Sunteți pe pagina 1din 19

Overview of E-Mail

• From (sender): Alice, To (recipient): Bob

• Email list:
– To: Bob, Carol, David
– CC: Ted, Ulman, Vigenere
– BCC: John, Karl
• Implementation of Email list
– Remote explorer
• Sender sends an email to the server who keeps the email list and distribute
the email to the members in the list
– Local explorer
• Sender gets the list from the server and distributes an email to the
members in the list
• Multiple email list & email list with loop
– Cryptographer list & Cryptanalyst list
Overview of Email (cont.)
• Local explorer
– Prevent loop
– Prevent duplicate copies
– Easy to deal with billing if needed
• Remote explorer
– to recipients you do not know or are not allowed to
– One copy to geographically organized lists
– More efficient if email list is longer than email itself
– Parallelism can be exploited. (do not need to track
down the entire tree of multiple email lists)
Security services for Email
• Privacy/confidentiality
• Authentication
• Integrity
• Non-repudiation
• Proof of submission (same as certified mail)
• Proof of delivery (same as post mail request return receipt)
• Anonymity
• Message flow confidentiality
• Containment
• Audit
• Accounting
• Self destruct
• Message sequence integrity
Email servers

POP3: Post Office Protocol, port #110

IMAP: Internet Mail Access Protocol, port #143
SMTP: Simple Main Transfer Protocol, port #25

The picture copied from

Access email via telnet
• USER - enter your user ID
• PASS - enter your password
• QUIT - quit the POP3 server
• LIST - list the messages and their size
• RETR - retrieve a message, pass it a message
• DELE - delete a message, pass it a message
• TOP - show the top x lines of a message, pass it a
message number and the number of lines
Secure e-mail
 Alice wants to send confidential e-mail, m, to Bob.

m K (.)
KS(m ) KS(m )
KS( ) . m

+ Internet - KS

K ()
B + +
- .
KB ( )
+ -

 generates random symmetric private key, KS.
 encrypts message with KS (for efficiency)
 also encrypts KS with Bob’s public key.
 sends both KS(m) and KB(KS) to Bob.
(Copied from Dr. Chang’s lecture.)
Secure e-mail
 Alice wants to send confidential e-mail, m, to Bob.

m K (.)
KS(m ) KS(m )
KS( ) . m

+ Internet - KS

K ()
B + +
- .
KB ( )
+ -

 uses his private key to decrypt and recover KS
 uses KS to decrypt KS(m) to recover m

(Copied from Dr. Chang’s lecture.)

Secure e-mail (continued)
• Alice
wants to provide sender authentication
message integrity.

- KA
- -
m .
H( )
K ()
KA(H(m)) KA(H(m)) + .
KA ( )
H(m )

+ Internet - compare

m H( ). H(m )

• Alice digitally signs message.

• sends both message (in the clear) and digital signature.

(Copied from Dr. Chang’s lecture.)

Secure e-mail (continued)
• Alice
wants to provide secrecy, sender authentication,
message integrity.
m .
H( )
- .
KA ( )

+ KS( ) .
m + Internet

KB ( )
. +

Alice uses three keys: her private key, Bob’s public

key, newly created symmetric key
(Copied from Dr. Chang’s lecture.)
Pretty good privacy (PGP)
• Internet e-mail encryption A PGP signed message:
scheme, de-facto standard.
• uses symmetric key Hash: SHA1
cryptography, public key
cryptography, hash function, Bob:My husband is out of town
and digital signature as tonight.Passionately yours,
described. Alice
• provides secrecy, sender
authentication, integrity. Version: PGP 5.0
• inventor, Phil Zimmerman, a Charset: noconv
undergraduate from FAU in yhHJRHhGJGhgg/12EpJ+lo8gE4vB3m
1991. qJhFEvZP9t6n7G6m5Gw2

(Copied from Dr. Chang’s lecture.)

Pretty Good Privacy (PGP)
• Freeware
• He was the target of a three-year criminal investigation
because of so-call violation of US export law.
• “Although we honest people don’t really think we need to
encrypt our email—we’re not hiding anything– we should
all start encrypting our email so that in case someone
needs privacy, the poor soul won’t arouse suspicion by
being the only one encrypting email.”
• “if privacy is outlawed, only outlaws will have privacy”
PGP overview
• Not just for email, it performs encryption and
integrity protection on files
– Your email is treated as a file
– Encrypt the file
– Send the encrypted file by regular e-mailer.
– The receiver saves the email to a file and then, decrypt the
file by PGP
• Directly embedded in email for convenience.
• Visit:
PGP overview — mechanism
• Anybody creates his/her RSA public key and private key (512, 768, or
1024 bits) (automatically generated by PGP)
• Anybody (e.g., Alice) can send encrypted (as well as signed) email to
anybody else (e.g., Bob).
– Generate a one-time random key to encrypt the email using a
secret key system (e.g., IDEA)
– Encrypt the random key with Bob’s public key
– May sign the email with her own private key
– May compress the email before encryption
• Bob can use his private key to decrypt the encrypted email.
– Moreover, “pass phrase” is required for decryption
– The “pass phrase” is typed by Bob when PGP generates RSA keys
for him
PGP overview—key distribution
• Public key system (RSA), key distribution
– PEM: rigid hierarchy of CAs.
– S/MIME: (being agnostic), assume that a number of
parallel independent hierarchies.
– PGP: anarchy, each user decides which keys to trust.
• You contact Alice in person to get Alice’s public key, and
trust it
• You find the public key of Alice on her web page or from
email, you can copy it to your PGP system to trust it if you
• Public key server (e.g., http://math-www.uni-
• Certificates are an optional in PGP
– anyone can issue a certificate to anyone else
– If you trust Alice and get Carol’s public key certificate
signed by Alice, you will trust Carol’s public key
– If you get Carol’s two public key certificates, one signed
by Alice, and the other signed by Bob, both Alice and Bob
are trusted by you, then you can trust both Carol’s
• Therefore PGP is very flexible and easy to use
PGP– trust levels
• Problem with PGP anarchistic structure:
– Alice was bribed to issue certificate for Carol
– Alice was sloppy about checking (key,identity) and sign
the certificate.
– Suppose Ted is honest and never sloppy, could you trust
Ted’s signature for Carol’s public key, from whom he
had a bitter divorce?
• Solutions:
– All are determined by yourself
– Give a trust level for a public key
– Given a trust level for the certificates signed by the key
Certificate and key revocation
• You can revoke (delete) any public key anytime
• A public key of a person can be revoked by the
corresponding private key
• The issuer of a certificate can revoke the
– Does not mean that the holder of revoked certificate is
a bad person, but the issuers does not want to vouch for
its authenticity.
• Validity period of a key and a certificate
PGP—key ring
• A data structure containing key materials
– pubring.pgp: containing your public keys, other
people’s public keys, information about people, and
– secring.pgp: containing your private keys.
• Three trust levels currently in PGP: none, partial,
• A trust level of a person may determine the trust
level of the certificates signed by the person.
• A short, fixed-seize string intended to be a unique
representation of a string of arbitrary length and
obtained by a one-way hash function.
• For PGP, the fingerprint is a 256 bit string for a
public key (which may be 1024 bits) by MD5
• Purpose of a fingerprint for a public key is for
people to easily remember and verify the public