Scribd
Upload
5 views

Lecture 4.3

The document discusses Kerberos authentication protocol and Pretty Good Privacy (PGP) for securing email communications. It describes how Kerberos uses a key distribution center and ticket granting servers. It also explains how PGP uses public-key cryptography and a web of trust model to provide encryption and digital signatures for emails.

Uploaded by

GAURAV TIWARI
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

Lecture 4.3

The document discusses Kerberos authentication protocol and Pretty Good Privacy (PGP) for securing email communications. It describes how Kerberos uses a key distribution center and ticket granting servers. It also explains how PGP uses public-key cryptography and a web of trust model to provide encryption and digital signatures for emails.

Uploaded by

GAURAV TIWARI
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Cryptography & Network Security

Subject Code: KCS074

Dr. Pankaj Kumar


Associate Professor

Department of Computer Science & Engineering


Pranveer Singh Institute of Technology, Kanpur, India

December 28, 2023


Kerberos

• Kerberos is an authentication protocol, and at the same time a KDC,


that has become very popular.
• Several systems, including Windows 2000, use Kerberos. Originally
designed at MIT, it has gone through several versions.

Dr. Pankaj Kumar December 28, 2023 2/21


Public Key Distribution

Trusted Center:

Dr. Pankaj Kumar December 28, 2023 3/21


Kerberos

Kerberos Servers:
• Authentication ServerThe authentication server (AS) is the KDC in
the Kerberos protocol.
• Ticket-Granting Server (TGS): The ticket-granting server (TGS)
issues a ticket for the real server (Bob).
• Real Server: The real server (Bob) provides services for the user.

Dr. Pankaj Kumar December 28, 2023 4/21


Public Key Distribution

Example:

Dr. Pankaj Kumar December 28, 2023 5/21


Kerberos Version-5

The minor differences between version 4 and version 5 are briefly listed
below:
1 Version 5 has a longer ticket lifetime.
2 Version 5 allows tickets to be renewed.
3 Version 5 can accept any symmetric-key algorithm.
4 Version 5 uses a different protocol for describing data types.
5 Version 5 has more overhead than version 4.

Dr. Pankaj Kumar December 28, 2023 6/21


E-mail-Security

E-mail architecture:

Dr. Pankaj Kumar December 28, 2023 7/21


E-mail-Security

• In e-mail security, the sender of the message needs to include the name
or identifiers of the algorithms used in the message.
• Certificates: It is obvious that some public-key algorithms must be
used for e-mail security.

Remark: In e-mail security, the encryption/decryption is done using a


symmetric-key algorithm, but the secret key to decrypt the message is en-
crypted with the public key of the receiver and is sent with the message.

Dr. Pankaj Kumar December 28, 2023 8/21


E-mail-Security

Pretty Good Privacy (PGP):


• Pretty Good Privacy, is a widely used method of securing email commu-
nications through encryption and authentication. It uses a combination
of symmetric-key and public-key cryptography to provide privacy and
ensure the integrity of email messages.

Dr. Pankaj Kumar December 28, 2023 9/21


How PGP E-mail-Security Works

1 Key generation
2 Encryption
3 Digital Signature
4 Key distribution
5 Web of trust
6 Key revocation
7 Compatibility
8 OpenPGP Standard

Dr. Pankaj Kumar December 28, 2023 10/21


How PGP E-mail-Security Works

• Key generation: Each user has a pair of cryptographic keys: a public


key and a private key. The public key is shared openly, while the private
key is kept secret.
• Encryption: When a user wants to send an encrypted message, they
use the recipient’s public key to encrypt the message. Only the recipi-
ent, who possesses the corresponding private key, can decrypt and read
the message.
• Digital Signature: PGP also provides a way for users to digitally sign
their messages. This involves using the sender’s private key to create
a digital signature, which is attached to the message. The recipient
can use the sender’s public key to verify the signature and confirm the
message’s authenticity.

Dr. Pankaj Kumar December 28, 2023 11/21


How PGP E-mail-Security Works

• Key distribution: Public keys are distributed and stored in a public


directory, usually on a key server. Users can retrieve the public keys of
others from this directory when needed.
• Web of Trust: PGP relies on a concept called the ”web of trust.” Users
can sign each other’s public keys to verify their authenticity. This builds
a network of trust relationships, enhancing the overall security of the
system.
• Key revocation: If a user’s private key is compromised or lost, they
can revoke the key by publishing a revocation certificate. This informs
others not to trust that specific public key anymore.

Dr. Pankaj Kumar December 28, 2023 12/21


How PGP E-mail-Security Works

• Compatibility: PGP is compatible with various email clients and plat-


forms. Users can use PGP plugins or standalone applications to inte-
grate PGP functionality into their email workflow.
• OpenPGP standard: PGP follows the OpenPGP standard, allowing
different PGP implementations to interoperate. OpenPGP defines the
format for encrypted messages, digital signatures, and key manage-
ment.

Dr. Pankaj Kumar December 28, 2023 13/21


How PGP E-mail-Security Works

Summary:
• PGP provides a robust and widely adopted framework for securing email
communications.
• It addresses confidentiality through encryption.
• It ensures message integrity through digital signatures.
• It establishes a web of trust to enhance the reliability of public keys.
While PGP is effective, it requires some effort from users to manage
their keys and build trust relationships within the web of trust.

Dr. Pankaj Kumar December 28, 2023 14/21


PGP E-mail-Security

PGP Packet Format:

Dr. Pankaj Kumar December 28, 2023 15/21


PGP E-Mail Security

PGP Services:
• Digital signature: DSS/SHA or RSA/SHA.
• Message encryption: Cast-128, IDEA, or 3-DES.
• One-time session key: For each email message.
• Session key distribution: Diffie-Hellman key-exchange protocol or
RSA.
• Message Compression: with ZIP.
• Email compatible: Radix-64 binary-to-ASCII conversion.
• Segmentation: To accommodate max message size limitatiosn

Dr. Pankaj Kumar December 28, 2023 16/21


PGP E-mail-Security

PGP Services: Confidentiality with One-Time Session Key

Dr. Pankaj Kumar December 28, 2023 17/21


PGP E-Mail Security

PGP Services:
• Code conversion:Another service provided by PGP is code conversion.
PGP uses Radic-64 conversion
• Segmentation: PGP allows segmentation of the messages.

Dr. Pankaj Kumar December 28, 2023 18/21


PGP E-Mail Security

PGP Certificates:
• X.509 Certificates: Protocols that use X.509 certificates depend on
the hierarchical structure of the trust.
• In X.509, there is a single path from the fully trusted authority to any
certificate.
• In PGP, there is no need for CAs; anyone in the ring can sign a certifi-
cate for anyone else in the ring.
Remark: In PGP, there can be multiple paths from fully or partially trusted
authorities to any subject.

Dr. Pankaj Kumar December 28, 2023 19/21


PGP E-Mail Security

PGP Certificates:
• Trust and Legitimacy: The entire operation of PGP is based on
introducer trust, the certificate trust, and the legitimacy of the public
keys.

Dr. Pankaj Kumar December 28, 2023 20/21


Thank You!

Dr. Pankaj Kumar December 28, 2023 21/21

You might also like