12 - - PDF document

12
SMART_READER_LITE
LIVE PREVIEW

12 - - PDF document

Oct 08, 2023 372 likes •576 views

12 Network Security, Principles and Practice,2nd Ed. :

slide-1
SLIDE 1

١

ﻲﻜﻴﻧوﺮﺘﻜﻟا ﺖﺴﭘ ﺖﻴﻨﻣا

ﺮﺑ ﻲﻨﺘﺒﻣﻞﺼﻓ 12بﺎﺘﻛ زا Network Security, Principles and Practice,2nd Ed. ﻂﺳﻮﺗ هﺪﺷ ﺶﻳاﺮﻳو :ﺎﺿر ﺪﻴﻤﺣيرﺎﻳﺮﻬﺷ

http://www.fata.ir http://mehr.sharif.edu/~shahriari

٢

  • ﺐﻟﺎﻄﻣ ﺖﺳﺮﻬﻓ

ﺖﺴﭘ ﺖﻴﻨﻣا ﻲﻜﻴﻧوﺮﺘﻜﻟا يﺎﻬﻴﮔﮋﻳو

PGP

ﺳﺮﻳوﺲيﺎﻫ

PGP

اﻮﻧاعهدﺎﻔﺘﺳا درﻮﻣ يﺎﻫﺪﻴﻠﻛ ﺪﻴﻠﻛ ﺖﻳﺮﻳﺪﻣ

slide-2
SLIDE 2

٣

  • ﻣا ﻪﺑ زﺎﻴﻧﻨﺖﻴ

هدﺎﻔﺘﺳاﺴﮔهدﺮﺘ ﺖﺴﭘ ﺲﻳوﺮﺳ زا وﺮﺘﻜﻟاﻧلدﺎﺒﺗ ياﺮﺑ ﻲﻜﻴ ﺎﻬﻣﺎﻐﻴﭘ ﻧزﺎﻴ زا هدﺎﻔﺘﺳا ﻪﺑ اﺲﻳوﺮﺳ ﻦﻳ ﺑﺮﮕﻳد يﺎﻫدﺮﺑرﺎﻛ ياﺮ

ﻦﻴﻤﻀﺗ طﺮﺷ ﻪﺑﻲﮕﻧﺎﻣﺮﺤﻣ زاﺮﺣا وﺖﻳﻮﻫ

ﻲﮕﻧﺎﻣﺮﺤﻣ دﺎﺠﻳا وﺖﻳﻮﻫزاﺮﺣا ياﺮﺑ شور ود

  • PGP (Pretty Good Privacy)
  • S/MIME (Secure/Multipurpose Internet Mail

Extensions)

٤

  • ﻲﻜﻴﻧوﺮﺘﻜﻟا ﺖﺴﭘ يﺎﻫدادراﺮﻗ
  • SMTP (Simple Mail Transfer Protocol)

دادراﺮﻗ

SMTPﻲﻠﺻا ﻲﻣﻮﻤﻋ وﻦﻳﺮﺗ ﺖﺳا ﻲﻜﻴﻧوﺮﺘﻜﻟا ﺖﺴﭘ دادراﺮﻗ ﻦﻳﺮﺗ.

مﺎﻐﻴﭘ ﻚﻳ يﺎﻫﺪﻛ ترﻮﺼﺑ نآ ﻪﻳآﺮﺳ وﻲﻠﺧاد ﺐﻟﺎﻄﻣ ﺎﺑ هاﺮﻤﻫ ار

ASCII لﺎﺳرا ﻲﻣ ﺪﻨﻛ.

  • SMTP هداد ياﺮﺑ ﻲﺘﻴﻨﻣا ﭻﻴﻫ ﻲﻤﻧ ﻢﻫاﺮﻓ هﺪﺷ لﺎﺳرا يﺎﻫ ﺪﻨﻛ.

هداد ﻲﻣﺮﻴﺴﻣ لﻮﻃ رد ﺎﻫ هﺪﻧاﻮﺧ ﺪﻨﻧاﻮﺗﺎﻳهﺪﺷ ﺪﻧﻮﺷ هداد ﺮﻴﻴﻐﺗ . ﺖﺳا ﺮﻴﻴﻐﺗ ﻞﺑﺎﻗ ﻲﺘﺣاﺮﺑ هﺪﻨﺘﺳﺮﻓ سردآ.

