ECE-6612 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Offices: Klaus 3362.
ECE-6612 copeland/jac/6612/ Prof. John A. Copeland [email protected] 404 894-5177 fax 404...
-
Upload
francine-hamilton -
Category
Documents
-
view
219 -
download
0
Transcript of ECE-6612 copeland/jac/6612/ Prof. John A. Copeland [email protected] 404 894-5177 fax 404...
ECE-6612http://www.ece.gatech.edu/~copeland/jac/6612/
Prof. John A. [email protected]
404 894-5177fax 404 894-0035
Office: Klaus 3362MWF after class; email or call for office visit
Chapter 5a - Pretty Good Privacy (PGP) Email(aka GPG or GnuPG - Gnu Privacy Guard)
Electronic Mail
In 1982, ARPANET email proposals were published as RFC
821 (www.ietf.org/rfc/rfc0821.txt) and RFC 822
• Email services since are based on these RFC's (+ many later)
• CCITT X.400 & ISO MOTIS grew and waned as competitors
• "User Agents" UA, and "Message Transfer Agents" MTA
Three parts to an email message:
• Envelope - information used to forward the contents
• Header - standard strings, some added in route.
> To: Cc: Bcc: From: Sender:
> Received: (added in route), Return-Path: (by final MTA)
> MIME headers added by RFC 1341 and 1521
> A. S. Tanenbaum, "Computer Networks," (3rd ed.) p.651 2
MIME HeadersMultipurpose Internet Mail Extensions (MIME)
RFC 1341 and RFC 1521
• MIME -Version: version number
• Content-Description: human-readable string
• Content-ID: unique identifier
• Content-Transfer-Encoding: body encoding
> ASCII (Plain, quoted-printable, or Richtext)> Binary (base64)
• Content-Type: nature of the message
> Image (gif, jpeg), Video (mpeg), > Application (Postscript, octet-stream)
> A.S.Tanenbaum, "Computer Networks," (3rd ed.) p.653 3
Received: from didier.ee.gatech.edu (didier.ee.gatech.edu[130.207.230.10]) by eagle.gcatt.gatech.edu (8.8.8+Sun/8.7.1) with
ESMTP id UAA00818 for <[email protected]>; Fri, 30 Jul1999 20:00:35 -0400 (EDT)
Received: from bwnewsletter.com (gw2.mcgraw-hill.com [198.45.19.20])by didier.ee.gatech.edu (8.9.0/8.9.0) with ESMTP id UAA16500
for <[email protected]>; Fri, 30 Jul 1999 20:00:33 -0400 (EDT)
Received: from NOP (152.159.60.175) by bwnewsletter.com with SMTP(Eudora Internet Mail Server 2.1); Fri, 30 Jul 1999 16:24:21 -0400
Message-Id: <[email protected]>X-Sender: [email protected] (Unverified)X-Mailer: Windows Eudora Light Version 1.5.4 (32)
Mime-Version: 1.0Date: Fri, 30 Jul 1999 16:21:37 -0400
To: [email protected] (note: I was on a Bcc: list)From: BW Online <[email protected]>Subject: BUSINESS WEEK ONLINE INSIDER -- July 30Content-Type: text/plain; charset="us-ascii"
Content-Length: 7694 4
The last “Received:” line identifies the sender’s IP*
*Gmail and Yahoo now hide this information on email from a customer
$ nslookup -q=MX ee.gatech.edu (nslookup -> host)
ee.gatech.edu preference = 10,
mail exchanger = mail.ee.gatech.edu
ee.gatech.edu nameserver = eeserv.ee.gatech.edu
ee.gatech.edu nameserver = duchess.ee.gatech.edu
ee.gatech.edu nameserver = didier.ee.gatech.edu
mail.ee.gatech.edu internet address = 130.207.230.10
eeserv.ee.gatech.edu internet address = 130.207.230.5
duchess.ee.gatech.edu internet address = 130.207.230.13
didier.ee.gatech.edu internet address = 130.207.230.10 5
$ nslookup -q=mx mcgraw-hill.com
Non-authoritative answer:mcgraw-hill.com preference = 20, mail exchanger =
interlock.mgh.com
Authoritative answers can be found from:mcgraw-hill.com nameserver = NS-01A.ANS.NETmcgraw-hill.com nameserver = NS-01B.ANS.NETmcgraw-hill.com nameserver = NS-02A.ANS.NETmcgraw-hill.com nameserver = NS-02B.ANS.NET
NS-01A.ANS.NET internet address = 199.221.47.7NS-01B.ANS.NET internet address = 199.221.47.8NS-02A.ANS.NET internet address = 207.24.245.179NS-02B.ANS.NET internet address = 207.24.245.178
