No Slide Title
Download
Report
Transcript No Slide Title
ECE-6612
http://www.ece.gatech.edu/~copeland/jac/6612/
Prof. John A. Copeland
[email protected]
404 894-5177
fax 404 894-0035
Office: Klaus 3362
MWF after class; email or call for office visit
Chapter 5a - Pretty Good Privacy (PGP) Email
(aka GPG or GnuPG - Gnu Privacy Guard)
Electronic Mail
In 1982, ARPANET email proposals were published as RFC
821 (www.ietf.org/rfc/rfc0821.txt) and RFC 822
• Email services since are based on these RFC's (+ many later)
• CCITT X.400 & ISO MOTIS grew and waned as competitors
•
"User Agents" UA, and "Message Transfer Agents" MTA
Three parts to an email message:
• Envelope - information used to forward the contents
• Header - standard strings, some added in route.
> To:
Cc:
Bcc:
From:
Sender:
> Received: (added in route), Return-Path: (by final MTA)
> MIME headers added by RFC 1341 and 1521
> A. S. Tanenbaum, "Computer Networks," (3rd ed.) p.651
2
MIME Headers
Multipurpose Internet Mail Extensions (MIME)
RFC 1341 and RFC 1521
• MIME -Version:
• Content-Description:
version number
human-readable string
• Content-ID:
unique identifier
• Content-Transfer-Encoding:
>
>
ASCII (Plain, quoted-printable, or Richtext)
Binary (base64)
• Content-Type:
>
>
>
body encoding
nature of the message
Image (gif, jpeg), Video (mpeg),
Application (Postscript, octet-stream)
A.S.Tanenbaum, "Computer Networks," (3rd ed.) p.653
3
Received: from didier.ee.gatech.edu (didier.ee.gatech.edu
[130.207.230.10]) by eagle.gcatt.gatech.edu (8.8.8+Sun/8.7.1) with
ESMTP id UAA00818 for <[email protected]>; Fri, 30 Jul
1999 20:00:35 -0400 (EDT)
Received: from bwnewsletter.com (gw2.mcgraw-hill.com [198.45.19.20])
by didier.ee.gatech.edu (8.9.0/8.9.0) with ESMTP id UAA16500
for <jcopeland@ ece.gatech.edu >; Fri, 30 Jul 1999 20:00:33 -0400 (EDT)
The last “Received:” line identifies the sender’s IP*
Received: from NOP (152.159.60.175) by bwnewsletter.com with SMTP
(Eudora Internet Mail Server 2.1); Fri, 30 Jul 1999 16:24:21 -0400
Message-Id: <[email protected]>
X-Sender: [email protected] (Unverified)
X-Mailer: Windows Eudora Light Version 1.5.4 (32)
*Gmail and Yahoo now
hide this information on
Mime-Version: 1.0
email from a customer
Date: Fri, 30 Jul 1999 16:21:37 -0400
To: [email protected]
(note: I was on a Bcc: list)
From: BW Online <[email protected]>
Subject: BUSINESS WEEK ONLINE INSIDER -- July 30
Content-Type: text/plain; charset="us-ascii"
Content-Length: 7694
4
$ nslookup -q=MX ee.gatech.edu
(nslookup -> host)
ee.gatech.edu preference = 10,
mail exchanger = mail.ee.gatech.edu
ee.gatech.edu nameserver = eeserv.ee.gatech.edu
ee.gatech.edu nameserver = duchess.ee.gatech.edu
ee.gatech.edu nameserver = didier.ee.gatech.edu
mail.ee.gatech.edu
eeserv.ee.gatech.edu
internet address = 130.207.230.10
internet address = 130.207.230.5
duchess.ee.gatech.edu internet address = 130.207.230.13
didier.ee.gatech.edu
internet address = 130.207.230.10
5
$ nslookup -q=mx mcgraw-hill.com
Non-authoritative answer:
mcgraw-hill.com preference = 20, mail exchanger =
interlock.mgh.com
Authoritative answers can be found from:
mcgraw-hill.com nameserver = NS-01A.ANS.NET
mcgraw-hill.com nameserver = NS-01B.ANS.NET
mcgraw-hill.com nameserver = NS-02A.ANS.NET
mcgraw-hill.com nameserver = NS-02B.ANS.NET
NS-01A.ANS.NET internet address = 199.221.47.7
NS-01B.ANS.NET internet address = 199.221.47.8
NS-02A.ANS.NET internet address = 207.24.245.179
NS-02B.ANS.NET internet address = 207.24.245.178
6
$ nslookup 198.45.19.20
Name: gw2.mcgraw-hill.com
Address: 198.45.19.20
$ nslookup 152.159.60.175
[can also use “host” or “dig”]
*** can't find 152.159.60.175: Non-existent host/domain
$ traceroute 152.159.60.175
[on MS Windows, open DOS, type “tracert”]
1 24.88.12.129
(24.88.12.129 ): 17ms
2 stn-mtn-rtrb.atl.mediaone.net. (24.88.0.254 ): 18ms
3 24.93.64.69
(24.93.64.69 ): 20ms
4 24.93.64.61
(24.93.64.61 ): 17ms
5 24.93.64.57
(24.93.64.57 ): 25ms
6 sgarden-sa-gsr.carolina.rr.com. (24.93.64.30 ): 26ms
7 roc-gsr-greensboro-gsr.carolina. (24.93.64.17 ): 29ms
8 24.93.64.45
(24.93.64.45 ): 38ms
9 sjbrt01-vnbrt01.rr.com.