  • MIME (Multipurpose Internet Mail Extensions)
  • MIME ﺖﻳدوﺪﺤﻣ ﻊﻓر ياﺮﺑ ﻪﻛ ﺖﺳا ﻲﻜﻴﻧوﺮﺘﻜﻟا ﺖﺴﭘ دادراﺮﻗ ﻚﻳ يﺎﻫ

SMTP مﺎﻐﻴﭘ وهدﺎﻴﭘ ﻲﻨﺘﻣ يﺎﻫ ﺪﺷيزﺎﺳ.

  • MIME ﭻﻴﻫ ﻲﻤﻧ ﻢﻫاﺮﻓ ﻲﺘﻴﻨﻣا ﻪﻧﻮﮔ ﺪﻨﻛ.
slide-3
SLIDE 3

٥

  • ويﺎﻬﻴﮔﮋﻳ

PGP

اارﺋﻂﺳﻮﺗ هﺪﺷ ﻪ

Phil Zimmermann

هدﺎﻔﺘﺳاﺴﮔهدﺮﺘ زا آناﻮﻨﻌﺑنﺲﻳوﺮﺳ ﭘﻲﻜﻴﻧوﺮﺘﻜﻟا ﺖﺴ ﻦﻣا ﻦﻳﺮﺘﻬﺑ زا هدﺎﻔﺘﺳا يﺎﻬﻤﺘﻳرﻮﮕﻟا ﻚﻳ رد ﺎﻬﻧآ ﺐﻴﻛﺮﺗ ودﻮﺟﻮﻣ يرﺎﮕﻧﺰﻣر

ﺪﻨﭼ يدﺮﺑرﺎﻛ ﻪﻣﺎﻧﺮﺑ هرﻮﻈﻨﻣ

هﺪﻧزادﺮﭘ وﻦﻴﺷﺎﻣ زا ﻞﻘﺘﺴﻣ ياﺮﺟا ﺖﻴﻠﺑﺎﻗ )

Unix ، PC ، Macintosh (...

ﺖﻛﺮﺷ ﺎﻳ ﺖﻟود ﻂﺳﻮﺗ رﺎﺼﺤﻧا مﺪﻋ صﺎﺧ ﺖﺳا ﻲﻧﺎﺠﻣ نآ يراﺰﻓا مﺮﻧ ﻪﺘﺴﺑ وزﺎﺑ ﻦﺘﻣ ﻪﺑ ﻲﺳﺮﺘﺳد

ﺖﻛﺮﺷ ﺎﺑ يدادراﺮﻗ ﻲﻃ نآ يرﺎﺠﺗ ﻪﺨﺴﻧ

viacrypt ﺖﺳا ﻪﻴﻬﺗ لﺎﺣ رد

Sharif Network Security Center ٦

PGP basic Services

slide-4
SLIDE 4

٧

  • ﺴﻳوﺮﺳﻬيﺎ

PGP

ﺮﻴﻴﻐﺗ مﺪﻋ لﺮﺘﻨﻛ:

هﺪﻴﻜﭼ ﺪﻴﻟﻮﺗ160 زا هدﺎﻔﺘﺳا ﺎﺑ ﻪﻴﻟوا مﺎﻐﻴﭘ زا ﻲﺘﻴﺑ

SHA-1

زا هدﺎﻔﺘﺳا

RSA ندﺮﻛ ﺰﻣر ياﺮﺑ هﺪﻨﺘﺳﺮﻓ ﻲﺻﻮﺼﺧ ﺪﻴﻠﻛ وهﺪﻴﻜﭼ

يﺎﻬﺘﻧا ﻪﺑ هﺪﺷ ﺰﻣر هﺪﻴﻜﭼ قﺎﺤﻟا مﺎﻐﻴﭘ زا هدﺎﻔﺘﺳا

RSA ﺖﻤﺳ رد هﺪﻴﻜﭼ ﻲﺑﺎﻳزﺎﺑ ياﺮﺑ هﺪﻨﺘﺳﺮﻓ ﻲﻣﻮﻤﻋ ﺪﻴﻠﻛ ﺎﺑ هﺪﻧﺮﻴﮔ

ﻲﺑﺎﻳزﺎﺑ هﺪﻴﻜﭼ ﺎﺑ نآ ﻪﺴﻳﺎﻘﻣ وهﺪﻧﺮﻴﮔ ﻂﺳﻮﺗ ﺪﻳﺪﺟ مﺎﻐﻴﭘ هﺪﻴﻜﭼ ﺪﻴﻟﻮﺗ

هﺪﺷ

٨

PGP- Authentication Only

slide-5
SLIDE 5

٩

  • ﺴﻳوﺮﺳﻬيﺎ

PGP

ﻣﻲﮕﻧﺎﻣﺮﺤ

ﻲﻓدﺎﺼﺗ دﺪﻋ زا هدﺎﻔﺘﺳا128 ﻲﺘﻴﺑ ناﻮﻨﻌﺑ مﺎﻐﻴﭘ هﮋﻳو ﻪﺴﻠﺟ ﺪﻴﻠﻛ يرﺎﺟ ندﺮﻛﺰﻣر زا هدﺎﻔﺘﺳا ﺎﺑ مﺎﻐﻴﭘ

