1

Table of contents

1. Pretty Good Privacy(PGP). ...2

1.1 PGP Web of trust.2
1.2 What PGP does3
1.3 How PGP works...............4
1.4 Trusting public keys...7
1.5 Conceptual design of secure message transmission ...9
1.5.1 Secure message transmission: preparations..10
1.5.2 Secure message transmission: encryption and finalization..11
1.6 Participants, asymmetric keys, signatures and their relationships.12

2. Kerberos.13

2.1 Basic blocks.15
2.2 Names, identifiers, addresses and keys..16
2.3 Rounds of the Kerberos protocol.19

3. References20

2

Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is one of today's most widely used public key
cryptography programs. Developed by Philip Zimmermann in the early 1990s and
long the subject of controversy, PGP is available as a plug-in for many e-mail
clients, such as Claris Emailer, Microsoft Outlook/Outlook Express, and
Qualcomm Eudora.
PGP can be used to sign or encrypt e-mail messages with the mere click of the
mouse. Depending upon the version of PGP, the software uses SHA or MD5 for
calculating the message hash; CAST, Triple-DES, or IDEA for encryption; and
RSA or DSS/Diffie-Hellman for key exchange and digital signatures.
1.1 PGP Web of Trust
Pretty Good Privacy is a widely used private e-mail scheme based on public key
methods. A PGP user maintains a local keyring of all their known and trusted
public keys. The user makes their own determination about the trustworthiness of a
key using what is called a "web of trust."
If Alice needs Bob's public key, Alice can ask Bob for it in another e-mail or, in
many cases, download the public key from an advertised server; this server might a
well-known PGP key repository or a site that Bob maintains himself. In fact, Bob's
public key might be stored or listed in many places. (The author's public key, for
example, can be found at http://www.garykessler.net/pubkey.html.) Alice is
prepared to believe that Bob's public key, as stored at these locations, is valid.
Suppose Carol claims to hold Bob's public key and offers to give the key to Alice.
How does Alice know that Carol's version of Bob's key is valid or if Carol is
actually giving Alice a key that will allow Mallory access to messages? The
answer is, "It depends." If Alice trusts Carol and Carol says that she thinks that her
version of Bob's key is valid, then Alice may at her option trust that key.
And trust is not necessarily transitive; if Dave has a copy of Bob's key and Carol
trusts Dave, it does not necessarily follow that Alice trusts Dave even if she does
trust Carol.
The point here is that who Alice trusts and how she makes that determination is
strictly up to Alice. PGP makes no statement and has no protocol about how one
user determines whether they trust another user or not. In any case, encryption and
3

signatures based on public keys can only be used when the appropriate public key
is on the user's keyring.
From its beginnings just a few years ago, PGP has grown explosively and is now
widely used. A number of reasons can be cited for this growth:
It is available for free worldwide in versions that run on a variety of
platforms, including DOS, Windows, Unix, and Macintosh. And the
commercial version satisfies users who want a product that comes with
vendor support.
It is based on algorithms that have survived extensive public review and are
considered extremely secure (RSA for public-key encryption, IDEA for
conventional encryption, and MD5 for hash, or summary, coding).
It has a wide range of applicability and can be used by corporations that
want to enforce a standardized scheme for encrypting files and messages as
well as by individuals who wish to communicate securely with people
worldwide over the Internet and other networks.
It was not developed by, nor is it controlled by, any governmental or
standards organization. For people with an instinctive distrust of ``the
establishment'', this makes PGP attractive.
1.2 What PGP does
PGP provides two services: encryption and digital signatures.
Encryption allows a user to encode a file for storage locally or for transmission as
an e-mail message. The local storage option is handy if you are worried about other
people having access to files on your machine. The e-mail option enables PGP to
be used for private exchanges over a network. PGP encrypts the entire contents of
the message in such a way that only the intended recipient can decode and read the
message. Anyone else who attempts to capture or copy the message en route will
receive meaningless garble.
The digital signature service allows a user to `sign' a document before transmission
in such a way that anyone can verify that the signature is genuine and belongs with
a particular document. If someone alters the message or substitutes a different
message, the signature will no longer be valid. And any recipient can verify that
the message has been signed by its true creator and not an imposter.

PGP's confidentiality and encoding services use the most popular public-key
encryption scheme, known as RSA. All public-key encryption systems make use of
an encoding and decoding algorithm and a related pair of keys. The input to the
4

encryption algorithm is the text to be encrypted -- known as plaintext -- and a key.
The algorithm takes the input and produces scrambled output known as ciphertext.
To use the decryption algorithm, you input the ciphertext plus the key that matches
the one used for encryption, and the original plaintext is produced as output.
The two keys used in any public-key encryption scheme, including RSA, are called
the public key and private key. The public key, as the name suggests, is made
public. The idea is to make your public key available to people with whom you
correspond. You keep your private key secure, and it should be known only to you.
These two keys can be used to provide confidentiality and encryption.

