1 of 62

20CS17 – INFORMATION SECURITY

LAKIREDDY BALI REDDY COLLEGE OF ENGINEERING (AUTONOMOUS) Accredited by NAAC & NBA (Under Tier - I) ISO 9001:2015 Certified Institution Approved by AICTE, New Delhi. and Affiliated to JNTUK, Kakinada L.B. REDDY NAGAR, MYLAVARAM, KRISHNA DIST., A.P.-521 230. DEPARTMENT OF INFORMATION TECHNOLOGY

EMAIL PRIVACY

Program & Semester: B.Tech & VI SEM

Section: CSE-C

Academic Year: 2023 - 22

By

Mr. M. Vijay Kumar

Sr Assistant Professor

Dept.of IT, LBRCE

2 of 62

Email Security

email is one of the most widely used and regarded network services
currently message contents are not secure

may be inspected either in transit
or by suitably privileged users on destination system

3 of 62

Email Security Enhancements

confidentiality

protection from disclosure

authentication

of sender of message

message integrity

protection from modification

non-repudiation of origin

protection from denial by sender

4 of 62

Pretty Good Privacy (PGP)

widely used de facto secure email
PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications
developed by Phil Zimmermann
selected best available crypto algs to use
integrated into a single program
on Unix, PC, Macintosh and other systems
originally free, now also have commercial versions available

5 of 62

PGP Operation – Authentication

sender creates message
use SHA-1 to generate 160-bit hash of message
signed hash with RSA using sender's private key, and is attached to message
receiver uses RSA with sender's public key to decrypt and recover hash code
receiver verifies received message using hash of it and compares with decrypted hash code

6 of 62

PGP Operation – Confidentiality

sender generates message and 128-bit random number as session key for it
encrypt message using CAST-128 / IDEA / 3DES in CBC mode with session key
session key encrypted using RSA with recipient's public key, & attached to msg
receiver uses RSA with private key to decrypt and recover session key
session key is used to decrypt message

7 of 62

PGP Operation – Confidentiality & Authentication

can use both services on same message

create signature & attach to message
encrypt both message & signature
attach RSA/ElGamal encrypted session key

8 of 62

PGP Operation – Compression

by default PGP compresses message after signing but before encrypting

so can store uncompressed message & signature for later verification
& because compression is non deterministic

uses ZIP compression algorithm

9 of 62

PGP Operation – Email Compatibility

when using PGP will have binary data to send (encrypted message etc)
however email was designed only for text
hence PGP must encode raw binary data into printable ASCII characters
uses radix-64 algorithm

maps 3 bytes to 4 printable chars
also appends a CRC

PGP also segments messages if too big

10 of 62

11 of 62

12 of 62

13 of 62

14 of 62

15 of 62

16 of 62

17 of 62

18 of 62

19 of 62

20 of 62

21 of 62

PGP Operation – Summary

22 of 62

PGP Session Keys

need a session key for each message

of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES

generated using ANSI X12.17 mode
uses random inputs taken from previous uses and from keystroke timing of user

23 of 62

PGP Public & Private Keys

since many public/private keys may be in use, need to identify which is actually used to encrypt session key in a message

could send full public-key with every message
but this is inefficient

rather use a key identifier based on key

is least significant 64-bits of the key
will very likely be unique

also use key ID in signatures

24 of 62

PGP Message Format

25 of 62

PGP Key Rings

each PGP user has a pair of key rings:

public-key ring contains all the public-keys of other PGP users known to this user, indexed by key ID
private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted keyed from a hashed passphrase

security of private keys thus depends on the pass-phrase security

26 of 62

Key terms

• Timestamp: The date/time when this key pair was generated.
• Key ID: The least significant 64 bits of the public key for this entry.
• Public Key: The public-key portion of the pair.
• Private key: The private-key portion of the pair.
• User ID: Typically a user’s e-mail address.