CAST-128 ﺎﻳ IDEA ﺎﻳ 3DES و ﺪﻴﻟﻮﺗ ﻪﺴﻠﺟ ﺪﻴﻠﻛ هﺪﺷ

ندﺮﻛﺰﻣر زا هدﺎﻔﺘﺳا ﺎﺑ ﻪﺴﻠﺟ ﺪﻴﻠﻛ ﻢﺘﻳرﻮﮕﻟا

RSA ﻲﻣﻮﻤﻋ ﺪﻴﻠﻛ وهﺪﻧﺮﻴﮔ

ﺪﻴﻠﻛ قﺎﺤﻟا هﺪﺷﺰﻣر لﺎﺳرا ومﺎﻐﻴﭘ ﻪﺑ نآ زا هدﺎﻔﺘﺳا

RSA ﺪﻴﻠﻛ ﻲﺑﺎﻳزﺎﺑ وﻲﻳﺎﺸﮔﺰﻣر ياﺮﺑ هﺪﻧﺮﻴﮔ ﻲﺻﻮﺼﺧ ﺪﻴﻠﻛ ﺎﺑ ﻪﺴﻠﺟ

ﻪﺴﻠﺟ ﺪﻴﻠﻛ زا هدﺎﻔﺘﺳا ﺎﺑ هﺪﺷ ﺖﻓﺎﻳرد مﺎﻐﻴﭘ ﻲﻳﺎﺸﮔﺰﻣر

١٠

PGP- Confidentiality Only

slide-6
SLIDE 6

١١

  • ﺴﻳوﺮﺳﻬيﺎ

PGP

ﻣﻲﮕﻧﺎﻣﺮﺤ +اﺖﻳﻮﻫزاﺮﺣ

ﻪﺑ نآ قﺎﺤﻟا وءﺎﻀﻣا ﺪﻴﻟﻮﺗ ﻦﺘﻣ زا هدﺎﻔﺘﺳا ﺎﺑ ﻦﺘﻣ وﺎﻀﻣا ﻪﻋﻮﻤﺠﻣ ندﺮﻛ ﺰﻣر

CAST-128

ﻪﺴﻠﺟ ﺪﻴﻠﻛ قﺎﺤﻟا هﺪﺷﺰﻣر ﺎﺑ ﻢﺘﻳرﻮﮕﻟا

RSA ﻪﻋﻮﻤﺠﻣ ﻪﺑ قﻮﻓ

لوا اﺮﭼاءﺎﻀﻣاﻲﻤﻗر ﻧﺰﻣر ﺲﭙﺳ ودﻮﺷ ﻲﻣ مﺎﺠﮔيراﺬ ؟

ﺑﺺﺨﺷ شور ﻦﻳا ﺎﺛﺎﺚﻟﺎﻀﻣا ﺪﻴﻳﺎﺗ ياﺮﺑ ءﻪﻄﺑار رد ﻲﻧاﺮﮕﻧ عﻮﻧ ﭻﻴﻫ

ﺖﺷاد ﺪﻫاﻮﺨﻧ ﻪﺴﻠﺟ ﺪﻴﻠﻛ ﺎﺑ .

١٢

Confidentiality& Authentication

slide-7
SLIDE 7

١٣

  • ﺴﻳوﺮﺳﻬيﺎ

PGP

ﻓهدﺮﺸﺳﺎيز

ﺶﻴﭘ ترﻮﺻ ﻪﺑ ضﺮﻓﻓﺸﺮيزﺎﺳ هد ﺲﭘ وءﺎﻀﻣا زا ﻞﺒﻗزادﻮﺷ ﻲﻣ مﺎﺠﻧا يراﺬﮔﺰﻣر. ؟ءﺎﻀﻣا زا ﺲﭘ اﺮﭼ

ﺪﻳﺎﺑ ﺎﻀﻣا ومﺎﻴﭘ ناﻮﺘﺑءهدﺮﺸﻓ ﻪﺑ زﺎﻴﻧ نوﺪﺑ ويﺪﻌﺑ ﺪﻴﻳﺎﺗ ياﺮﺑ ار ﻲﻳﺎﺸﮔزﺎﺑ ﺎﻳ ويزﺎﺳ

دﻮﻤﻧ هﺮﻴﺧذ دﺪﺠﻣ.

