Pretty good privacy
Download
1 / 17

SC700 A2 Internet Information Protocols - PowerPoint PPT Presentation


  • 185 Views
  • Uploaded on

Pretty Good Privacy. Application Presentation by J. Chu. 4/17/2001. SC700 A2 Internet Information Protocols. Background. Pretty Good Privacy – J. Chu. Pretty Good Privacy (PGP) The first version of PGP was programmed in 1991 by Phil R. Zimmerman, who later founded PGP Security Consulting.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SC700 A2 Internet Information Protocols' - atara


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Pretty good privacy
Pretty Good Privacy

Application Presentation by J. Chu

4/17/2001

SC700 A2 Internet Information Protocols


Background
Background

Pretty Good Privacy – J. Chu

Pretty Good Privacy (PGP)

The first version of PGP was programmed in 1991 by Phil R. Zimmerman, who later founded PGP Security Consulting.

PGP is one of the most popular encryptionand authentication algorithm world-wide.

PGP is more widely used in electronic mailsecurity than any other areas.

Phil R. Zimmerman

4/17/2001

SC700 A2 Internet Information Protocols


Background continues
Background (continues)

Pretty Good Privacy – J. Chu

Pretty Good Privacy (PGP)

PGP is a hybrid cryptosystem; it is a combination of some of the best known encryption algorithms in existence.

While PGP has the speediness of a symmetric-key encryption algorithm, it maintains the high level of security of a public-key encryption algorithm.

4/17/2001

SC700 A2 Internet Information Protocols


Background continues1
Background (continues)

Pretty Good Privacy – J. Chu

Pretty Good Privacy (PGP)

"If all the personal computers in the world - 260 million - were put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, on average, to break a single message.”

- Deputy Director William CrowellNational Security Agency3/20/1997

4/17/2001

SC700 A2 Internet Information Protocols


Introduction
Introduction

Pretty Good Privacy – J. Chu

Why choose PGP over RSA?

RSA is very secured given a large enough key. However, it is definitely no fun having to compute 567^2128 for every single letter in order to encrypt or decrypt a message. During the 80’s and early 90’s, not too many computer in the world can handle such complex computations in a short period of time.

This is when PGP comes in…It is fast, secured, and best of all, everyone** can use!

(**note: by publishing the source code of PGP on the Internet, Phil Zimmerman actually got prosecuted by the United States Government for exporting a weapon.)

4/17/2001

SC700 A2 Internet Information Protocols


Introduction continues
Introduction (continues)

Pretty Good Privacy – J. Chu

  • The following algorithms are employed by PGP:

  • IDEA Cipher

    • - developed by James Massey & Xuejia Lai in 1990

  • RSA Public Key Encryption

    • - developed by Rivest, Shamir, and Adelman in 1977

  • GZIP

    • - A combination of Lempel-Ziv and Huffman Encoding

4/17/2001

SC700 A2 Internet Information Protocols


Algorithm
Algorithm

Pretty Good Privacy – J. Chu

  • About the IDEA cipher:

  • IDEA: International Data Encryption Algorithm

  • Message is encrypted with a 128-bit IDEA key via different combinations of operations:a. Additions (mod 216)b. Multiplication (mod 216 + 1)c. Additions (mod 2) (i.e. XOR)

  • There are currently no known effective attacks against the IDEA cipher.

4/17/2001

SC700 A2 Internet Information Protocols


Algorithm continues
Algorithm (continues)

Pretty Good Privacy – J. Chu

  • The IDEA cipher algorithm:

  • Original text is divided into 64-bit blocks.

  • Each 64-bit block is further divided into four 16-bit sub-blocks: X1, X2, X3, X4.

  • The 128-bit IDEA session key is divided into eight 16-bit key-blocks: Ki,1, Ki,2, Ki,3, Ki,4, Ki,5, Ki,6, Ki,7, Ki,8.

  • Addition and Multiplication are perform on each block of Xn and Ki,j.

  • The combination of operations are performed eight times to get the final encryption.