(24.128.6.6 ): 41ms
10 pnbrt01-vnbrt01.rr.com.
(24.128.6.85 ): 42ms
11 p217.t3.ans.net.
(192.157.69.52 ): 51ms
12 h13-1.t32-0.new-york.t3.ans.net. (140.223.33.21 ): 49ms
13 f0-0.cnss33.new-york.t3.ans.net. (140.222.32.193 ): 53ms
14 s0.enss3339.t3.ans.net.
(199.222.77.70 ): 61ms
15 *
*
*
16 *
*
*
7
$ whois 152.159.60.175
OrgName: McGraw Hill, Inc
OrgID: MCGRAW
Address: 148 Princeton Htstown Rd
City:
Hightstown
StateProv: NJ
PostalCode: 08520
Country: US
RTechHandle: MW1053-ARIN
RTechName: Weyman, Mike
RTechPhone: +1-555609-426-5291
RTechEmail: [email protected]
RTechHandle: JGE8-ARIN
RTechName: Gervasio, John
RTechPhone: +1-555-426-5017
RTechEmail: [email protected]
NetRange: 152.159.0.0 - 152.159.255.255
OrgTechHandle: HOSTM339-ARIN
CIDR:
152.159.0.0/16
OrgTechName: hostmaster
NetName: MHP-NET
NameServer: AUTH111.NS.UU.NET OrgTechPhone: +1-555-426-5291
NameServer: AUTH120.NS.UU.NET OrgTechEmail: [email protected]
Comment:
RegDate: 1992-03-18
Updated: 2004-04-01
# ARIN WHOIS database, last updated 2006-09-24 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
8
Security Services for Email
Privacy - only read by intended recipient
(confidentiality, access, authorization)
Authentication - confidence in ID of sender
Non-repudiation - proof that sender sent it (attribution)
Integrity - assurance of no data alteration
Less Common:
Proof of submission - was sent to email server
Proof of delivery - was received by addressee
9
Investigating Email You Receive
Look at “Raw” or “Source” Message to see:
Headers
HTML Links
Investigate
Source (who sent it) “Lowest Received:” header
Active Links in
<a href= “http://{IP or URL}”>, {text} </a>
Image Links in
<img src=“{URL or filename}” </img>
Programs to Use
nslookup - IP from URL, or URL from IP
whois - Register of domain (not URL)
traceroute - path of packets through routers
10
Privacy
Establishing Keys
• Public Key Certification
• Exchange Public Keys
Multiple Recipients
• Encrypt message m with session key, S
• Encrypt S with each recipient's key
• Send: {S; Kbob}, {S; Kann}, ... , {m; S}
Authentication of Source
• Hash (MD4, MD5, SHA1) of message, encrypt with
private key (provides ciphertext/plaintext pair)
• Secret Key K: MIC is hash of K+m, or CBC residue
with K (assuming message not encrypted with K).
11
Message Integrity
The source authentication methods that
include a hash of the message provide MIC
Non-repudiation
Private-key signing provides non-repudiation.
Secret-key method requires a "Notary" to
"Sign" a time-stamp + hash of the message
Proof of Delivery
Acknowledge before reading - can't prove m was read.
Acknowledge after - may have read without signing.
12
Names and Addresses
X.500 Name (ISO standard)
• ?/C=US/O=CIA/OU=drugs/PN='Manny Norriega'
Internet Name
• [email protected] or [email protected]
• <user account name> @ <DNS host name or alias>
• using the alias "mail" lets mail server program be
moved from one host to another
• in gatech.edu domain, "mail" is an alias for
"vip1.ecc".
Old message - later Non-reputiation
• Need Notary to sign hash of message, Certificate
used to authenticate Public Key, and current CRL
13
PGP Email:
Sign (optional)
before Encryption
(also optional)
From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com
14
with signature
attached if
there is one
How PGP Encryption Works
R64 Encoding
From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com
15
PGP Format
Sender
Public key
Private key
1. ZIP Compress
2. Encrypt with Session Key
3. Encode to text with R64
16
PGP Email Receiver
Typed Passphrase
Private Key Ring
Public Key Ring
H - Hash
DC - Symmetric
Decryption
DP - Pub./Priv.
