Overview of E-Mail

• From (sender): Alice, To (recipient): Bob

• Email list:
– To: Bob, Carol, David
– CC: Ted, Ulman, Vigenere
– BCC: John, Karl
• Implementation of Email list
– Remote explorer
• Sender sends an email to the server who keeps the email list and distribute
the email to the members in the list
– Local explorer
• Sender gets the list from the server and distributes an email to the
members in the list
• Multiple email list & email list with loop
– Cryptographer list & Cryptanalyst list
 Overview of Email (cont.)
• Local explorer
– Prevent loop
– Prevent duplicate copies
– Easy to deal with billing if needed
• Remote explorer
– to recipients you do not know or are not allowed to
know
– One copy to geographically organized lists
– More efficient if email list is longer than email itself
– Parallelism can be exploited. (do not need to track
down the entire tree of multiple email lists)
 Security services for Email
• Privacy/confidentiality
• Authentication
• Integrity
• Non-repudiation
• Proof of submission (same as certified mail)
• Proof of delivery (same as post mail request return receipt)
• Anonymity
• Message flow confidentiality
• Containment
• Audit
• Accounting
• Self destruct
• Message sequence integrity
 Email servers

POP3: Post Office Protocol, port #110

IMAP: Internet Mail Access Protocol, port #143
SMTP: Simple Main Transfer Protocol, port #25

The picture copied from http://www.howstuffworks.com/email.htm

 Access email via telnet
• USER - enter your user ID
• PASS - enter your password
• QUIT - quit the POP3 server
• LIST - list the messages and their size
• RETR - retrieve a message, pass it a message
number
• DELE - delete a message, pass it a message
number
• TOP - show the top x lines of a message, pass it a
message number and the number of lines
 Secure e-mail
 Alice wants to send confidential e-mail, m, to Bob.
KS

m K (.)
S
KS(m ) KS(m )
KS( ) . m

+ Internet - KS

KS
+.
K ()
B + +
- .
KB ( )
KB(KS ) KB(KS )
+ -
KB
KB

Alice:
 generates random symmetric private key, KS.
 encrypts message with KS (for efficiency)
 also encrypts KS with Bob’s public key.
 sends both KS(m) and KB(KS) to Bob.
(Copied from Dr. Chang’s lecture.)
 Secure e-mail
 Alice wants to send confidential e-mail, m, to Bob.
KS

m K (.)
S
KS(m ) KS(m )
KS( ) . m

+ Internet - KS

KS
+.
K ()
B + +
- .
KB ( )
KB(KS ) KB(KS )
+ -
KB
KB

Bob:
 uses his private key to decrypt and recover KS
 uses KS to decrypt KS(m) to recover m

(Copied from Dr. Chang’s lecture.)

 Secure e-mail (continued)
• Alice
wants to provide sender authentication
message integrity.

- KA
+
KA
- -
m .
H( )
-.
K ()
A
KA(H(m)) KA(H(m)) + .
KA ( )
H(m )

+ Internet - compare

m H( ). H(m )
m

• Alice digitally signs message.

• sends both message (in the clear) and digital signature.

(Copied from Dr. Chang’s lecture.)

 Secure e-mail (continued)
• Alice
wants to provide secrecy, sender authentication,
message integrity.
-
KA
-
m .
H( )
- .
KA ( )
KA(H(m))
KS

