
4、from the message it signs. The utility of a detached signature: A detached signature is useful in several contexts. A user may wish to maintain a separate signature log of all messages sent or received.,9,A detached signature of an executable program can detect subsequent virus infection. Finally, d
5、etached signatures can be used when more than one party must sign a document, such as a legal contract. Each persons signature is independent and therefore is applied only to the document. Otherwise, signatures would have to be nested, with the second signer signing both the document and the first s
6、ignature, and so on.,10,Compression,PGP compresses the message after applying the signature but before encryption The placement of the compression algorithm is critical. The compression algorithm used is ZIP (described in appendix 5A),11,E-mail Compatibility,The scheme used is radix-64 conversion (s
7、ee appendix 5B). R64 converts a raw 8-bit binary stream to a stream of printable ASCII characters. Each group of three octets of binary data is mapped into four ASCII characters. The use of radix-64 expands the message by 33%.,12,13,14,Segmentation and Reassembly,Often restricted to a maximum messag
8、e length of 50,000 octets. Longer messages must be broken up into smaller segments. PGP automatically subdivides a message that is too large into segments that are small enough to send via e-mail. The receiver strip of all e-mail headers and reassemble the block.,15,Sumary of PGP Services,16,PGP mak
9、es use of four types of keys: one-time session symmetric keys, public keys, private keys, and passphrase-based symmetric keys. session key generation key identifiers,Cryptographic Keys and Key Rings,17,Format of PGP Message,18,19,20,21,Public-key Management,The essence of the public-key management:
10、User A must build up a public-key ring containing the public keys of other users to interoperate with them using PGP. Approaches to public-key management: Physically get key Verify a key by telephone Obtain Bs public key from a mutual trusted individual D. Obtain Bs public key from a trusted CA.,22,
11、The Use of Trust,Key legitimacy field Signature trust field Owner trust field How does PGP use the concept of trust: PGP includes a facility for assigning a level of trust to individual signers and to keys.,23,24,Revoking Public Keys,The owner issue a key revocation certificate. Normal signature cer
12、tificate with a revote indicator. Corresponding private key is used to sign the certificate.,25,5.2 S/MIME,RFC 822 defines a format for text messages that are sent using electronic mail. MIME (Multipurpose Internet Mail Extension) is an extension to the RFC 822 framework that is intended to address
13、some of the problems and limitations of the use of SMTP (Simple Mail Transfer Protocol) or some other mail transfer protocol and RFC 822 for electronic mail.,26,S/MIME(Secure/Multipurpose Internet Mail Extension) is a security enhancement to the MIME Internet e-mail format standard, based on technol
14、ogy from RSA Data Security. S/MIME will probably emerge as the industry standard for commercial and organizational. PGP will remain the choice for personal e-mail security for many users.,27,Simple Mail Transfer Protocol (SMTP, RFC 822),Major limitations of the SMTP/822: executable files, or other b
15、inary files (JPEG image) “national language” characters (non-ASCII) mail messages over a certain size ASCII to EBCDIC translation problems,28,Header fields in MIME,MIME-Version: Must be “1.0” - RFC 2045, RFC 2046 Content-Type: Describes the data contained in the body with sufficient detail. Content-
16、Transfer-Encoding: How message has been encoded (radix-64) Content-ID: Unique identifying character string. Content Description: Needed when content is not readable text (e.g.,mpeg,audio data),29,S/MIME Functions,Enveloped Data: Encrypted content and encrypted-content encryption keys for recipients. Signed Data: Message Digest encrypted with private key of “signer.” Clear-Signed Data: Signed but not encrypted. Signed and Enveloped Data: encrypted data may be signed and signed data or cl
