PGP Web of Trust

1
PGP Web of Trust

• Validity of pgp keys may be verified by its
  fingerprint
• Pgp uses
• Meta introducer
• Root CAs
• Not only validity of keys but also the ability of
  conferring to other keys the ability of attesting
  validity of keys
• Trusted introducer
• Subordinate CAs
• Validate keys but not create new trusted
  introducers

2
PGP Web of Trust

• Trusted Models
• Direct Trust
• In PGP, a user who validates keys herself and
  never sets another certificate to be a trusted
  introducer is using direct trust

3
PGP Web of Trust

• Hierarchical Trust
• Web of Trust
• Combination of both

4
PGP Web of Trust

• In pgp any user can act as a certifying authority
• However the certificate is only valid if the
  receiving party recognize the validator as a
  trusted introducer
• Stored on each user's public keyring are
  indicators of
• whether or not the user considers a particular
  key to be valid
• the level of trust the user places on the key
  that the key's owner can serve as certifier of
  others' keys

5
PGP Web of Trust

• Levels of trust
• Implicit (I believe in myself)
• Others
• Complete
• Marginal
• Notrust
• Validity
• Valid
• Marginally valid
• Invalid

6
PGP Web of Trust

• To define another's key as a trusted introducer,
  you
• Start with a valid key, one that is either signed
  by you or signed by another trusted introducer
• Set the level of trust you feel the key's owner
  is entitled
• Valid Key 1 Completely trusted signature or 2
  marginally trusted signatures

7
Certificate Revocation

• Revocation is important
• User stop playing the role that is specified in
  the certificate
• Belief that certificate was compromised
• Pgp certificates can be revoked by
• Owner
• Someone that the owner designates as a revoker

8
Transport Layer Security (TLS)

• The TLS protocol comes from lessons learned by
  the SSL and PCT protocols
• Very similar to the SSL v3 protocol
• The TLS v1.0 protocol is described in RFC2246
• The TLS protocol is composed by two layers
• TLS record protocol
• TLS handshake protocol

9
TLS

• The primary goal of the TLS Protocol is to
  provide privacy and data integrity between two
  communicating applications.
• Goals of TLS
• Cryptographic security
• Interoperability
• Extensibility
• Relative efficiency

10
TLS

• Basic Properties of the TLS record protocol
• The connection is private. Symmetric cryptography
  is used for data encryption
• The connection is reliable. Message transport
  includes a message integrity check using a keyed
  MAC.
• Basic Properties of the TLS handshake protocol
• The peer's identity can be authenticated using
  asymmetric, or public key, cryptography
• The negotiation of a shared secret is secure the
  negotiated secret is unavailable to
  eavesdroppers, and for any authenticated
  connection the secret cannot be obtained, even by
  an attacker who can place himself in the middle
  of the connection
• The negotiation is reliable no attacker can
  modify the negotiation communication without
  being detected by the parties to the communication

11
TLS

• Generating random numbers
• Uses a pseudo random function (PRF) that is an
  xor of operations using two hash algorithms
• P_hash(secret, seed) HMAC_hash(secret, A(1)
  seed)
• HMAC_hash(secret,
  A(2) seed)
• HMAC_hash(secret,
  A(3) seed) ...
• Where indicates concatenation.
• A() is defined as
• A(0) seed
• A(i) HMAC_hash(secret, A(i-1))

12
TLS

• PRF
• HMAC is a keyed hash
• H(K XOR opad, H(K XOR ipad, text))
• The secret is divided in two halves S1 and S2
• PRF(secret, label, seed) P_MD5(S1, label
  seed) XOR P_SHA-1(S2, label seed)
• Where label is an ASCII string

13
TLS Handshake protocol

• Provides parameters to the record protocol
• Session ID
• Master Key
• Compression Method
• Cipher algorithms
• Is resumable
• Also provide peer authentication using
  certificates (X.509 v3)

14
TLS Handshake protocol

• It consist of three sub protocols
• Change cipher spec protocol
• Alert protocol
• Handshake Protocol
• Ciphers Supported
• Block
• DES, RC2, RSA, IDEA
• Stream
• RC4
• MAC
• SHA-1, MD5
• Digital Signature
• DSS, RSA

15
TLS Handshake protocol

• Client
  Server
• ClientHello --------gt
• 
  ServerHello
• 
  Certificate
• 
  ServerKeyExchange
• 
  CertificateRequest
• lt--------
  ServerHelloDone
• Certificate
• ClientKeyExchange
• CertificateVerify
• ChangeCipherSpec
• Finished --------gt
• 
  ChangeCipherSpec
• lt--------
  Finished
• Application Data lt-------gt
  Application Data

16
TLS Record Protocol

• The Record Protocol takes messages to be
  transmitted, fragments the data into manageable
  blocks, optionally compresses the data, applies a
  MAC, encrypts, and transmits the result.
• Uses read and write parameters defined as client
  or server write

17
TLS Record Protocol

• Security parameters
• connection end Whether this entity is considered
  the "client" or the "server" in this connection.
• bulk encryption algorithm. Includes a flag
  meaning if this is an export cipher
• MAC algorithm
• compression algorithm
• master secret (48 bytes)
• client random
• server random

18
TLS Record Protocol

• The security parameters will be used to generate
• client write MAC secret
• server write MAC secret
• client write key
• server write key
• client write IV (for block ciphers only)
• server write IV (for block ciphers only)

19
TLS Record Protocol

• The keys are generated from
• key_block PRF(SecurityParameters.master_secret,
  "key expansion, SecurityParameters.server_random
  SecurityParameters.client_random)
• If it is exportable
• final_client_write_key PRF(SecurityParameters.cl
  ient_write_key,
  "client write key", SecurityParameters.client_rand
  om SecurityParameters.server_random)
• final_server_write_key PRF(SecurityParameters.se
  rver_write_key, "server write key",
  SecurityParameters.client_random
  SecurityParameters.server_random)