1.3 How PGP Works

Suppose Alice wants to correspond with Bob. If Alice prepares a message and
encrypts it with Bob's public key, only Bob can decrypt the message using his
private key. If Alice prepares a message and encrypts it with her private key, then
anyone, including Bob, can decrypt the message. But only Alice could have
encrypted the message, therefore the encrypted message is, in effect, signed by
Alice.
It turns out that RSA, and all other known public-key algorithms, are time-
consuming and inefficient. Therefore PGP, like most other encryption applications,
does not use RSA directly to provide confidentiality and digital signatures.
For confidentiality, PGP encrypts messages with an efficient single-key or
conventional encryption algorithm known as IDEA. It then uses RSA to encrypt,
with the receiver's public key, the IDEA key used to encrypt the message. The
receiver can use RSA to recover the IDEA key and use that key to recover the
message.
For digital signatures, PGP uses an efficient algorithm known as MD5 to produce a
summary code, or hash code, of the message that is, for all practical purposes,
unique to that message. PGP then uses RSA to encrypt the hash code with the
sender's private key. The receiver can use RSA to recover the hash code and verify
that it is the correct hash code for the message. If it is correct, then only the alleged
sender could have prepared the encrypted hash code.

When PGP is first installed, the user has to create a key-pair. One key, the public
key, can be advertised and widely circulated. The private key is protected by use of
a passphrase. The passphrase has to be entered every time the user accesses their
private key.


5



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Carol.

What was that pithy Groucho Marx quote?

/kess

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv


iQA/AwUBNFUdO5WOcz5SFtuEEQJx/ACaAgR97+vvDU6XWELV/GANjAAgBtUAnjG3
Sdfw2JgmZIOLNjFe7jP0Y8/M
=jUAU
-----END PGP SIGNATURE-----
FIGURE 7: A PGP signed message. The sender uses their private key; at the destination, the
sender's e-mail address yields the public key from the receiver's keyring.

Figure 7 shows a PGP signed message. This message will not be kept secret from
an eavesdropper, but a recipient can be assured that the message has not been
altered from what the sender transmitted. In this instance, the sender signs the
message using their own private key. The receiver uses the sender's public key to
verify the signature; the public key is taken from the receiver's keyring based on
the sender's e-mail address. Note that the signature process does not work unless
the sender's public key is on the receiver's keyring.
6


-----BEGIN PGP MESSAGE-----
Version: PGP for Personal Privacy 5.0
MessageID: DAdVB3wzpBr3YRunZwYvhK5gBKBXOb/m

qANQR1DBwU4D/TlT68XXuiUQCADfj2o4b4aFYBcWumA7hR1Wvz9rbv2BR6WbEUsy
ZBIEFtjyqCd96qF38sp9IQiJIKlNaZfx2GLRWikPZwchUXxB+AA5+lqsG/ELBvRa
c9XefaYpbbAZ6z6LkOQ+eE0XASe7aEEPfdxvZZT37dVyiyxuBBRYNLN8Bphdr2zv
z/9Ak4/OLnLiJRk05/2UNE5Z0a+3lcvITMmfGajvRhkXqocavPOKiin3hv7+Vx88
uLLem2/fQHZhGcQvkqZVqXx8SmNw5gzuvwjV1WHj9muDGBY0MkjiZIRI7azWnoU9
3KCnmpR60VO4rDRAS5uGl9fioSvze+q8XqxubaNsgdKkoD+tB/4u4c4tznLfw1L2
YBS+dzFDw5desMFSo7JkecAS4NB9jAu9K+f7PTAsesCBNETDd49BTOFFTWWavAfE
gLYcPrcn4s3EriUgvL3OzPR4P1chNu6sa3ZJkTBbriDoA3VpnqG3hxqfNyOlqAka

mJJuQ53Ob9ThaFH8YcE/VqUFdw+bQtrAJ6NpjIxi/x0FfOInhC/bBw7pDLXBFNaX
HdlLQRPQdrmnWskKznOSarxq4GjpRTQo4hpCRJJ5aU7tZO9HPTZXFG6iRIT0wa47


AR5nvkEKoIAjW5HaDKiJriuWLdtN4OXecWvxFsjR32ebz76U8aLpAK87GZEyTzBx
dV+lH0hwyT/y1cZQ/E5USePP4oKWF4uqquPee1OPeFMBo4CvuGyhZXD/18Ft/53Y
WIebvdiCqsOoabK3jEfdGExce63zDI0=
=MpRf
-----END PGP MESSAGE-----
FIGURE 8: A PGP encrypted message. The receiver's e-mail address is the pointer to the public
key in the sender's keyring. At the destination side, the receiver uses their own private key.