6
$ nslookup 198.45.19.20 [can also use “host” or “dig”]Name: gw2.mcgraw-hill.comAddress: 198.45.19.20
$ nslookup 152.159.60.175
*** can't find 152.159.60.175: Non-existent host/domain
$ traceroute 152.159.60.175 [on MS Windows, open DOS, type “tracert”]
1 24.88.12.129 (24.88.12.129 ): 17ms 2 stn-mtn-rtrb.atl.mediaone.net. (24.88.0.254 ): 18ms
3 24.93.64.69 (24.93.64.69 ): 20ms 4 24.93.64.61 (24.93.64.61 ): 17ms 5 24.93.64.57 (24.93.64.57 ): 25ms
6 sgarden-sa-gsr.carolina.rr.com. (24.93.64.30 ): 26ms 7 roc-gsr-greensboro-gsr.carolina. (24.93.64.17 ): 29ms
8 24.93.64.45 (24.93.64.45 ): 38ms 9 sjbrt01-vnbrt01.rr.com. (24.128.6.6 ): 41ms10 pnbrt01-vnbrt01.rr.com. (24.128.6.85 ): 42ms11 p217.t3.ans.net. (192.157.69.52 ): 51ms
12 h13-1.t32-0.new-york.t3.ans.net. (140.223.33.21 ): 49ms13 f0-0.cnss33.new-york.t3.ans.net. (140.222.32.193 ): 53ms14 s0.enss3339.t3.ans.net. (199.222.77.70 ): 61ms
15 * * * 16 * * *
7
$ whois 152.159.60.175
OrgName: McGraw Hill, IncOrgID: MCGRAWAddress: 148 Princeton Htstown RdCity: HightstownStateProv: NJPostalCode: 08520Country: US
NetRange: 152.159.0.0 - 152.159.255.255CIDR: 152.159.0.0/16NetName: MHP-NETNameServer: AUTH111.NS.UU.NETNameServer: AUTH120.NS.UU.NETComment:RegDate: 1992-03-18Updated: 2004-04-01
RTechHandle: MW1053-ARINRTechName: Weyman, MikeRTechPhone: +1-555609-426-5291RTechEmail: [email protected]
RTechHandle: JGE8-ARINRTechName: Gervasio, JohnRTechPhone: +1-555-426-5017RTechEmail: [email protected]
OrgTechHandle: HOSTM339-ARINOrgTechName: hostmasterOrgTechPhone: +1-555-426-5291OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2006-09-24 19:10# Enter ? for additional hints on searching ARIN's WHOIS database. 8
Security Services for Email
Privacy - only read by intended recipient (confidentiality, access, authorization)
Authentication - confidence in ID of sender
Integrity - assurance of no data alteration
Non-repudiation - proof that sender sent it (attribution)
Less Common:
Proof of submission - was sent to email server
Proof of delivery - was received by addressee
9
10
Investigating Email You Receive
Look at “Raw” or “Source” Message to see:HeadersHTML Links
InvestigateSource (who sent it) -
“Lowest Received:” headerActive Links in
<a href= “http://{IP or URL}”>, {text} </a> Image Links in
<img src=“{URL or filename}” </img> Programs to Use
nslookup - IP from URL, or URL from IPwhois - Register of domain (not URL)traceroute - path of packets through routers
PrivacyEstablishing Keys
• Public Key Certification
• Exchange Public Keys
Multiple Recipients • Encrypt message m with session key, S
• Encrypt S with each recipient's key
• Send: {S; Kbob}, {S; Kann}, ... , {m; S}
Authentication of Source
• Hash (MD4, MD5, SHA1) of message, encrypt withprivate key (provides ciphertext/plaintext pair)
• Secret Key K: MIC is hash of K+m, or CBC residuewith K (assuming message not encrypted with K). 11
Message IntegrityThe source authentication methods thatinclude a hash of the message provide MIC
Non-repudiationPrivate-key signing provides non-repudiation.
Secret-key method requires a "Notary" to"Sign" a time-stamp + hash of the message
Proof of DeliveryAcknowledge before reading - can't prove m was read.
Acknowledge after - may have read without signing.
12
Names and AddressesX.500 Name (ISO standard)
• ?/C=US/O=CIA/OU=drugs/PN='Manny Norriega'
Internet Name
• [email protected] or [email protected]
• <user account name> @ <DNS host name or alias>
• using the alias "mail" lets mail server program bemoved from one host to another
• in gatech.edu domain, "mail" is an alias for"vip1.ecc".
