KEMBAR78
Lecture 8 - Security at The Application Layer | PDF | Public Key Certificate | Cryptography
Scribd
Upload
205 views34 pages

Lecture 8 - Security at The Application Layer

This document discusses security at the application layer for email using PGP and S/MIME. It begins by explaining the general structure of an email program and how PGP and S/MIME can provide security services like encryption, signatures, and authentication for email. It then goes into more detail on the key components of PGP, including key rings for storing public/private keys, how certificates are used, and how messages are formatted and packets are structured. The document also covers the components of S/MIME, including how it builds upon MIME to define new content types that integrate security services, and how it uses the Cryptographic Message Syntax to specify how functions like encryption and signatures are applied to content.

Uploaded by

monaabdelaziz963
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
205 views34 pages

Lecture 8 - Security at The Application Layer

This document discusses security at the application layer for email using PGP and S/MIME. It begins by explaining the general structure of an email program and how PGP and S/MIME can provide security services like encryption, signatures, and authentication for email. It then goes into more detail on the key components of PGP, including key rings for storing public/private keys, how certificates are used, and how messages are formatted and packets are structured. The document also covers the components of S/MIME, including how it builds upon MIME to define new content types that integrate security services, and how it uses the Cryptographic Message Syntax to specify how functions like encryption and signatures are applied to content.

Uploaded by

monaabdelaziz963
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

DM 426

Computers and
Information Security
Fall 2023/2024
Lecture # 8
Security at the Application Layer:
PGP and S/MIME
1
Contents

❑ To explain the general structure of an e-mail application program

❑ To discuss how PGP can provide security services for e-mail

❑ To discuss how S/MIME can provide security services for e-mail

❑ To define trust mechanism in both PGP and S/MIME

❑ To show the structure of messages exchanged in PGP and S/MIME

16.2
16.1.1 E-mail Architecture
Figure 16.1 E-mail architecture

16.3
16.1.2 E-mail Security
Cryptographic Algorithms

Note
In e-mail security, the sender of the message needs
to include the name or identifiers
of the algorithms used in the message.

Certificates
It is obvious that some public-key algorithms must be
used for e-mail security.
16.4
16.1.2 Continued
Cryptographic Secrets

Note
In e-mail security, the encryption/decryption is
done using a symmetric-key algorithm,
but the secret key to decrypt the message is
encrypted with the public key of the
receiver and is sent with the message.

16.5
16-2 PGP
Pretty Good Privacy (PGP) can be used to create a secure e-
mail message or to store a file securely for future retrieval.

Topics discussed in this section:


16.2.1 Scenarios
16.2.2 Key Rings Philip R. Zimmermann (born 1954) is an
American computer scientist and cryptographer. He
16.2.3 PGP Certificates is the creator of Pretty Good Privacy (PGP), the
16.2.4 Key Revocation most widely used email encryption software in the
16.2.5 Extracting Information from Rings world.[2] He is also known for his work
in VoIP encryption protocols,
16.2.6 PGP Packets notably ZRTP and Zfone. Zimmermann is co-
16.2.7 PGP Messages founder and Chief Scientist of the global encrypted
16.6 communications firm Silent Circle.
16.2.1 Scenarios:
1- Plaintext
Figure 16.2 A plaintext message

16.7
16.2.1 Scenarios, continued
2- Message Integrity
Figure 16.3 An authenticated message

16.8
16.2.1 Scenarios, continued

3- Compression
Figure 16.4 A compressed message

16.9
16.2.1 Scenarios, continued

4- Confidentiality with One-Time Session Key


Figure 16.5 A confidential message

16.10
16.2.2 Continued
PGP Algorithms

16.11
16.2.2 Continued

16.12
16.2.2 Continued

16.13
16.2.2 Continued

16.14
16.2.3 PGP Certificates
X.509 Certificates
Protocols that use X.509 certificates depend on the
hierarchical structure of the trust.

Note
In X.509, there is a single path from the fully
trusted authority to any certificate.

16.15
16.2.3 Continued
PGP Certificates
In PGP, there is no need for CAs; anyone in the ring can
sign a certificate for anyone else in the ring.
Note
In PGP, there can be multiple paths from fully or
partially trusted authorities to any subject.

Trusts and Legitimacy


The entire operation of PGP is based on introducer
trust, the certificate trust, and the legitimacy of the
public keys.
16.16
16.2.3 Continued
Trust Model in PGP
Figure 16.9 Trust model

16.17
16.2.4 Key Revocation
It may become necessary for an entity to revoke his or
her public key from the ring. This may happen if the
owner of the key feels that the key is compromised
(stolen, for example) or just too old to be safe.

16.18
16.2.5 Extracting Information from Rings
Figure 16.10 Extracting information at the sender site

16.19
16.2.5 Continued
Figure 16.11 Extracting information at the receiver site

16.20
16.2.6 PGP Packets

Figure 16.12 Format of packet header

16.21
16.2.6 Continued

16.22
16-3 S/MIME
Another security service designed for electronic mail is
Secure/Multipurpose Internet Mail Extension
(S/MIME). The protocol is an enhancement of the
Multipurpose Internet Mail Extension (MIME) protocol.

It was originally developed by RSA Data Security company

Topics discussed in this section:


16.3.1 MIME
16.3.2 S/MIME
16.3.3 Applications of S/MIME
16.23
16.3.1 S/MIME , continued

Figure 16.23 MIME

16.24
16.3.1 S/MIME , continued
Figure 16.24 MIME header

16.25
16.3.1 S/MIME , continued
MIME-Version
This header defines the version of MIME used. The
current version is 1.1.

Content-Type
The content type and the content subtype are separated
by a slash. Depending on the subtype, the header may
contain other parameters.

16.26
16.3.1 S/MIME , continued

16.27
16.3.2 S/MIME
S/MIME adds some new content types to include security
services to the MIME. All of these new types include the
parameter “application/pkcs7-mime,” in which “pkcs”
defines “Public Key Cryptography Specification.”

Cryptographic Message Syntax (CMS)


To define how security services, such as confidentiality
or integrity, can be added to MIME content types,
S/MIME has defined Cryptographic Message Syntax
(CMS). The syntax in each case defines the exact
encoding scheme for each content type.
16.28
16.3.2 Continued
Figure 16.27 Signed-data content type

16.29
16.3.2 Continued
Figure 16.28 Enveloped-data content type

16.30
16.3.2 Continued

Figure 16.29 Digest-data content type

16.31
16.3.2 Continued
Figure 16.30 Authenticated-data content type

16.32
16.3.2 Continued
Cryptographic Algorithms
S/MIME defines several cryptographic algorithms. The
term “must” means an absolute requirement; the term
“should” means recommendation.

16.33
16.3.2 Continued
Example 16.3
The following shows an example of an enveloped-data in which a
small message is encrypted using triple DES.

16.34

You might also like