+ KS( ) .
m + Internet

KS
+
KB ( )
. +
KB(KS )
+
KB

Alice uses three keys: her private key, Bob’s public

key, newly created symmetric key
(Copied from Dr. Chang’s lecture.)
 Pretty good privacy (PGP)
• Internet e-mail encryption
scheme, de-facto standard.
• uses symmetric key
cryptography, public key
cryptography, hash function,
and digital signature as
described.
• provides secrecy, sender
authentication, integrity.
• inventor, Phil Zimmerman, a
undergraduate from FAU in
1991.
(Copied from Dr. Chang’s lecture.)
A PGP signed message:
---BEGIN PGP SIGNED MESSAGE---
Hash: SHA1
Bob:My husband is out of town
tonight.Passionately yours,
Alice
---BEGIN PGP SIGNATURE---
Version: PGP 5.0
Charset: noconv
yhHJRHhGJGhgg/12EpJ+lo8gE4vB3m
qJhFEvZP9t6n7G6m5Gw2
---END PGP SIGNATURE---
 Pretty Good Privacy (PGP)
• Freeware
• He was the target of a three-year criminal investigation
because of so-call violation of US export law.
• “Although we honest people don’t really think we need to
encrypt our email—we’re not hiding anything– we should
all start encrypting our email so that in case someone
needs privacy, the poor soul won’t arouse suspicion by
being the only one encrypting email.”
• “if privacy is outlawed, only outlaws will have privacy”
 PGP overview
• Not just for email, it performs encryption and
integrity protection on files
– Your email is treated as a file
– Encrypt the file
– Send the encrypted file by regular e-mailer.
– The receiver saves the email to a file and then, decrypt the
file by PGP
• Directly embedded in email for convenience.
• Visit: http://www.pitt.edu/~poole/PGP.htm
 PGP overview — mechanism
• Anybody creates his/her RSA public key and private key (512, 768, or
1024 bits) (automatically generated by PGP)
• Anybody (e.g., Alice) can send encrypted (as well as signed) email to
anybody else (e.g., Bob).
– Generate a one-time random key to encrypt the email using a
secret key system (e.g., IDEA)
– Encrypt the random key with Bob’s public key
– May sign the email with her own private key
– May compress the email before encryption
• Bob can use his private key to decrypt the encrypted email.
– Moreover, “pass phrase” is required for decryption
– The “pass phrase” is typed by Bob when PGP generates RSA keys
for him
 PGP overview—key distribution
• Public key system (RSA), key distribution
– PEM: rigid hierarchy of CAs.
– S/MIME: (being agnostic), assume that a number of
parallel independent hierarchies.
– PGP: anarchy, each user decides which keys to trust.
• You contact Alice in person to get Alice’s public key, and
trust it
• You find the public key of Alice on her web page or from
email, you can copy it to your PGP system to trust it if you
want.
• Public key server (e.g., http://math-www.uni-
paderborn.de/pgp/).
 PGP--certificates
• Certificates are an optional in PGP
– anyone can issue a certificate to anyone else
– If you trust Alice and get Carol’s public key certificate
signed by Alice, you will trust Carol’s public key
– If you get Carol’s two public key certificates, one signed
by Alice, and the other signed by Bob, both Alice and Bob
are trusted by you, then you can trust both Carol’s
certificates.
• Therefore PGP is very flexible and easy to use
 PGP– trust levels
• Problem with PGP anarchistic structure:
– Alice was bribed to issue certificate for Carol
– Alice was sloppy about checking (key,identity) and sign
the certificate.
– Suppose Ted is honest and never sloppy, could you trust
Ted’s signature for Carol’s public key, from whom he
had a bitter divorce?
• Solutions:
– All are determined by yourself
– Give a trust level for a public key
– Given a trust level for the certificates signed by the key
 Certificate and key revocation
• You can revoke (delete) any public key anytime
• A public key of a person can be revoked by the
corresponding private key
• The issuer of a certificate can revoke the
certificate
– Does not mean that the holder of revoked certificate is
a bad person, but the issuers does not want to vouch for
its authenticity.
• Validity period of a key and a certificate
 PGP—key ring
• A data structure containing key materials
– pubring.pgp: containing your public keys, other
people’s public keys, information about people, and
certificates.
– secring.pgp: containing your private keys.
• Three trust levels currently in PGP: none, partial,
complete.
• A trust level of a person may determine the trust
level of the certificates signed by the person.
 PGP--fingerprint
• A short, fixed-seize string intended to be a unique
representation of a string of arbitrary length and
obtained by a one-way hash function.
• For PGP, the fingerprint is a 256 bit string for a
public key (which may be 1024 bits) by MD5
• Purpose of a fingerprint for a public key is for
people to easily remember and verify the public
key