***Welcome to ashrafedu.blogspot.com * * * This website is maintained by ASHRAF***

Posts

    Latest Updates

    Friday, April 29, 2022

    Security at the Application layer – PGP and S/MIME

    Two schemes have been developed for e-mail security: PGP and S/MIME. Both these schemes use secret-key and public-key cryptography.

    I. Pretty Good Privacy (PGP) is an e-mail encryption scheme. It has become the de-facto standard for providing security services for e-mail communication. it uses public key cryptography, symmetric key cryptography, hash function, and digital signature. It provides −

    • Privacy
    • Sender Authentication
    • Message Integrity
    • Non-repudiation

    Along with these security services, it also provides data compression and key management support. PGP uses existing cryptographic algorithms such as RSA, IDEA, MD5, etc., rather than inventing the new ones.

    Working of PGP

    ·        Hash of the message is calculated. (MD5 algorithm)

    ·        Resultant 128 bit hash is signed using the private key of the sender (RSA Algorithm).

    ·        The digital signature is concatenated to message, and the result is compressed.

    ·        A 128-bit symmetric key, KS is generated and used to encrypt the compressed message with IDEA.

    ·        KS is encrypted using the public key of the recipient using RSA algorithm and the result is appended to the encrypted message.


    In PGP scheme, a message in signed and encrypted, and then MIME is encoded before transmission.

    II. S / MIME

    S/MIME stands for Secure Multipurpose Internet Mail Extension. S/MIME is a secure e-mail standard. It is based on an earlier non-secure e-mailing standard called MIME.

    S/MIME approach is similar to PGP. It also uses public key cryptography, symmetric key cryptography, hash functions, and digital signatures. It provides similar security services as PGP for e-mail communication.

    The most common symmetric ciphers used in S/MIME are RC2 and TripleDES. The usual public key method is RSA, and the hashing algorithm is SHA-1 or MD5.

    S/MIME specifies the additional MIME type, such as “application/pkcs7-mime”, for data enveloping after encrypting. The whole MIME entity is encrypted and packed into an object. S/MIME has standardized cryptographic message formats (different from PGP). In fact, MIME is extended with some keywords to identify the encrypted and/or signed parts in the message.

    S/MIME relies on X.509 certificates for public key distribution. It needs top-down hierarchical PKI for certification support.

    Due to the requirement of a certificate from certification authority for implementation, not all users can take advantage of S/MIME, as some may wish to encrypt a message, with a public/private key pair.

    Either PGP or S/MIME, is used depending on the environment. A secure e-email communication in a captive network can be provided by adapting to PGP. For e-mail security over Internet, where mails are exchanged with new unknown users very often, S/MIME is considered as a good option.

    Difference between PGP and S/MIME :

    S.NO

    PGP

    S/MIME

    1.

    It is designed for processing the plain texts

    While it is designed to process email as well as many multimedia files.

    2.

    PGP is less costly as compared to S/MIME.

    While S/MIME is comparatively expensive.

    3.

    PGP is good for personal as well as office use.

    While it is good for industrial use.

    4.

    PGP is less efficient than S/MIME.

    While it is more efficient than PGP.

    5.

    It depends on user key exchange.

    Whereas it relies on a hierarchically valid certificate for key exchange.

    6.

    PGP is comparatively less convenient.

    While it is more convenient than PGP due to the secure transformation of all the applications.

    7.

    PGP contains 4096 public keys.

    While it contains only 1024 public keys.

    8.

    PGP is the standard for strong encryption.

    While it is also the standard for strong encryption but has some drawbacks.

    9.

    PGP is also be used in VPNs.

    While it is not used in VPNs, it is only used in email services.

    10.

    PGP uses Diffie hellman digital signature.

    While it uses Elgamal digital signature.


    No comments:

    Post a Comment

    Network session analysis

    Network session analysis Network session analysis is a method of monitoring network activity and availability to identify issues, such as ...