FIT3031 Lecture Notes - Lecture 7: Symmetric-Key Algorithm, Sha-1, Public-Key Cryptography
17 Jun 2018
School
Department
Course
Professor
L7: Email Security
Electronic Mail
●Widely used network-based applicaon as it is used by businesses and we as home users.
●Message content are not secure:
○Inspected in transit
○Changes in financial data (dire consequences for sender)
○Forgery
●Basis for email over the internet:
○Simple Mail transfer Protocol (SMTP)
○Message syntax
○Mulpurpose Internet Mail Extension (MIME)
Security Requirements:
●Confidenality: protecon from disclosure
●Authencaon: of sender of message
●Message integrity: protecon from modificaon
●Non-Repudiaon of Origin: protecon from denial by sender
Schemes for Security:
● Pretty Good Privacy (PGP)
●S/MIME (Secure/Multipurpose Internet Mail Extensions)
Pretty Good Privacy (PGP)
●Provides confidenality and authencaon services
●Infusion of the best aspects of asymmetric and symmetric algorithms
●Services:
○Authencaon:
■Sender creates message
■SHA-1 used to generate 160 has code for message
■Hash code is encrypted with RSA using sender's private key and is added to
the front of the message
■Receiver uses the sender's public key to decrypt and recover the hash code
■Receiver generates new hash code for the message and compares it with the
decrypted hash code
●Match: message is authenon
○Confidenality: Message encrypon
■Sender sends message and random 128-bit number is used as a session
●only valid for this message
●Every message has a session key
■Message encrypted using symmetric algorithm with session key (as
symmetric key is faster)
■Session is encrypted using RSA recipients public key which is then added in
front of the encrypted message
■Receiver uses RSA with its private key to decrypt and recover session key
■Session key is used to decrypt the message
○Authencaon & Confidenality
■Sender first signs the message with its own private key
■Encrypts zipped ( message & signature) with the session key
■Encrypts the session key with the recipient's public key
■The encrypted key precedes the rest
Document Summary
Widel(cid:455) used (cid:374)et(cid:449)o(cid:396)k-(cid:271)ased appli(cid:272)a(cid:415)o(cid:374) as it is used (cid:271)(cid:455) (cid:271)usi(cid:374)esses a(cid:374)d (cid:449)e as ho(cid:373)e use(cid:396)s. Cha(cid:374)ges i(cid:374) (cid:374)a(cid:374)(cid:272)ial data (cid:894)di(cid:396)e (cid:272)o(cid:374)se(cid:395)ue(cid:374)(cid:272)es fo(cid:396) se(cid:374)de(cid:396)(cid:895) No(cid:374)-repudia(cid:415)o(cid:374) of o(cid:396)igi(cid:374): p(cid:396)ote(cid:272)(cid:415)o(cid:374) f(cid:396)o(cid:373) de(cid:374)ial (cid:271)(cid:455) se(cid:374)de(cid:396) I(cid:374)fusio(cid:374) of the (cid:271)est aspe(cid:272)ts of as(cid:455)(cid:373)(cid:373)et(cid:396)i(cid:272) a(cid:374)d s(cid:455)(cid:373)(cid:373)et(cid:396)i(cid:272) algo(cid:396)ith(cid:373)s. Sha-(cid:1005) used to ge(cid:374)e(cid:396)ate (cid:1005)(cid:1010)(cid:1004) has (cid:272)ode fo(cid:396) (cid:373)essage. Hash (cid:272)ode is e(cid:374)(cid:272)(cid:396)(cid:455)pted (cid:449)ith rsa usi(cid:374)g se(cid:374)de(cid:396)"s p(cid:396)i(cid:448)ate ke(cid:455) a(cid:374)d is added to the f(cid:396)o(cid:374)t of the (cid:373)essage. Re(cid:272)ei(cid:448)e(cid:396) uses the se(cid:374)de(cid:396)"s pu(cid:271)li(cid:272) ke(cid:455) to de(cid:272)(cid:396)(cid:455)pt a(cid:374)d (cid:396)e(cid:272)o(cid:448)e(cid:396) the hash (cid:272)ode. Re(cid:272)ei(cid:448)e(cid:396) ge(cid:374)e(cid:396)ates (cid:374)e(cid:449) hash (cid:272)ode fo(cid:396) the (cid:373)essage a(cid:374)d (cid:272)o(cid:373)pa(cid:396)es it (cid:449)ith the de(cid:272)(cid:396)(cid:455)pted hash (cid:272)ode. Se(cid:374)de(cid:396) se(cid:374)ds (cid:373)essage a(cid:374)d (cid:396)a(cid:374)do(cid:373) (cid:1005)(cid:1006)(cid:1012)-(cid:271)it (cid:374)u(cid:373)(cid:271)e(cid:396) is used as a sessio(cid:374) Message e(cid:374)(cid:272)(cid:396)(cid:455)pted usi(cid:374)g s(cid:455)(cid:373)(cid:373)et(cid:396)i(cid:272) algo(cid:396)ith(cid:373) (cid:449)ith sessio(cid:374) ke(cid:455) (cid:894)as s(cid:455)(cid:373)(cid:373)et(cid:396)i(cid:272) ke(cid:455) is faste(cid:396)(cid:895) Sessio(cid:374) is e(cid:374)(cid:272)(cid:396)(cid:455)pted usi(cid:374)g rsa (cid:396)e(cid:272)ipie(cid:374)ts pu(cid:271)li(cid:272) ke(cid:455) (cid:449)hi(cid:272)h is the(cid:374) added i(cid:374) f(cid:396)o(cid:374)t of the e(cid:374)(cid:272)(cid:396)(cid:455)pted (cid:373)essage. Re(cid:272)ei(cid:448)e(cid:396) uses rsa (cid:449)ith its p(cid:396)i(cid:448)ate ke(cid:455) to de(cid:272)(cid:396)(cid:455)pt a(cid:374)d (cid:396)e(cid:272)o(cid:448)e(cid:396) sessio(cid:374) ke(cid:455)