27 of 62

PGP Message Generation

28 of 62

PGP Message Reception

29 of 62

PGP Key Management

rather than relying on certificate authorities
in PGP every user is own CA

can sign keys for users they know directly

forms a “web of trust”

trust keys have signed
can trust keys others have signed if have a chain of signatures to them

key ring includes trust indicators
users can also revoke their keys

30 of 62

Example

Email message: new
ASCII format:01101110 01100101 01110111
After encryption:10010001 10011010 10001000
Three bytes do not represent in any K.B ASCII chars most email sys can not transmit& process piece of PT
Radix 64 conversion
The 24 bit block: 10010001 10011010 10001000
four 64-bit block:100100 011001 101010 001000
Integer version : 36 25 38 8
Printable version: K Z M I
PGP is converting raw 8-bit binary stream to stream of printable ASCII characters

31 of 62

S/MIME (Secure/Multipurpose Internet Mail Extensions)

security enhancement to MIME email

original Internet RFC822 email was text only
MIME provided support for varying content types and multi-part messages
with encoding of binary data to textual form
S/MIME added security enhancements

have S/MIME support in many mail agents

eg MS Outlook, Mozilla, Mac Mail etc

32 of 62

S/MIME Functions

enveloped data

encrypted content and associated keys

signed data

encoded message + signed digest

clear-signed data

cleartext message + encoded signed digest

signed & enveloped data

nesting of signed & encrypted entities

33 of 62

S/MIME Cryptographic Algorithms

digital signatures: DSS & RSA
hash functions: SHA-1 & MD5
session key encryption: ElGamal & RSA
message encryption: AES, Triple-DES, RC2/40 and others
MAC: HMAC with SHA-1
have process to decide which algs to use

34 of 62

S/MIME Messages

S/MIME secures a MIME entity with a signature, encryption, or both
forming a MIME wrapped PKCS object
have a range of content-types:

enveloped data
signed data
clear-signed data
registration request
certificate only message

35 of 62

S/MIME Certificate Processing

S/MIME uses X.509 v3 certificates
managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust
each client has a list of trusted CA’s certs
and own public/private key pairs & certs
certificates must be signed by trusted CA’s

36 of 62

Certificate Authorities

have several well-known CA’s
Verisign one of most widely used
Verisign issues several types of Digital IDs
increasing levels of checks & hence trust

Class Identity Checks Usage

1 name/email check web browsing/email

2 + enroll/addr check email, subs, s/w validate

3 + ID documents e-banking/service access

37 of 62

IP Security

have a range of application specific security mechanisms

eg. S/MIME, PGP, Kerberos, SSL/HTTPS

however there are security concerns that cut across protocol layers
would like security implemented by the network for all applications

38 of 62

IPsec

general IP Security mechanisms
provides

authentication
confidentiality
key management

applicable to use over LANs, across public & private WANs, & for the Internet

39 of 62

IPsec Uses

40 of 62

Benefits of IPsec

in a firewall/router provides strong security to all traffic crossing the perimeter
in a firewall/router is resistant to bypass
is below transport layer, hence transparent to applications
can be transparent to end users
can provide security for individual users
secures routing architecture

41 of 62

IP Security Architecture

specification is quite complex
defined in numerous RFC’s

incl. RFC 2401/2402/2406/2408
many others, grouped by category

mandatory in IPv6, optional in IPv4
have two security header extensions:

Authentication Header (AH)
Encapsulating Security Payload (ESP)

The IPSec specification has become quite complex. The IPSec specification consists of numerous documents. The most important of these,issued in November of 1998, are

• RFC 2401: An overview of a security architecture

• RFC 2402: Description of a packet authentication extension to IPv4 and IPv6

• RFC 2406: Description of a packet encryption extension to IPv4 and IPv6

• RFC 2408: Specification of key management capabilities

In addition to these four RFCs, a number of additional drafts have been published by the IP Security Protocol Working Group set up by the IETF. The documents are divided into seven groups.

Support for these features is mandatory for IPv6 and optional for IPv4.

In both cases, the security features are implemented as extension headers that follow the main IP header. The extension header for authentication is known as the Authentication Header (AH); that for encryption is known as the Encapsulating Security Payload (ESP) header.

42 of 62

IPsec Services

Access control
Connectionless integrity
Data origin authentication
Rejection of replayed packets

a form of partial sequence integrity

Confidentiality (encryption)
Limited traffic flow confidentiality

43 of 62

Security Associations

a one-way relationship between sender & receiver that affords security for traffic flow
defined by 3 parameters:

Security Parameters Index (SPI)
IP Destination Address
Security Protocol Identifier

has a number of other parameters

seq no, AH & EH info, lifetime etc

have a database of Security Associations

A key concept that appears in both the authentication and confidentiality mechanisms for IP is the security association (SA). An association is a one-way relationship between a sender and a receiver that affords security services to the traffic carried on it. If a peer relationship is needed, for two-way secure exchange, then two security associations are required. Security services are afforded to an SA for the use of AH or ESP, but not both.

