Page 127 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 127

Unit 8: Cryptography and Encryption




          Figure 8.9  shows  a  PGP encrypted  message (PGP  compresses the  file,  where  practical,  Notes
          prior to encryption because encrypted files lose their randomness and, therefore, cannot
          be compressed). In this case, public key methods are used to exchange the session key for
          the actual message encryption using secret-key cryptography. In this case, the receiver’s
          e-mail  address  is the pointer  to the  public key  in  the  sender’s keying; in  fact, the  same
          message  can  be  sent  to  multiple  recipients  and  the  message  will  not  be  significantly
          longer  since  all  that needs  to  be  added is  the  session  key  encrypted  by  each  receiver’s
          private  key.


               !
             Caution  When the message is received, the recipient must use their private key to extract
             the session secret key to successfully decrypt the message.

                                    Figure  8.10:  Decrypted  Message

               Hi Gary,
               “Outside of a dog, a book is man’s best friend.
               Inside of a dog, it’s too dark to read.”

               Carol
          It is worth noting that PGP was one of the first so-called “hybrid cryptosystems” that combined
          aspects of SKC and PKC. When Zimmermann was  first designing PGP in the late-1980s, he
          wanted to use RSA to encrypt the  entire message. The PCs  of the  days, however,  suffered
          significant performance degradation when executing RSA so he hit upon the idea of using SKC
          to encrypt the message and PKC to encrypt the SKC key.

          PGP went into a state of flux in 2002. Zimmermann sold  PGP to Network Associates, Inc.
          (NAI) in 1997 and himself resigned from NAI in early 2001. In March 2002, NAI announced
          that they  were dropping support for the commercial  version of  PGP having  failed to find
          a  buyer  for  the  product  willing  to  pay  what  NAI  wanted.  In  August  2002,  PGP  was
          purchased from NAI by PGP  Corp. Meanwhile,  there are  many freeware versions of PGP
          available.

          8.5.5 Kerberos

          Kerberos is a commonly used authentication scheme on the Internet. Developed by MIT’s Project
          Athena, Kerberos  is named for the three-headed dog  who, according  to Greek mythology,
          guards the entrance of Hades (rather than the exit, for some reason!).

          Kerberos employs  a client/server architecture and  provides  user-to-server authentication
          rather than  host-to-host  authentication.  In  this  model,  security  and  authentication  will
          be  based  on  secret key  technology  where  every host  on  the  network has  its own  secret
          key.
          It would clearly be unmanageable if every host had to know the keys of all other hosts so a
          secure, trusted host somewhere on the network, known as a Key Distribution Center (KDC),
          knows the keys for all of the hosts (or at least some of the hosts within a portion of the network,
          called a realm).
          In this way, when a new node is brought online, only the KDC and the new node need to be
          configured with  the node’s key; keys can be distributed physically or by some other secure
          means.




                                           LOVELY PROFESSIONAL UNIVERSITY                                   121
   122   123   124   125   126   127   128   129   130   131   132