Old message - later Non-reputiation• Need Notary to sign hash of message, Certificate
used to authenticate Public Key, and current CRL13
From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com14
PGP Email:Sign (optional)
before Encryption(also optional)
From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com
with signatureattached ifthere is one
R64 EncodingHow PGP Encryption Works
15
16
1. ZIP Compress2. Encrypt with Session Key3. Encode to text with R64
PGP Format
Public key
Private key
Sender
17
PGP Email Receiver
Public Key RingPrivate Key Ring
p.144-145 ed.3
Typed Passphrase
R64 Decode to binary
ZIP Decompress
Receiver’sPrivate Key
Session Key
Sender’sPublic Key
Check Signature Message
H - HashDC - Symmetric DecryptionDP - Pub./Priv. Decryption
011001001011010101101010
18
R64 Encode: Every 3 bytes split into 4 6-bit numbers
n = 0 to 63
printable characters a-z A-Z 0-9 + /
in a received message, “=“, “>”, CR, LF, ... are ignored
01011001 01001011 01010101 01101010
* for most 6-bit inputs, R64(n) just adds 64 (puts an “01” in front)
*
To: ”Jim Jones" <[email protected]>From: John Copeland <[email protected]>Subject: ECE8813 : PGP Endeavor...Cc: Bcc: X-Attachments:
-----BEGIN PGP MESSAGE----- (both 5 –’s required)Version: PGPfreeware 6.5.2 for non-commercial <http://www.pgp.com> (blank line required)qANQR1DBwU4D6cjDU+QAxCwQB/9IZFOIuDSIIQbwa28SQ63DDioFb4bH4bmKfopXcvdDVQ1X53fSJzyLt12RslfQToje8YxRNidYMNg1zDTT7CR9q7LRFoAwBFVtQhWJjFNXn1+aE8oePReMi6vS0DXSSDfgDuUb1R+c8htHoeik6Oebe9R90J3d51yyCojVAHT01kWlpvJIZGKyT3PdCh9wlr1hQsUGto10t32fBGsJCXew/EClb554AnyYSzP8KAjuw1NdKOBlze0DCiO6Z5z+DAxAwlqTxcm42tthF5zFbTk4UKV6ORzIuHmRO7xR5Io5nlM7T11PDaWqsjLr2ttrSySzARt5fAJ9l1mOH+hSl1YebRjZPaxWw+bsYuqNa0GYr2UdwgE1u5HQuhZ+bOIbSliShfKiNuDGHe6VJrchROHnC9Po2JWAOD7wMFq6STZ/MPGzViaCUaaWPLSKleiURUh4Ly5/LaNYkaumO9vh+241FPqtZKqRVmHRg6dYUdgoI3yfc3JrvepFQT1yeRjEVrLQiUtyhcwdVoLjofgerGAfe3YuDCxM6wLIuCf7Ro9edu01qTiXJj25cXHxeNMdA1txLxR3ontbExow+ML5kxs==68Hd-----END PGP MESSAGE----- (both 5 –’s required)
Radix-64 encoding of a binary (all 8-bit bytes) message 6-bits at a time into 64 printable ASCII characters (A-Z, a-z , 0-9, +, / bytes 65-90, 97-122, 48-57, 47, 43) pad with =.
20
PGP CertificatesAnyone can issue a Certificate to anyone, including themselves. Certificates can be revoked by the issuer, if a Certificate-Server is used that has a Revocation Database.
Where PEM expands data into canonical form,
• (+33% for text, +78% after encryption & R64)
PGP compresses data using ZIP(-50%),encrypts (optional), then converts toR64 encoding (+33%)
Privacy Enhanced Mail, another standard
23
Things of which to be aware• Neither PEM nor PGP encodes mail headers
• Subject can give away useful info
•To and From give an intruder traffic analysis info• PGP gives recipient the original file name and modification date.• PEM may be used in a local system with unknown trustworthiness of certificates
• Certificates often verify that sender is "John Smith" but he may not be the "John Smith” you think. Anyone can copy pictures from the Web)
• Public PGP Key servers allow anyone to send you PGP encrypted mail, but their signature is easily forged. They can give your name & mail address to spammers. Avoid them. Get PGP keys directly from owners. 24
http://www.gnupg.org/
GPGToolshttps://www.gpgtools.org
Includes binaries for GnuPG.
http://www.mozilla.org/en-US/thunderbird/
https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/(Extension for Thunderbird)
Email Program
25
Using GnuPG (PGP)
Install GPGTools : now you have the command line programs available to generate keys, maintain key-chain files, convert text files (.asc) into encrypted and/or signed ciphertext files (.pgp). The .pgp files can be emailed as attachments or, if the are “armored” (R64 encoded,) they can be pasted into the body of an email message.