A security association is uniquely identified by three parameters:

• Security Parameters Index (SPI): A bit string assigned to this SA and having local significance only

• IP Destination Address: this is the address of the destination endpoint of the SA

• Security Protocol Identifier: This indicates whether the association is an AH or ESP security association.

A SA may also have a number of other parameters. In each IPSec implementation, there is a Security Association Database that defines the parameters associated with each SA.

44 of 62

Authentication Header (AH)

provides support for data integrity & authentication of IP packets

end system/router can authenticate user/app
prevents address spoofing attacks by tracking sequence numbers

based on use of a MAC

HMAC-MD5-96 or HMAC-SHA-1-96

parties must share a secret key

The Authentication Header provides support for data integrity and authentication of IP packets.The data integrity feature ensures that undetected modification to a packet’s content in transit is not possible. The authentication feature enables an end system or network device to authenticate the user or application and filter traffic accordingly; it also prevents address spoofing attacks and replay attacks. Authentication is based on the use of a message authentication code (MAC), hence the two parties must share a secret key. AH supports MACs using HMAC-MD5-96 or HMAC-SHA-1-96. Both of these use the HMAC algorithm , the first with the MD5 hash code and the second with the SHA-1 hash code. In both cases, the full HMAC value is calculated but then truncated by using the first 96bits, which is the default length for the Authentication Data field.

45 of 62

Authentication Header

46 of 62

Transport & Tunnel Modes

47 of 62

Encapsulating Security Payload (ESP)

provides message content confidentiality & limited traffic flow confidentiality
can optionally provide the same authentication services as AH
supports range of ciphers, modes, padding

incl. DES, Triple-DES, RC5, IDEA, CAST etc
CBC & other modes
padding needed to fill blocksize, fields, for traffic flow

48 of 62

Encapsulating Security Payload

Stallings Figure16.7 shows the format of an ESP packet. It contains the following fields:

• Security Parameters Index (32 bits): Identifies a security association

• Sequence Number (32 bits): A monotonically increasing counter value; this provides an anti-replay function ,as discussed for AH

• Payload Data (variable): This is a transport-level segment (transport mode) or IP packet (tunnel mode) that is protected by encryption

• Padding (0–255 bytes): for various reasons

• Pad Length (8 bits): Indicates the number of pad bytes immediately preceding this field

• Next Header (8 bits): Identifies the type of data contained in the payload data field by identifying the first header in that payload

• Authentication Data (variable): A variable-length field that contains the Integrity Check Value computed over the ESP packet minus the Authentication Data field

49 of 62

Transport vs Tunnel Mode ESP

transport mode is used to encrypt & optionally authenticate IP data

data protected but header left in clear
can do traffic analysis but is efficient
good for ESP host to host traffic

tunnel mode encrypts entire IP packet

add new header for next hop
good for VPNs, gateway to gateway security

50 of 62

Combining Security Associations

SA’s can implement either AH or ESP
to implement both need to combine SA’s

form a security association bundle
may terminate at different or same endpoints
combined by

transport adjacency
iterated tunneling

issue of authentication & encryption order

An individual SA can implement either the AH or ESP protocol but not both. Sometimes a particular traffic flow will call for the services provided by both AH and ESP. Further, a particular traffic flow may require IPSec services between hosts and ,for that same flow, separate services between security gateways, such as firewalls. In all of these cases, multiple SAs must be employed for the same traffic flow to achieve the desired IPSec services. The term security association bundle refers to a sequence of SAs through which traffic must be processed to provide a desired set of IPSec services. The SAs in a bundle may terminate at different endpoints or at the same endpoints.

Security associations may be combined into bundles in two ways:

• Transport adjacency: more than one security protocol on same IP packet, without invoking tunneling

• Iterated tunneling: application of multiple layers of security protocols effected through IP tunneling

One interesting issue is the order in which authentication and encryption may be applied between a given pair of endpoints.

