Cryptography: Hash Functions, Public Key, SSL, and PGP

Posted on Jan 30, 2025 in Information Consulting and Management

Hash Function Algorithms

MD5: A widely used hash function (RFC 1321) that computes a 128-bit message digest in a 4-step process. For any arbitrary 128-bit string x, it appears difficult to construct a message m whose MD5 hash is equal to x.

SHA-1: Another hash function in use. It is a US standard [NIST, FIPS PUB 180-1] and produces a 160-bit message digest.

Public-Key Certification

Motivation: Trudy plays a pizza prank on Bob.

  1. Trudy creates an e-mail order: “Dear Pizza Store, Please deliver to me four pepperoni pizzas. Thank you, Bob.”
  2. Trudy signs the order with her private key.
  3. Trudy sends the order to the Pizza Store.
  4. Trudy sends the Pizza Store her public key, but claims it is Bob’s public key.
  5. The Pizza Store verifies the signature and then delivers four pepperoni pizzas to Bob.
  6. Bob doesn’t even like pepperoni.

Certification Authority (CA)

A certification authority (CA) binds a public key to a particular entity, E.

  • E (a person or a router) registers its public key with the CA.
  • E provides “proof of identity” to the CA.
  • The CA creates a certificate binding E to its public key.
  • The certificate containing E‘s public key is digitally signed by the CA. The CA states, “This is E‘s public key.”

Secure E-mail

Alice wants to send a confidential e-mail, m, to Bob.

Alice:

  1. Generates a random symmetric private key, KS.
  2. Encrypts the message with KS (for efficiency).
  3. Also encrypts KS with Bob’s public key.
  4. Sends both KS(m) and KB(KS) to Bob.

Bob:

  1. Uses his private key to decrypt and recover KS.
  2. Uses KS to decrypt KS(m) and recover m.

Alice wants to provide sender authentication and message integrity. Alice digitally signs the message and sends both the message (in the clear) and the digital signature. Alice wants to provide secrecy, sender authentication, and message integrity. Alice uses three keys: her private key, Bob’s public key, and a newly created symmetric key.

SSL: Secure Sockets Layer

SSL is a widely deployed security protocol that provides confidentiality, integrity, and authentication. It is available to all TCP applications through a secure socket interface.

Description: C:\Users\CRIZMA-PC&LAPTOP\Desktop\Capture.JPG

Original Goals of SSL

  1. Web e-commerce transactions
  2. Encryption (especially credit card numbers)
  3. Web server authentication
  4. Optional client authentication
  5. Minimal hassle in doing business with a new merchant

SSL provides an application programming interface (API) to applications. C and Java SSL libraries/classes are readily available.

Network-Layer Confidentiality (IPSec)

What is network-layer confidentiality (IPSec)? Between two network entities:

  1. The sending entity encrypts the datagram payload. The payload could be a TCP or UDP segment, an ICMP message, or an OSPF message.
  2. All data sent from one entity to another would be hidden: web pages, e-mail, P2P file transfers, and TCP SYN packets.
  3. This provides “blanket coverage.”

IPsec Services

  1. Data integrity
  2. Origin authentication
  3. Replay attack prevention
  4. Confidentiality

Two protocols providing different service models:

  1. AH
  2. ESP
  • Authentication Header (AH) protocol: Provides source authentication and data integrity but not confidentiality.
  • Encapsulation Security Protocol (ESP): Provides source authentication, data integrity, and confidentiality. ESP is more widely used than AH.

Toy SSL: A Simple Secure Channel

  1. Handshake: Alice and Bob use their certificates and private keys to authenticate each other and exchange a shared secret.
  2. Key Derivation: Alice and Bob use the shared secret to derive a set of keys.
  3. Data Transfer: Data to be transferred is broken up into a series of records.
  4. Connection Closure: Special messages are used to securely close the connection.

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions, and to increase the security of e-mail communications.