Computer Security Lecture 10

1
Computer Security Lecture 10

• Phillip G. Bradford
• Computer Science
• University of Alabama

2
Announcements

• Im very please with the interest showed in
  research
• Fridays we will work problems in lecture
• First Midterm Exam
• Monday 17 February

3
Lecture Outline

• Review Last Lecture
• Exercises
• Implementing Public Keys, Signatures and Secret
  Transmission
• Another Authentication System

4
PGP, the MIT Flavor

• PGP Pretty Good Privacy
• http//web.mit.edu/network/pgp.html
• Goals
• Privacy
• Authentication

5
PGP

• History
• Philip R. Zimmermann
• http//web.mit.edu/prz/
• http//web.mit.edu/prz/images/photos/PRZ_leather.j
  pg
• Law S.1726
• US export control policy for cryptographic
  software
• Why?

6
PGP

• Now, significant protocol
• OpenPGP IETF standard RFC 2440
• http//www.ietf.org/rfc/rfc2440.txt
• Everyone knows its encryption algorithms
• The CEO Problem!

7
PGP

• Key Management
• Public Key System RSA
• Also used for Signatures
• Must be careful!
• MD5 used as a One-Way Hash Function
• For Authentication
• The IDEA Algorithm for Data Encryption

8
PGP

• Other Options
• SHA Standard Hash Algorithm
• Triple-DES instead of IDEA
• Diffie-Hellman instead of RSA
• More
• Why have so many options?
• Undefined options?

9
PGP

• Must generate its keys
• The key generation problem
• RSA is prime number based
• For PGP, primes up to 2047 bits !
• PGP measures users key typing latency as a seed
  for the pseudo-random number generation used for
  prime number hunting
• IDEAs keys are generated using
• ANSI X9.17 uses Triple-DES
• Another cryptographic protocol!

10
PGP

• Why are there two different key generation
  methods?
• Web-of-trust
• No Key Distribution or Certification Authorities
• Individuals decide for themselves

11
PGP

• Weak Link
• Key Revocation
• Why is this a challenge?
• Generate and send a key-revocation certificate
• On your own to distribute it correctly