4/17/2001

SC700 A2 Internet Information Protocols


Algorithm continues1
Algorithm (continues)

Pretty Good Privacy – J. Chu

IDEA Algorithm:

4/17/2001

SC700 A2 Internet Information Protocols


Algorithm continues2
Algorithm (continues)

Pretty Good Privacy – J. Chu

  • Problems with IDEA cipher:

  • IDEA is a symmetric-key cryptosystem. In order to decrypt a cipher, one must know the very same key that is used to encrypt the message.

  • Since the IDEA key is 128-bit long, it is not easy to memorize and therefore it must be recorded.

4/17/2001

SC700 A2 Internet Information Protocols


Algorithm continues3
Algorithm (continues)

Pretty Good Privacy – J. Chu

  • PGP Improvements:

  • Instead of using the the same key each time, PGP randomly generated a new IDEA key for every session. The same message sent at different times will be totally different and remembering the key will be useless and unnecessary.

  • The IDEA key is encrypted via RSA public key encryption algorithm. Decryption can be achieved only by those who knows the complementary key.

  • PGP compresses packages with GZIP.

4/17/2001

SC700 A2 Internet Information Protocols


Algorithm continues4
Algorithm (continues)

Pretty Good Privacy – J. Chu

  • How PGP Encrypts:

  • Original text is encrypted into IDEA cipher text with a 128-bit random key via IDEA encryption.

  • The IDEA session key is encrypted with a large public key via RSA encryption.

  • The encrypted IDEA session key is appended to the IDEA cipher text.

  • GZIP is used to compress the data into a PGP package.

4/17/2001

SC700 A2 Internet Information Protocols


Algorithm continues5
Algorithm (continues)

Pretty Good Privacy – J. Chu

How PGP Encrypts:

4/17/2001

SC700 A2 Internet Information Protocols


Algorithm continues6
Algorithm (continues)

Pretty Good Privacy – J. Chu

  • How PGP Decrypts:

  • PGP package is decompressed and is separated into the encrypted IDEA session key and the encrypted IDEA cipher text.

  • IDEA session key is decrypted with RSA private key.

  • IDEA session key decrypts the IDEA cipher text into the original plain text.

4/17/2001

SC700 A2 Internet Information Protocols


Algorithm continues7
Algorithm (continues)

Pretty Good Privacy – J. Chu

How PGP Decrypts:

4/17/2001

SC700 A2 Internet Information Protocols


Conclusion
Conclusion

Pretty Good Privacy – J. Chu

PGP over IDEA & RSA:

Although IDEA and RSA are very strong encrypting algorithms, they do have their weaknesses: IDEA uses a single and lengthy key while RSA employs complex and lengthy computations.

By combining both IDEA and RSA, PGP uses the strengths of one algorithm to compensate for the weaknesses of the other. As the result, PGP is one of the strongest and fastest encrypting algorithm in existence.

4/17/2001

SC700 A2 Internet Information Protocols


References
References

Pretty Good Privacy – J. Chu

Back, Adam, “PGP Timeline.” “http://www.cypherspace.org/~adam/timeline/”, 1998.

Brown, Lawrie, “Cryptography and Computer Security.”“http://www.cs.adfa.oz.au/teaching/studinfo/csc/lectures/”, 2001.

Davie and Peterson, Larry L., Computer Networks. 2nd ed. Boston: Morgan Kaufmann, 2000. Page 599-601.

Feisthammel, Patrick, “PGP – Pretty Good Privacy.”“http://www.rubin.ch/pgp/pgp.en.html”, 2000.

Gimon, Charles A., “The Phil Zimmerman Case.”“http://www.skypoint.com/members/gimonca/philzima.html”, 1996.

“PGP International Homepage.”“http://www.pgpi.org”, 2001.

“PGP Security BIND vulnerability COVERT CyberCop Gauntlet.”“www.pgp.com”, 2001.

4/17/2001

SC700 A2 Internet Information Protocols


ad