Figure 8 shows a PGP encrypted message (PGP compresses the file, where
practical, prior to encryption because encrypted files have a high degree of
randomness and, therefore, cannot be efficiently compressed). In this example,
public key methods are used to exchange the session key for the actual message
encryption that employs secret-key cryptography. In this case, the receiver's e-mail
address is the pointer to the public key in the sender's keyring; in fact, the same
message can be sent to multiple recipients and the message will not be significantly
longer since all that needs to be added is the session key encrypted by each
receiver's public key. When the message is received, the recipient will use their
private key to extract the session secret key to successfully decrypt the message
(Figure 9).
7


Hi Gary,

"Outside of a dog, a book is man's best friend.
Inside of a dog, it's too dark to read."

Carol
FIGURE 9: The decrypted message.
It is worth noting that PGP was one of the first so-called "hybrid cryptosystems"
that combined aspects of SKC and PKC. When Zimmermann was first designing
PGP in the late-1980s, he wanted to use RSA to encrypt the entire message. The
PCs of the days, however, suffered significant performance degradation when
executing RSA so he hit upon the idea of using SKC to encrypt the message and
PKC to encrypt the SKC key.
1.4 Trusting public keys
The most difficult aspect of using PGP, or any public-key application, is getting
your hands on the public keys of the people with whom you wish to correspond.
You must make sure you have the true public key of each individual in your
electronic Rolodex. Suppose I create a linked pair of public and private keys and
send you the public key, declaring that I am Elvis. How do you know I am the real
Elvis and not an impostor? If I am an impostor, I could send you signed messages
and you would be sure they were from Elvis. If you send an encrypted message to
Elvis, I can capture the message and recover the plain text.
PGP provides a number of tools and recommended procedures for obtaining public
keys in trusted ways. One handy tool is the public-key fingerprint, which is nothing
more than a string of printable characters based on the MD5 hash code of the key.
For all practical purposes, the fingerprint of a key is unique. So, if Alice knows
Bob's voice, Bob could send his public key to Alice via e-mail. Alice then could
generate the fingerprint of that key, call Bob, and have Bob read the fingerprint
over the phone to make sure there is a match.
Once you have a few trusted keys, you can make use of PGP's signature capability.
If you have Bob's public key and you trust Bob to provide you with other public
keys of other persons, Bob can send you John's key signed by Bob. That is, Bob
takes John's public key and feeds it through the signature mechanism of PGP.
8

Alice can use Bob's public key to ensure that John's key was provided by Bob and
that the key has not been altered.
There also are a number of servers on the Internet that are public-key repositories.
Most of keys are signed by one or more people. You can obtain someone's public
key from the server and if you trust the signatories to the key, you can have faith
that it is genuine. These public-key servers do not authenticate the keys; they
merely serve as repositories.
One public-key directory that does attempt to provide authenticated PGP keys is
SLED (Stable Large E-mail Database). The public keys in the directory are signed
by SLED, indicating that the user's authenticity has been verified.















9

1.5 Conceptual design of secure message transmission

10

1.5.1 Secure message transmission: preparations




11

1.5.2 Secure message transmission: encryption and
finalization

12

1.6 Participants, asymmetric keys, signatures and
their relationships


13

KERBEROS
User authentication scheme for Open source (non-proprietary) and public
domain (free). A client-server environments network security system. Named after
Greek mythologys fierce three-headed guard dog. At user login and every service
request, it verifies the user. To encrypt data It uses private or secret keys known as
tickets. Contrast to public keys. Based on symmetric key cryptography and data
encryption standard algorithms, it was developed at Massachusetts Institute of
Technology (MIT).
Kerberos is a network authentication system for use on physically insecure
networks, based on the key distribution model presented by Needham and
Schroeder (in ``Using Encryption for Authentication in Large Networks of
Computers'', Communications of the ACM, Vol. 21(12), pp. 993-999, December,
1978). It allows entities communicating over networks to prove their identity to
each other while preventing eavesdropping or replay attacks. It also provides for
data stream integrity (detection of modification) and secrecy (preventing
unauthorized reading) using cryptography systems such as DES.
Kerberos works by providing principals (users or services) with tickets that they
can use to identify themselves to other principals and secret cryptographic keys for
secure communication with other principals. A ticket is a sequence of a few
hundred bytes. These tickets can then be embedded in virtually any other network
protocol, thereby allowing the process implementing that protocol to be sure about
the identity of the principals involved.
Practically speaking, Kerberos is mostly used in application-level protocols (ISO
model level 7), such as Telnet or FTP, to provide user to host security. It is also
used, though less frequently, as the implicit authentication system of data stream
(such as SOCK_STREAM) or RPC mechanisms (ISO model level 6). It could also
be used at a lower level for host to host security, in protocols like IP, UDP, or TCP
(ISO model levels 3 and 4), although such implementations are currently rare, if
they exist at all.
There are several different versions and distributions of Kerberos. Most of them
are based on an MIT distributions in one form or another, but the lineage is not
always simple. Some of the distributions are freely available, some are stand-alone
commercial products, and others are part of a larger free or commercial systems.
14

