 |
 |
 |
| Security Protocols | |||
| Application Layer Security:PGP | |||
| The implementation of security at the application layer is more feasible and simpler, particularly when the Internet communication involves only two parties, as in the case of email and TELNET. | |||
| The sender and the receiver can agree to use the same protocol and to use any type of security services they desire. | |||
| In this section, we discuss one protocol used at the application layer to provide security: PGP. | |||
| Pretty Good Privacy (PGP) was invented by Phil Zimmermann to provide all four aspects of security (privacy, integrity, authentication, and nonrepudiation) in the sending of email. | |||
| PGP uses digital signature (a combination of hashing and public-key encryption) to provide integrity, authentication, and nonrepudiation. | |||
| It uses a combination of secret-key and public-key encryption to provide privacy. Specifically, it uses one hash function, one secret key, and two private-public key pairs. | |||
| The email message is hashed to create a digest. The digest is encrypted (signed) using Sender's private key. The message and the digest are encrypted using the one-time secret key created by sender. | |||
| The secret key is encrypted using receivers public key and is sent together with the encrypted combination of message and digest. | |||
| The combination of encrypted secret key and message plus digest is received. | |||
| The encrypted secret key first is decrypted (using Receiver's private key) to get the one-time secret key created by sender. | |||
| The secret key then is used to decrypt the combination of the message plus digest. | |||
|
|||