WEBVTT 00:00.000 --> 00:03.600 >> We're going to wrap up about the cryptography domain. 00:03.600 --> 00:05.280 But before we do, we're going to 00:05.280 --> 00:07.830 talk about email cryptosystems. 00:07.830 --> 00:11.175 Cryptosystems provide the framework for security. 00:11.175 --> 00:14.805 One common cryptosystem is referred to as S/MIME. 00:14.805 --> 00:17.220 That stands for Secure Multi-part 00:17.220 --> 00:20.085 Internet Mail Exchange or Extension. 00:20.085 --> 00:22.290 You can hear it either way. 00:22.290 --> 00:24.420 The idea here is that when we 00:24.420 --> 00:26.070 create a security email message, 00:26.070 --> 00:27.990 S/MIME is standards based and 00:27.990 --> 00:30.479 >> it uses X.509 certificates. 00:30.479 --> 00:34.590 >> Ultimately, the way the process works is as follows. 00:34.590 --> 00:36.840 Let me go back and show you more 00:36.840 --> 00:38.760 of my mad PowerPoint skills. 00:38.760 --> 00:42.370 Okay. Let's talk about an email message. 00:42.370 --> 00:44.300 When I send an email message, 00:44.300 --> 00:45.860 I want it to be secure. 00:45.860 --> 00:47.795 The first thing I think about doing 00:47.795 --> 00:49.610 is that I create the contents. 00:49.610 --> 00:51.170 Now, we'd want to encrypt 00:51.170 --> 00:53.780 the message contents with symmetric cryptography, 00:53.780 --> 00:55.640 because this could end up being a large amount of 00:55.640 --> 00:58.580 data and symmetric cryptography is faster. 00:58.580 --> 01:01.955 So it needs to be encrypted with symmetric key. 01:01.955 --> 01:04.130 But here's the problem. 01:04.130 --> 01:06.860 How do I get the shared key to the receiver? 01:06.860 --> 01:08.420 I have to figure out a way till 01:08.420 --> 01:10.385 the securely is distributed. 01:10.385 --> 01:12.020 So what I do is I put 01:12.020 --> 01:14.195 that symmetric key right on the message. 01:14.195 --> 01:15.920 But if I do that and someone 01:15.920 --> 01:17.569 >> else intercepts the message, 01:17.569 --> 01:19.505 >> they can get my symmetric-key. 01:19.505 --> 01:21.680 So I will encrypt that symmetric key 01:21.680 --> 01:24.085 using a key I have from the receiver. 01:24.085 --> 01:27.575 Now, which key do you think I have in the receiver? 01:27.575 --> 01:29.825 I have the receiver's public key, 01:29.825 --> 01:31.100 and I use that to encrypt 01:31.100 --> 01:34.145 my symmetric key. What have I just done? 01:34.145 --> 01:36.190 Use symmetric key exchange. 01:36.190 --> 01:39.260 I also need to make sure that 01:39.260 --> 01:40.760 the receiver knows the message has 01:40.760 --> 01:42.560 not been modified in transit, 01:42.560 --> 01:44.630 so I put a hash on the message. 01:44.630 --> 01:46.610 Of course, the whole purpose of 01:46.610 --> 01:49.350 a hash is to guarantee integrity. 01:49.670 --> 01:52.575 What's the last thing I'm going to do? 01:52.575 --> 01:55.160 How do I make sure the receiver is going to know who 01:55.160 --> 01:57.995 that message comes from and that it comes from me? 01:57.995 --> 01:59.570 Well, the way it works is 01:59.570 --> 02:00.890 that the hash is encrypted with 02:00.890 --> 02:02.270 the sender's private key 02:02.270 --> 02:04.840 and that provides non-repudiation. 02:04.840 --> 02:07.545 It's also called a digital signature. 02:07.545 --> 02:10.670 We see here is the creation of a digital envelope 02:10.670 --> 02:14.820 via S/MIME and everything follows the standards. 02:15.800 --> 02:18.005 Breaking from the standards, 02:18.005 --> 02:19.880 we have another email cryptosystem called 02:19.880 --> 02:22.295 PGP, Pretty Good Privacy. 02:22.295 --> 02:24.650 I love that name. Is developed 02:24.650 --> 02:26.690 by a gentleman named Phil Zimmerman. 02:26.690 --> 02:29.290 He was really strong in the privacy camp. 02:29.290 --> 02:31.700 He proposed that the government would like to decrypt 02:31.700 --> 02:34.490 anything that was encrypted, and that's true. 02:34.490 --> 02:36.440 But Zimmerman asked why we were all 02:36.440 --> 02:38.690 using these algorithms and standards provided 02:38.690 --> 02:41.150 by the government if the government was going to be 02:41.150 --> 02:44.260 so untrustworthy in relation to the cryptography. 02:44.260 --> 02:46.545 Why wouldn't we use our own? 02:46.545 --> 02:49.325 Zimmerman created the email application, 02:49.325 --> 02:51.230 PGP, and he developed 02:51.230 --> 02:54.050 his own encryption algorithm to support PGP. 02:54.050 --> 02:56.450 That algorithm is called IDEA, 02:56.450 --> 02:59.425 Internet Data Encryption Algorithm. 02:59.425 --> 03:03.125 PGP doesn't use X.509 certificates. 03:03.125 --> 03:06.080 It uses its own certificates and users 03:06.080 --> 03:07.580 sign each other's certificates in 03:07.580 --> 03:09.680 what turns out to be a Web Of Trust. 03:09.680 --> 03:12.485 If you trust Mark and Mark trust Sally, 03:12.485 --> 03:15.685 then you trust Sally. It works that way. 03:15.685 --> 03:19.130 Also, instead of logging in with passwords, 03:19.130 --> 03:22.100 users use passphrases and those are much more 03:22.100 --> 03:23.900 secure than the eight-character passwords 03:23.900 --> 03:25.825 review traditionally. 03:25.825 --> 03:28.530 The downside is that it's proprietary. 03:28.530 --> 03:31.415 You have to download special software to use it, 03:31.415 --> 03:34.690 but it does provide an alternative to S/MIME. 03:34.690 --> 03:37.110 To recap, we have S/MIME as 03:37.110 --> 03:39.650 the standards-based email application and we have 03:39.650 --> 03:42.245 PGP as a proprietary email application 03:42.245 --> 03:45.240 using IDEA and a Web Of Trust.