Decryption
Receiver’s
Private Key
Sender’s
Public Key
Session Key
ZIP Decompress
R64 Decode to binary
p.144-145 ed.3
Message
Check Signature
17
R64 Encode: Every 3 bytes split into 4 6-bit numbers
011001001011010101101010
n = 0 to 63
*
01011001 01001011 01010101 01101010
printable characters a-z A-Z 0-9 + /
in a received message, “=“, “>”, CR, LF, ... are ignored
* for most 6-bit inputs, R64(n) just adds 64 (puts an “01” in front)
18
ASCII Characters used for R64 Encoding
= used
to pad
19
To: ”Jim Jones" <[email protected]>
From: John Copeland <[email protected]>
Subject: ECE8813 : PGP Endeavor...
Cc:
Bcc:
X-Attachments:
-----BEGIN PGP MESSAGE----(both 5 –’s required)
Version: PGPfreeware 6.5.2 for non-commercial <http://www.pgp.com>
(blank line required)
qANQR1DBwU4D6cjDU+QAxCwQB/9IZFOIuDSIIQbwa28SQ63DDioFb4bH4bmKfopX
cvdDVQ1X53fSJzyLt12RslfQToje8YxRNidYMNg1zDTT7CR9q7LRFoAwBFVtQhWJ
jFNXn1+aE8oePReMi6vS0DXSSDfgDuUb1R+c8htHoeik6Oebe9R90J3d51yyCojV
AHT01kWlpvJIZGKyT3PdCh9wlr1hQsUGto10t32fBGsJCXew/EClb554AnyYSzP8
KAjuw1NdKOBlze0DCiO6Z5z+DAxAwlqTxcm42tthF5zFbTk4UKV6ORzIuHmRO7xR
5Io5nlM7T11PDaWqsjLr2ttrSySzARt5fAJ9l1mOH+hSl1YebRjZPaxWw+bsYuqN
a0GYr2UdwgE1u5HQuhZ+bOIbSliShfKiNuDGHe6VJrchROHnC9Po2JWAOD7wMFq6
STZ/MPGzViaCUaaWPLSKleiURUh4Ly5/LaNYkaumO9vh+241FPqtZKqRVmHRg6dY
UdgoI3yfc3JrvepFQT1yeRjEVrLQiUtyhcwdVoLjofgerGAfe3YuDCxM6wLIuCf7
Ro9edu01qTiXJj25cXHxeNMdA1txLxR3ontbExow+ML5kxs=
=68Hd
-----END PGP MESSAGE----(both 5 –’s required)
Radix-64 encoding of a binary (all 8-bit bytes) message 6-bits at a time into 64 printable
ASCII characters (A-Z, a-z , 0-9, +, / bytes 65-90, 97-122, 48-57, 47, 43) pad with =.
20
21
Public Key Information - PGP Commercial
22
PGP Certificates
Anyone can issue a Certificate to anyone, including
themselves. Certificates can be revoked by the
issuer, if a Certificate-Server is used that has a
Revocation Database.
Privacy Enhanced Mail, another standard
Where PEM expands data into canonical form,
• (+33% for text, +78% after encryption & R64)
PGP compresses data using ZIP(-50%),
encrypts (optional), then converts to
R64 encoding (+33%)
23
Things of which to be aware
• Neither PEM nor PGP encodes mail headers
• Subject can give away useful info
•To and From give an intruder traffic analysis info
• PGP gives recipient the original file name and
modification date.
• PEM may be used in a local system with
unknown trustworthiness of certificates
• Certificates often verify that sender is "John Smith" but he
may not be the "John Smith” you think. Anyone can copy
pictures from the Web)
• Public PGP Key servers allow anyone to send you PGP
encrypted mail, but their signature is easily forged. They
can give your name & mail address to spammers. Avoid
them. Get PGP keys directly from owners.
24
http://www.gnupg.org/
GPGTools
Includes binaries for
GnuPG.
https://www.gpgtools.org
Email Program
http://www.mozilla.org/en-US/thunderbird/
https://addons.mozilla.org/en-US/
thunderbird/addon/enigmail/
(Extension for Thunderbird)
25
Using GnuPG (PGP)
Install GPGTools : now you have the command line programs
available to generate keys, maintain key-chain files, convert text
files (.asc) into encrypted and/or signed ciphertext files (.pgp).
The .pgp files can be emailed as attachments or, if the are
“armored” (R64 encoded,) they can be pasted into the body of an
email message.
