Beruflich Dokumente
Kultur Dokumente
of EEE
4/4/2011 49 4/4/2011 50
4/4/2011 51 4/4/2011 52
Prepared by S.Muralidharan 1
CS65-COMPUTER NETWORKS Dept. of EEE
4/4/2011 53 4/4/2011 55
..contd.
Detailed logic for PGP Authentication 6. He computes the hash of m using SHA-1 and if this
This is a digital signature scheme with hashing. hash value is equal to s then the message is
1. Alice has (private/public) key pair (Ad/Ae) and she authenticated.
wants to send a digitally signed message m to Bob.
2. Alice hashes the message using SHA-1 to obtain Bob is sure that the message is correct and that is
SHA(m). does come from Alice. Furthermore Alice cannot
3. Alice encrypts the hash using her private key Ad to later deny sending the message since only Alice has
obtain ciphertext c given by access to her private key Ad which works in
conjunction with the public key Ae.
c=pk.encryptAd(SHA(m))
4. Alice sends Bob the pair (m,c)
5. Bob receives (m,c) and decrypts c using Alice's public
key Ae to obtain signature s
s=pk.decryptAe(c)
4/4/2011 56 4/4/2011 57
Prepared by S.Muralidharan 2
CS65-COMPUTER NETWORKS Dept. of EEE
4/4/2011 58 4/4/2011 59
Confidentiality pitfall
7. Bob uses the session key k to decrypt the • Note that confidentiality service provides no assurance
ciphertext c and recover the message m to the receiver as to the identity of sender (i.e. no
m=sk.decryptk(c) authentication)
Public and symmetric key cryptosystems are • Only provides confidentiality for sender that only the
combined in this way to provide security for key recipient can read the message (and no one else)
exchange and then efficiency for encryption. The
session key k is used only to encrypt message m
and is not stored for any length of time.
4/4/2011 60 4/4/2011 61
Prepared by S.Muralidharan 3
CS65-COMPUTER NETWORKS Dept. of EEE
PGP Authentication and Confidentiality Detailed logic for PGP Authentication & confidentiality
(at the same time)
The schemes for authentication and confidentiality
can be combined so that Alice can sign a
• Authentication and confidentiality can be confidential message which is encrypted before
combined transmission. The steps required are as follows:
– A message can be both signed and encrypted
1. Alice generates a signature c for her message m as
in the Authentication scheme
• That is called authenticated confidentiality c=pk.encryptAd(SHA(m))
2. Alice generates a random session key k and
• Encryption/Decryption process is “nested” within encrypts the message m and the signature c using
the process shown for authentication alone a symmetric cryptosystem to obtain ciphertext C
C=sk.encryptk(m,c)
4. She encrypts the session key k using Bob’s public
key
k’ = pk.encryptBe(k)
5. Alice sends Bob the values (k’,C)
4/4/2011 62 4/4/2011 63
PGP Compression
6. Bob recieves k’ and C and decrypts k’ using his
PGP can also compress the message if desired. The
private key Bd to obtain the session key k
compression algorithm is ZIP and the decompression
k=pk.decryptBd(k’) algorithm is UNZIP.
7. Bob decrypts the ciphertext C using the session
key k to obtain m and c Detailed logic for PGP Compression
(m,c) = sk.decryptk(C) 1. The original message m is signed as before to obtain
8. Bob now has the message m. In order to c=pk.encryptAd(SHA(m))
authenticate it he uses Alice’s public key Ae to 2. Now the original message m is compressed to obtain
decrypt the signature c and hashes the message m M=ZIP(m)
using SHA-1.
3. Alice generates a session key k and encrypts the
If SHA(m) = pk.decryptAe(c) compressed message and the signature using the
Then the message is authenticated. session key
C=sk.encryptk(M,c)
4. The session key is encrypted using Bob’s public key
4/4/2011 64 4/4/2011 as before. 65
Prepared by S.Muralidharan 4
CS65-COMPUTER NETWORKS Dept. of EEE
5. Alice sends Bob the encrypted session key and • Compression is done after signing the hash
ciphertext C.
– Why?
6. Bob decrypts the session key using his private key and • Saves having to compress document every time you wish to
then uses the session key to decrypt the ciphertext C verify its signature
to obtain M and c
• It is also done before encryption
(M,c) = sk.decryptk(C)
– Why?
7. Bob decompresses the message M to obtain the • To speed up the process (less data to encrypt)
original message m
– Also improves security
m=UNZIP(M) • Compressed messages are more difficult to cryptanalyze as
8. Now Bob has the original message m and signature c. they have less redundancy
He verifies the signature using SHA-1 and Alice’s
public key as before.
Note that the compression is applied after signing
(due to implementation of ZIP) but before encryption
(this strengthens the security of the scheme since the
message has less redundancy after compression)
4/4/2011 66 4/4/2011 67
4/4/2011 68 4/4/2011 69
Prepared by S.Muralidharan 5