By Xiaoheng Wu 1

Cryptography Tool

PGP

2

Introduction

• Why PGP?• History of PGP

– First version released by Philip Zimmermann in 1991

• Politics issue (Senate Bill 266)– Anti-crime bill: enable government to read encrypted

messages.

• Philip under criminal investigation– Violation of export restrictions

3

Introduction Cont.

• Patent issue with PGP– Old version with RSA and IDEA(expires

2007)– Another patent free, but incompatible version

uses: Triple-DES, with DSS/Diffie-Hellman.

• A typical commercial PGP, such as ViaCrypt PGP offers many features– Encrypt, sign, encrypt and sign, verify

signature, key management, and so on.

4

How PGP works

• Compress data• Create a session key randomly• Encrypt message using a block cipher algorithm• Use public key cryptography encrypt the session

key• Transmit the ciphertext and encrypted session

key.

5

PGP Encryption

source: An Introduction to Cryptography

6

How PGP Works Cont.

• Decryption works in the reverse order.• If a PGP server receives a message, it

decrypts the encrypted session key using your private key.

• Use this decrypted session key to decrypt the ciphertext.

• Then it decompresses the deciphered text to produce the original plaintext.

7

PGP Decryption

source: An Introduction to Cryptography

8

PGP Keys

• The larger the key, the more secure the encryption

• You decide the size of the key• Public keyring and private keyring

– Keyrings are files with a specific data structure

• Passphrase used to generate your private key• Question: How to choose a passphrase?• Answer: easy to remember, difficult to guess. (no

famous quotes)

9

Message Digest

• Fingerprint of your message or file• MD5 in PGP

– 128-bit MD5 has serious weakness– In 1996, Hans Dobbertin, a German cryptographer,

partially broke MD5

• SHA-1 in PGP– 160-bit SHA-1 developed by NSA– Extremely well designed

• For compatibility reason, MD5 still used for RSA signatures

10

Certificates• Make sure the public key belongs to the person

associated with that signature• PGP certificates consist of

– Public key– User id or name– Email address or ICQ.– One or more signatures– validity period – Preferred algorithm(CAST, AES, IDEA, Triple-DES,

and Twofish )

• Pitfall: Not attest the authenticity as a whole, only vouches the public key is bound to the appeared identity on the certificate.

11

Certificate Revocation

• Validity period• If a certificate expired, it becomes invalid• Why a certificate need to be revoked?

– Private key is comprised

• Does not mean anything bad about the public key owner, only saying the users can no longer authenticate you by your public key.

• Communicating that a certificate has been revoked– Post your revoked certificate on a server– In PKI environment, Certificate Revocation List

12

Protect Public key

• Problem– If Trudy substituted his public key for Alice’s

public key, she would be able to decrypt the messages that sent to Alice and encrypt it using Alice’s public key and send it to Alice again. No one suspects anything wrong.

– Forge the signature using her private key.

13

Protect Public Key Cont.

• Solution– Get Alice’s key in person– Have your friend David signs Alice’s public

key if he knows Alice’s public key and can be trusted.

– Any certificates from Certificate Authority can be trusted

– Store your own public keyring on your PC

14

Validating Keys

• Check trust level, computer the result.– Example: two marginally

trusted signatures is as credible as one fully trusted signature

– PGP trust level: complete trust, marginal trust, no trust

• PGP let you decide who you can trust

• standard public key management schemes – Internet Privacy

Enhance Mail (PEM)

• Requires mandatory trust

• Relay on CA tells you who you can trust

15

Vulnerabilities

• Passphrase attack– Easy to remember, difficult to guess

• Public key tampering– Make sure the public key is directly from that

person or signed by a trusted third party. – Access control of your own public and private

keyrings– Make a copy of both keyrings

16

Vulnerabilities Cont.• Not quite deleted files

– Marked that deleted location for reusability – Overwrite that marked location on the disk– PGP’s Secure Wipe and Freespace features to clear any

fragments left by your word processor

• Viruses or Trojan horses– Attacks on passphrass, private key, and deciphered text.

PGP offers no solution. Helpfully, you can be notified as soon as possible.

– Imitation of PGP has malfunctions: not check signature.– Solution: directly download PGP from PGP Corporation

17

Vulnerabilities Cont.

• Virtual memory or swap files– Fairly low risk because PGP does not keep sensitive

data long in memory– Write sensitive data to the disk using LRU memory

replacement algorithm. (data: passphrase, private key, or deciphered text )

– Solution: overwrite your swap files or simply turn off your virtual memory feature.

• Physical security breach– Burglary, trash-picking, bribery, or blackmail

18

Vulnerabilities Cont.• Tempest attacks

– detect the electromagnetic signals emitted from video screen– “Secure Viewer” feature (PGP 6.0 or later)

• using a special font that may reduce the levels of radio frequency emissions

– LCD has no such emissions

• Bogus timestamp– Create a signature certificate of a signature certificate with a

trustworthy timestamp.

• Multi-user system– PGP is designed for a single user system– Be aware of the risk on a multi-user system

19

Vulnerabilities Cont.

• Traffic analysis– Observing the size of the message, source and

destination, the time it is sent. – PGP alone has no solution for this problem– Requires a special communication protocol that can

reduce the traffic information

• Cryptanalysis– PGP uses the best block cipher algorithms in the world– No successfully attacks on public key cryptography

since 1978

20

References

• www.pgp.com

• http://web.mit.edu/network/pgp.html

• http://www.mit.edu/~prz/EN/background/index.html

21

The End

PGP gives you Pretty Good Privacy