51 of 62

Combining Security Associations

52 of 62

Key Management

handles key generation & distribution
typically need 2 pairs of keys

2 per direction for AH & ESP

manual key management

Sys admin manually configures every system

automated key management

automated system for on demand creation of keys for SA’s in large systems
has Oakley & ISAKMP elements

53 of 62

Oakley

a key exchange protocol
based on Diffie-Hellman key exchange
adds features to address weaknesses

cookies, groups (global params), nonces, DH key exchange with authentication

can use arithmetic in prime fields or elliptic curve fields

Oakley is a key exchange protocol based on the Diffie-Hellman algorithm but providing added security. Oakley is generic in that it does not dictate specific formats.

Oakley is designed to retain the advantages of Diffie-Hellman while countering its weaknesses.

The Oakley algorithm is characterized by five important features:

It employs a mechanism known as cookies to thwart clogging attacks

2. It enables the two parties to negotiate a group; this, in essence, specifies the global parameters of the Diffie-Hellman key exchange

3. It uses nonces to ensure against replay attacks

4. It enables the exchange of Diffie-Hellman public key values

5. It authenticates the Diffie-Hellman exchange to thwart man-in-the-middle attacks

Oakley supports the use of different groups for the Diffie-Hellman key exchange, being 768, 1024 or 1536 bit primes, or 155 or 185 bit elliptic curves.

54 of 62

ISAKMP

Internet Security Association and Key Management Protocol
provides framework for key management
defines procedures and packet formats to establish, negotiate, modify, & delete SAs
independent of key exchange protocol, encryption alg, & authentication method

55 of 62

ISAKMP

56 of 62

ISAKMP Payloads & Exchanges

have a number of ISAKMP payload types:

Security, Proposal, Transform, Key, Identification, Certificate, Certificate, Hash, Signature, Nonce, Notification, Delete

ISAKMP has framework for 5 types of message exchanges:

base, identity protection, authentication only, aggressive, informational

57 of 62

What are encryption ciphers? And what are cipher suites?

58 of 62

Cipher suites

Ciphers are algorithms, more specifically they’re a set of steps for performing a cryptographic function
– it can be encryption, decryption, hashing or digital signatures.
Nowadays ciphers are dependent upon the advanced processing capabilities of computers.
One of the first, well-known historical ciphers belonged to Caesar
– the very first emperor of Rome and purveyor of fancy appetizer salads –

- who used it to communicate with his generals during military operations.

59 of 62

Cipher suites

Over the years, ciphers have become more complex,
but the logic behind them has stayed the same
Whether it was Caesar crossing the Rubicon, the infamous Enigma cipher of World War II
or some of the algorithms of today—the idea has always been to encode or encipher a message in such a way that only the intended party can read it.
Today we’re going to discuss SSL/TLS Cipher Suites –
groups of ciphers that help secure an HTTPS connection – then go over their various parts and finish by looking at what’s changed between TLS 1.2 and TLS 1.3.
Let’s hash it out.

60 of 62

Cipher suites…

Cipher is really just an algorithm, or a set of steps that are used to perform a specific mathematical function
– be that encryption, hashing or digital signatures.
Ciphers have always had a basis in math,
even Caesar’s primitive shift cipher required counting forward a designated number of spaces in the alphabet to encrypt something.
I’m going to use Caesar’s cipher to explain some basic concepts that will be useful later when we get into modern cipher suites.
The piece of data or information – it’s all digital now, though historically there’s typically been some kind of ink and paper/parchment involved.
Original unencrypted piece of data would be referred to as the plaintext, as it’s easily readable in its raw form.
After the encryption process has been performed, it becomes a piece of cipher text
and should ideally be unreadable to anyone without the private key.

61 of 62

��Keys vs. Algorithms

Encryption is performed by keys, but it’s important to square how keys and algorithms/ciphers fit together.
The algorithm or cipher used is just that, it’s a sequence of steps that must be used to encrypt the plaintext.
Depending on the cryptosystem, either the values within that algorithm, or the value the algorithm arrives at itself, are the keys.
We’ll clarify that point in a minute, just think of it this way: the algorithms are the general principles/rules used by a given cryptosystem, the keys are what actually performs the function

62 of 62

Summary

have considered:

IPsec security framework
AH
ESP
key management & Oakley/ISAKMP
Cryptographic suites