Install Thunderbird email program. Under the “Tools” menu, select “Add-ons”. In the box at upper right that says “Search all add-ons”, type “Enigmail”. If found, install it; otherwise download the .xpi file from the link on previous slide, and then try again. Once installed you will see in the top Thunderbird menu “OpenPGP” next to “Tools”
26
Using Thunderbird with Enigmail (Open PGP)
Read: http://support.gpgtools.org/kb/how-to/first-steps-where-do-i-start-where-do-i-begin (link) for critical stuff like this:
“You need (to send PGP mail): > a secret key matching the mail address you want to write from (see Mail.app >Settings > Accounts)> the public key of the recipient> recipients and senders mail address have to perfectly match the mail addresses (as IDs) in the keys being used.
Important: For the Encrypt button to become available, you need to enter the recipients mail address - only then will that button be enabled (and only if you have the matching Public Key).”
27
Configuring Thunderbird for GT Mail
Top Menu: File / New / Existing Mail Account ...
Type in your User Name and password. Thunderbird will try to set up the configuration automatically, and fail. Then you can input the following information:
User Name: (your GT id – primary mail name)
Receiving Mail Server Protocol: imap (or pop – if you want to download mail) Server Name: imap.mail.gatech.edu (or pop.mail.gatech.edu) Server Port: 995 Security: SSL/TLS Authentication: Normal Password
Sending Mail Server Protocol: smtp Server Name: smtp.mail.gatech.edu Server Port: 465 Security: SSL/TLS Authentication: Normal Password
28
A PGP Email or .asc File Looks Like This:
29
-----BEGIN PGP MESSAGE-----Version: 9.9.1.287Comment: Do not worry about "UNTRUSTED Good Signature"
qANQR1DBwEwD7GfrZjlPkZ0BB/9YW6/cTpNVkwdyuTmlo/fcTB0lIjy6C4LnUtx210BwJCwdcFHcIkS9Iw0+/9wKNafArxciCwpSM2BBYePksl2JQUf7in8MILirKtd6Foy9yEJmtD5JzaVDF1tYElT9ntzNk2jvcengkD/PhkmEaT+VIY1Cw5Bf5HP6OPOEJ4RqTRjaGjkGrmcP3zywjESzfk0iN2z2mtsDHufFqJ0hvQAusAZ2c5GjK9jUsvHy8gzBW9aFlINHpWL90G3XGtaKfudM9QGTjXIs99Pfdj08jUd/xSn+FsDW6ulhlluWpCwohtN06qN6VvI2vbC3eGV5RCd+5b6iR3O26hY/NOssjI5jwcBOA72/fxTdBTHgEAP8DJVFBQzRjn2RBWr7Bo+zV3DlHXMr9kU02szQ+h4WNU7ffEakhlnwDoqnHvh3QfH/8G7heOlGjM3hITZj8rw66OQ/s4o/8o7N1wERhJYc4/oWOmAopyy8jIliB9AKn90fKWbfrTUrShF1qJdQuLMV0E30lHsKDKDyZ9vhklt2D20D/3Yl0zRlEk4w5x9ci3mZC2XpKsgmttRABg65R1E4tQqPNiQTuL3YrpQfgLT9rMpW5UmyppSuZvD9CpsWIG7I8MT33eY5Eh4twTdErvpXN+uUWDadiPb6J8ifpBfzhuzWhiom7KAI3+4y6OX5sYyyZHtqxNxg6ziZ76B/H+/vaegD0sBrATEJtdnDAipPogZYAzwuQ8PCO985wHuu2aFbPaVqLPMWwwFck3bvV46E49RWIPgkJmpMiimaG236HdQbF4nhZgUjfggGE3cmqP9eChxuV8kyZLIgkh1CaKP/XQSZlpl2js+D0M1Mq6ef4BZ3BNW+TPLjYNGM1Yt/+0NlLn+AxUvZmVNJvuxdeNKIn7jkpK5w466wRaiffujLzwJdzwISIofm7oEp88dPA9udzotKGM+FOHi3tHwPiox+l/PdMv34AlMPY2c2qDEcwBSKAYR8ASBM/nulY6bKwZwbYGlSdxT/FTDb9i32+WuUU7HeUPZvFizUIPwFzPeI8RlkaLdhsElmbPuGar5lC7PMoOHuCnnSB4DdgUEqM5ScJRI6ToGDAjh3XZ9BRwfD0O8==auCB-----END PGP MESSAGE-----
Syntax
Start Comments “1 Blank LineR64 <=78 char.““‘“““““““““““““ (pad =‘s)= ChecksumStop
http://cryptome.org/jya/openpgp-01.htm