Install Thunderbird email program. Under the “Tools” menu,
select “Add-ons”. In the box at upper right that says “Search all
add-ons”, type “Enigmail”. If found, install it; otherwise
download the .xpi file from the link on previous slide, and then
try again. Once installed you will see in the top Thunderbird
menu “OpenPGP” next to “Tools”
26
Using Thunderbird with Enigmail (Open PGP)
Read: http://support.gpgtools.org/kb/how-to/first-steps-wheredo-i-start-where-do-i-begin (link) for critical stuff like this:
“You need (to send PGP mail):
> a secret key matching the mail address you want to write
from (see Mail.app >Settings > Accounts)
> the public key of the recipient
> recipients and senders mail address have to perfectly match the
mail addresses (as IDs) in the keys being used.
Important: For the Encrypt button to become available, you need
to enter the recipients mail address - only then will that button be
enabled (and only if you have the matching Public Key).”
27
Configuring Thunderbird for GT Mail
Top Menu: File / New / Existing Mail Account ...
Type in your User Name and password. Thunderbird will try to set up the
configuration automatically, and fail. Then you can input the following
information:
User Name: (your GT id – primary mail name)
Receiving Mail
Server Protocol: imap (or pop – if you want to download mail)
Server Name: imap.mail.gatech.edu (or pop.mail.gatech.edu)
Server Port: 995
Security: SSL/TLS
Authentication: Normal Password
Sending Mail
Server Protocol: smtp
Server Name: smtp.mail.gatech.edu
Server Port: 465
Security: SSL/TLS
Authentication: Normal Password
28
A PGP Email or .asc File Looks Like This:
http://cryptome.org/jya/openpgp-01.htm
-----BEGIN PGP MESSAGE----Version: 9.9.1.287
Comment: Do not worry about "UNTRUSTED Good Signature"
qANQR1DBwEwD7GfrZjlPkZ0BB/9YW6/cTpNVkwdyuTmlo/fcTB0lIjy6C4LnUtx2
10BwJCwdcFHcIkS9Iw0+/9wKNafArxciCwpSM2BBYePksl2JQUf7in8MILirKtd6
Foy9yEJmtD5JzaVDF1tYElT9ntzNk2jvcengkD/PhkmEaT+VIY1Cw5Bf5HP6OPOE
J4RqTRjaGjkGrmcP3zywjESzfk0iN2z2mtsDHufFqJ0hvQAusAZ2c5GjK9jUsvHy
8gzBW9aFlINHpWL90G3XGtaKfudM9QGTjXIs99Pfdj08jUd/xSn+FsDW6ulhlluW
pCwohtN06qN6VvI2vbC3eGV5RCd+5b6iR3O26hY/NOssjI5jwcBOA72/fxTdBTHg
EAP8DJVFBQzRjn2RBWr7Bo+zV3DlHXMr9kU02szQ+h4WNU7ffEakhlnwDoqnHvh3
QfH/8G7heOlGjM3hITZj8rw66OQ/s4o/8o7N1wERhJYc4/oWOmAopyy8jIliB9AK
n90fKWbfrTUrShF1qJdQuLMV0E30lHsKDKDyZ9vhklt2D20D/3Yl0zRlEk4w5x9c
i3mZC2XpKsgmttRABg65R1E4tQqPNiQTuL3YrpQfgLT9rMpW5UmyppSuZvD9CpsW
IG7I8MT33eY5Eh4twTdErvpXN+uUWDadiPb6J8ifpBfzhuzWhiom7KAI3+4y6OX5
sYyyZHtqxNxg6ziZ76B/H+/vaegD0sBrATEJtdnDAipPogZYAzwuQ8PCO985wHuu
2aFbPaVqLPMWwwFck3bvV46E49RWIPgkJmpMiimaG236HdQbF4nhZgUjfggGE3cm
qP9eChxuV8kyZLIgkh1CaKP/XQSZlpl2js+D0M1Mq6ef4BZ3BNW+TPLjYNGM1Yt/
+0NlLn+AxUvZmVNJvuxdeNKIn7jkpK5w466wRaiffujLzwJdzwISIofm7oEp88dP
A9udzotKGM+FOHi3tHwPiox+l/PdMv34AlMPY2c2qDEcwBSKAYR8ASBM/nulY6bK
wZwbYGlSdxT/FTDb9i32+WuUU7HeUPZvFizUIPwFzPeI8RlkaLdhsElmbPuGar5l
C7PMoOHuCnnSB4DdgUEqM5ScJRI6ToGDAjh3XZ9BRwfD0O8=
=auCB
-----END PGP MESSAGE-----
Syntax
Start
Comments
“
1 Blank Line
R64 <=78 char.
“
“
‘
“
“
“
“
“
“
“
“
“
“
“
“
“ (pad =‘s)
= Checksum
Stop
29