ECE 646 – Lecture 4 Pretty Good Privacy PGP Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 6/E or 7/E Chapter 19.1 Pretty Good Privacy (PGP) On-line Chapters (available after registration): Appendix O Data Compression Using Zip Appendix P More on PGP Short History of PGP based on the book Crypto by Steven Levy Phil Zimmermann – early years • grew up in Florida, got interested in cryptography in teenage years • studied physics at Florida Atlantic University, 1972-1977 • learned about RSA shortly after its discovery, from the Mathematical Recreational column in Scientific American • became active in the antinuclear political movement of 1970s-1980s Collaboration with Charlie Merritt • in 1984, Zimmermann was contacted by Charlie Merritt, who implemented RSA on a microcomputer based on Z80 8-bit microprocessor • by 1986, Merritt passed to Zimmermann all his knowledge of multiprecision integer arithmetic required to implement RSA • In 1986, Merritt and Zimmermann met with Jim Bidzos, the new CEO of RSA Data Security Inc., who brought with him a copy of Mailsafe, a program written by Rivest and Adleman, implementing RSA. After the meeting: • Zimmermann claimed that Bidzos offered him a free license to RSA • Bidzos strongly denied such claims Early Work (1986-1991) • in 1986, Zimmermann summarized his ideas in the paper published in IEEE Computer • As a secret key cipher he chose a cipher developed by Merritt for navy, with his own security improvements. He called this cipher Bass-O-Matic, see http://www.nbc.com/saturday-night-live/video/bassomatic/n8631?snl=1 • in 1990, he devoted his time completely to finishing the program he called Pretty Good Privacy • In 1990 he called Jim Bidzos to confirm his free RSA license. Bidzos strongly denied ever making such offer. Release of PGP 1.0 - 1991 • In 1991, out of the fear of the government making all encryption illegal (prompted by an antiterrorist Senate bill 266 co-sponsored by Joe Biden) he decided to release PGP as soon as possible, and changed its classification from "shareware" to "freeware" • In May 1991, Zimmermann passed the program to a fellow crypto enthusiast to spread it on the Internet "like dandelion seeds" Release of PGP 1.0 - 1991 • In the first weekend of June 1991, PGP 1.0 was uploaded to multiple servers (all located in the U.S.). Its documentation included a motto: "When crypto is outlawed, only outlaws will have crypto". • The very next day people were encrypting messages with PGP all over the world (in violation of the U.S. crypto export regulations) Legal Problems • RSA Data Security Inc. and Public Key Partners accused Zimmermann of violating their patents • PGP 2.0, released in September 1992 from Amsterdam and Auckland, replaced Bass-O-Matic by a much stronger Swiss cipher called IDEA with the 128-bit key • In February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license”. In 1996, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else. • PGP 5 released in 1997 introduced use of the CAST-128 symmetric key algorithm, and the ElGamal asymmetric key algorithm (referred in the documentation as Diffie- Hellman), mitigating patent dispute with RSA Data Security Inc. and PKP. Later Years • In 1997, IETF (Internet Engineering Task Force) started the development of a standard called OpenPGP • The Free Software Foundation has developed its own OpenPGP-compliant program called GNU Privacy Guard (abbreviated GnuPG or GPG) • Most recently, several iOS and Android OpenPGP- compliant applications have been released, such as iPGMail for iOS and APG for Android Internal Operation of PGP: Implementation of Security Services PGP – Authentication Only Notation: M - message H – hash function EP – public key encryption || - concatenation Z - compression using ZIP algorithm KRa – private key of user A KUa – public key of user A Non-repudiation Alice Bob Message Signature Message Signature Hash Hash function function Hash value 1 Hash value yes no Hash value 2 Public key Public key cipher cipher Alice’s private key Alice’s public key PGP – Confidentiality Only Notation: M - message Z - compression using ZIP algorithm EC / DC – classical (secret-key) encryption / decryption EP / DP – public key encryption / decryption || - concatenation Ks - session key KRb – private key of user B KUb – public key of user B Hybrid Systems - Sender’s Side (2) Alice message session key 1 random Secret key cipher 2 Public key cipher Bob’s public 3 key Session key Message encrypted encrypted using using session key Bob’s public key Hybrid Systems - Receiver’s Side (2) Bob message session key 2 random Secret key cipher 1 Public key cipher Bob’s private key Session key Message encrypted encrypted using using session key Bob’s public key PGP – Confidentiality and Authentication Notation: M - message H – hash function Z - compression using ZIP algorithm EP / DP – public key encryption / decryption || - concatenation EC / DC – classical (secret-key) encryption / decryption Ks - session key KRa / KRb – private key of user A / B KUa / KUb – public key of user A / B Transmission and Reception of PGP Messages [Stallings, 2014] PGP Operation – Compression • by default PGP compresses message after signing but before encrypting – so can store uncompressed message & signature for later verification – because compression is non deterministic • uses ZIP compression algorithm Major idea behind ZIP compression [Stallings, 2014] Radix-64 Conversion The '==' sequence indicates that the last group contained only one byte, and '=' indicates that it contained two bytes. [Stallings, 2014] Radix-64 Encoding [Stallings, 2014] Radix-64 Conversion Example General Format of PGP Message [Stallings, 2014] Summary of PGP functions [Stallings, 2010] Private Key Ring [Stallings, 2014] Public Key Ring [Stallings, 2014] PGP Message Generation (without compression or radix-64 conversion) [Stallings, 2014] PGP Message Reception (without compression or radix-64 conversion) [Stallings, 2014] PGP: Flow of trust Manual exchange of public keys: Las Vegas Edinburgh Bob Û David David Û Betty Bob David Betty (Washington) (New York) (London) David, send me Betty’s public key Betty’s public key signed by David message encrypted using Betty’s public key PGP Trust Model [Stallings, 2010].