Several vendors currently sell relevant Kerberos material, and to name a few:
CyberSAFE, Cygnus Support, Digital Equipment Corporation, Emulex Network
Systems, OpenVision Technologies, TGV.
Kerberos employs a client/server architecture and provides user-to-server
authentication rather than host-to-host authentication. In this model, security and
authentication will be based on secret key technology where every host on the
network has its own secret key. It would clearly be unmanageable if every host had
to know the keys of all other hosts so a secure, trusted host somewhere on the
network, known as a Key Distribution Center (KDC), knows the keys for all of the
hosts (or at least some of the hosts within a portion of the network, called a realm).
In this way, when a new node is brought online, only the KDC and the new node
need to be configured with the node's key; keys can be distributed physically or by
some other secure means.

15

The Kerberos Server/KDC has two main functions (Figure 3), known as the
Authentication Server (AS) and Ticket-Granting Server (TGS). The steps in
establishing an authenticated session between an application client and the
application server are:
1. The Kerberos client software establishes a connection with the Kerberos
server's AS function. The AS first authenticates that the client is who it
purports to be. The AS then provides the client with a secret key for this
login session (the TGS session key) and a ticket-granting ticket (TGT),
which gives the client permission to talk to the TGS. The ticket has a finite
lifetime so that the authentication process is repeated periodically.
2. The client now communicates with the TGS to obtain the Application
Server's key so that it (the client) can establish a connection to the service it
wants. The client supplies the TGS with the TGS session key and TGT; the
TGS responds with an application session key (ASK) and an encrypted form
of the Application Server's secret key; this secret key is never sent on the
network in any other form.
3. The client has now authenticated itself and can prove its identity to the
Application Server by supplying the Kerberos ticket, application session
key, and encrypted Application Server secret key. The Application Server
responds with similarly encrypted information to authenticate itself to the
client. At this point, the client can initiate the intended service requests (e.g.,
Telnet, FTP, HTTP, or e-commerce transaction session establishment).
The current shipping version of this protocol is Kerberos V5 (described in RFC
1510), although Kerberos V4 still exists and is seeing some use. While the details
of their operation, functional capabilities, and message formats are different, the
conceptual overview above pretty much holds for both. One primary difference is
that Kerberos V4 uses only DES to generate keys and encrypt messages, while V5
allows other schemes to be employed (although DES is still the most widely
algorithm used).
2.1 Basic blocks
symmetric encryption,
for evaluating the authenticity of messages
on the basis of the possession of a secret symmetric key
for enforcing the confidentiality and integrity of messages
passwords,
used as substitutes for the secret symmetric key
agreed between a particular participant and the Kerberos server
16

one-way hash function
for dynamically regenerating a key from the substituting password

random generator
to generate symmetric session keys,
to be used for a secureend-to-end connection
during a clientserver interaction

timestamps,
used as indications of the freshnessof messages

nonces(random bit strings),
used as challengesto be included in responses

tickets,
used as a special kind of credentialthat
encode privilegesgranted to a client as a grantee
are shown to a server as a (self-protecting) controlled object
validity specifications for tickets

access decisions,
taken by a server on the basis of shown tickets

delegation
of the issuing of tickets by the Kerberos server on behalf of a server

2.2 Names, identifiers, addresses and keys

Kerberos server
AS authentication server
TGS ticket-granting server

participant P (client Cl, Kerberos server Kerwith components AS and TGS)
Id
P unique identifier
Add P
Network address
KP
Secret symmetric key for a symmetric encryption method
17


18



19

2.3 Rounds of the Kerberos protocol
each round is initialized by a client and has two messages
first round,
executed once per client session (can beintegrated within a login procedure):
to authenticate the client for the later process of
obtaining and exploiting a reusable ticket
that expresses a privilegefor a service
second round,
performed once for each functional server
that is contacted during a client session:
to actually grant the privilege to the client
third round,
repeatedly called for each actual service invocation:
to exploit the granted privilege


20

REFERENCES:

Information Theory, Coding and Cryptography
By Ranjan Bose

Kurose and Ross - Computer Networking A Top-Down Approach
Featuring The Internet

Cry-Cryptography and Network Security Principles and Practices, 4th
Ed - William Stallings

http://www.garykessler.net/library/crypto.html#kerb

http://denis.arnaud.free.fr/zds/report/node45.html

https://www.cs.purdue.edu/homes/ssw/cs355/new8.pdf

http://ls6-www.informatik.uni-
dortmund.de/uploads/tx_ls6ext/SI12_CaseStudiesPGPKerberos.pdf