ECE 646 – Lecture 4 Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 6/E or 7/E Pretty Good Privacy Chapter 19.1 Pretty Good Privacy (PGP) PGP On-line Chapters (available after registration): Appendix O Data Compression Using Zip Appendix P More on PGP Phil Zimmermann – early years • grew up in Florida, got interested in cryptography in teenage years • studied physics at Florida Atlantic Short History of PGP University, 1972-1977 based on the book Crypto • learned about RSA shortly after its discovery, from the Mathematical by Steven Levy Recreational column in Scientific American • became active in the antinuclear political movement of 1970s-1980s 1 Collaboration with Charlie Merritt Early Work (1986-1991) • in 1984, Zimmermann was contacted by Charlie Merritt, who implemented RSA on a microcomputer based on Z80 • in 1986, Zimmermann summarized his ideas in the paper 8-bit microprocessor published in IEEE Computer • by 1986, Merritt passed to Zimmermann all his knowledge • As a secret key cipher he chose a cipher developed by of multiprecision integer arithmetic required to implement Merritt for navy, with his own security improvements. RSA He called this cipher Bass-O-Matic, see • In 1986, Merritt and Zimmermann met with Jim Bidzos, http://www.nbc.com/saturday-night-live/video/bassomatic/n8631?snl=1 the new CEO of RSA Data Security Inc., who brought with him a copy of Mailsafe, a program written by Rivest and • in 1990, he devoted his time completely to finishing the Adleman, implementing RSA. After the meeting: program he called Pretty Good Privacy • Zimmermann claimed that Bidzos offered him a free • In 1990 he called Jim Bidzos to confirm his free RSA license. license to RSA Bidzos strongly denied ever making such offer. • Bidzos strongly denied such claims Release of PGP 1.0 - 1991 Release of PGP 1.0 - 1991 • In 1991, out of the fear of the government making all • In the first weekend of June 1991, PGP 1.0 was uploaded encryption illegal (prompted by an antiterrorist Senate bill to multiple servers (all located in the U.S.). Its 266 co-sponsored by Joe Biden) he decided to release PGP documentation included a motto: "When crypto is as soon as possible, and changed its classification from outlawed, only outlaws will have crypto". "shareware" to "freeware" • The very next day people were encrypting messages with • In May 1991, Zimmermann passed the program to a fellow PGP all over the world (in violation of the U.S. crypto crypto enthusiast to spread it on the Internet "like export regulations) dandelion seeds" 2 Legal Problems Later Years • RSA Data Security Inc. and Public Key Partners accused Zimmermann of violating their patents • In 1997, IETF (Internet Engineering Task Force) started • PGP 2.0, released in September 1992 from Amsterdam and the development of a standard called OpenPGP Auckland, replaced Bass-O-Matic by a much stronger Swiss cipher called IDEA with the 128-bit key • The Free Software Foundation has developed its own • In February 1993 Zimmermann became the formal target OpenPGP-compliant program called GNU Privacy Guard of a criminal investigation by the US Government for (abbreviated GnuPG or GPG) "munitions export without a license”. In 1996, the investigation of Zimmermann was closed without filing • Most recently, several iOS and Android OpenPGP- criminal charges against him or anyone else. compliant applications have been released, such as • PGP 5 released in 1997 introduced use of the CAST-128 iPGMail for iOS and APG for Android symmetric key algorithm, and the ElGamal asymmetric key algorithm (referred in the documentation as Diffie- Hellman), mitigating patent dispute with RSA Data Security Inc. and PKP. PGP – Authentication Only Internal Operation of PGP: Implementation of Security Services Notation: M - message H – hash function EP – public key encryption || - concatenation Z - compression using ZIP algorithm KRa – private key of user A KUa – public key of user A 3 Non-repudiation PGP – Confidentiality Only Alice Bob Message Signature Message Signature Hash Hash function function Hash value 1 Notation: M - message Hash value Z - compression using ZIP algorithm yes no EC / DC – classical (secret-key) encryption / decryption EP / DP – public key encryption / decryption Hash value 2 Public key Public key || - concatenation cipher cipher Ks - session key KRb – private key of user B Alice’s private key Alice’s public key KUb – public key of user B Hybrid Systems - Sender’s Side (2) Hybrid Systems - Receiver’s Side (2) Alice Bob message message session key session key 2 1 random Secret random Secret key cipher key cipher 1 2 Public Public key cipher Bob’s key cipher Bob’s public 3 private key key Session key Message encrypted Session key encrypted using Message encrypted using session key encrypted using Bob’s public key using session key Bob’s public key 4 PGP – Confidentiality and Authentication Transmission and Reception of PGP Messages Notation: M - message H – hash function Z - compression using ZIP algorithm EP / DP – public key encryption / decryption || - concatenation EC / DC – classical (secret-key) encryption / decryption Ks - session key KRa / KRb – private key of user A / B KUa / KUb – public key of user A / B [Stallings, 2014] PGP Operation – Compression Major idea behind ZIP compression • by default PGP compresses message after signing but before encrypting – so can store uncompressed message & signature for later verification – because compression is non deterministic • uses ZIP compression algorithm [Stallings, 2014] 5 Radix-64 Encoding Radix-64 Conversion The '==' sequence indicates that the last group contained only one byte, and '=' indicates that it contained two bytes. [Stallings, 2014] [Stallings, 2014] Radix-64 Conversion General Format of PGP Message Example [Stallings, 2014] 6 Summary of PGP functions Private Key Ring [Stallings, 2010] [Stallings, 2014] PGP Message Generation Public Key Ring (without compression or radix-64 conversion) [Stallings, 2014] [Stallings, 2014] 7 PGP Message Reception PGP: Flow of trust (without compression or radix-64 conversion) Manual exchange of public keys: Las Vegas Edinburgh Bob Û David David Û Betty Bob David Betty (Washington) (New York) (London) David, send me Betty’s public key Betty’s public key signed by David message encrypted using Betty’s public key [Stallings, 2014] PGP Trust Model [Stallings, 2010] 8.