ﻨﻛ ﻲﻣ هدﺎﻔﺘﺳا توﺎﻔﺘﻣ يزﺎﺳ هدﺮﺸﻓ يﺎﻫ ﻢﺴﻴﻧﺎﻜﻣ زا ﻦﻴﻓﺮﻃ ﻪﻛ ﻲﺗرﻮﺻ رد ﺪﻴﻳﺎﺗ رد ،ﺪﻨ

دﻮﺸﻧ دﺎﺠﻳا ﻲﻠﺧاﺪﺗ ﺎﻀﻣا .

اﺮﭼﻗزاﻞﺒرﮔﺰﻣﺬيرا؟

ﺰﻣر ﺪﻳﺎﺑ ﻪﻛ ﻲﻨﺘﻣ ﻲﮕﻧوﺰﻓا وﻢﺠﺣ ﺶﻫﺎﻛ دﻮﺷ مﺎﻐﻴﭘ يرﺎﻣآ تﺎﻋﻼﻃا ﺶﻫﺎﻛ

١٤

ﺴﻳوﺮﺳﻬيﺎ PGP

ﻆﻔﺣ يرﺎﮔزﺎﺳ

ﻞﻜﺸﻣ:

يﺎﻫ هداد ندﺎﺘﺳﺮﻓ يﺮﻨﻳﺎﺑ ﻦﺘﻣ لﺎﺳرا ياﺮﺑ ﺎﻬﻨﺗ ﻪﻛ ﻲﻜﻴﻧوﺮﺘﻜﻟا ﺖﺴﭘ يﺎﻫ ﺲﻳوﺮﺳ ﻖﻳﺮﻃ زا

ASCII هﺪﺷ ﻲﺣاﺮﻃ ﺪﻧا .

ﻞﺣ هار:

مﺎﺧ يﺎﻫ هداد ﻞﻳﺪﺒﺗ يﺮﻨﻳﺎﺑ ﻦﺘﻣ ﻪﺑ

ASCII :

زا هدﺎﻔﺘﺳاﮕﻟاﻮﻢﺘﻳر

Radix-64

ﻞﻳﺪﺒﺗ3ﻪﺑﺖﻳﺎﺑ 4پﺎﭼ ﻞﺑﺎﻗ ﺮﺘﻛارﺎﻛ

ASCII

اﺿﺎﻪﻓندﺮﻛ

CRCﺎﻬﺘﻧا ﻪﺑ ينآ

هزاﺪﻧا ﻪﺑ ﻦﺘﻣ ﻪﻌﺳﻮﺗ33%زاهدﺎﻔﺘﺳا ﻞﻴﻟد ﻪﺑ

Radix-64 هزاﺪﻧا ﻪﺑ يزﺎﺳ هدﺮﺸﻓ و 50%---<1.33 x 0.5=0.665

ﻪﺠﻴﺘﻧ :هزاﺪﻧا ﻪﺑ يزﺎﺳ هدﺮﺸﻓ1/3

slide-8
SLIDE 8

١٥

  • ﺴﻳوﺮﺳﻬيﺎ

PGP

ﻗﻌﻄﻪيﺪﻨﺑ

ﻣﺤﺖﻳدوﺪ مﺎﻐﻴﭘ هزاﺪﻧا رد ﻞﻴﻤﻳا يﺎﻫ هﺪﻨﻫد ﺲﻳوﺮﺳ ﻲﻟﺎﺳرا امﺎﺠﻧ يﺪﻨﺑ ﻪﻌﻄﻗ ﺗﻂﺳﻮ

PGP ورﺎﻛدﻮﺧ ترﻮﺻ ﻪﺑ ﺲﭘزا ﻧاﺠﻪﻴﻠﻛ مﺎﺤﻣﺎتﺎﺒﺳ وتﻼﻳﺪﺒﺗ

ارﺳلﺎرءﺎﻀﻣا ﺪﻴﻳﺎﺗ وﻪﺴﻠﺟ ﺪﻴﻠﻛ ﻗﻲﻤردﻂﻘﻓاﺘﺑﺪﻪﻌﻄﻗ يا لوا يور زا ﻲﻠﺻا مﺎﻐﻴﭘ ﻲﺑﺎﻳزﺎﺑﻄﻗﻌﺎﻫﻪدﺳرﻤﺮﻴﮔ ﺖﻧهﺪ)ﻞﺒﻗ زا

ﺮﻫ مﺎﺠﻧاﭘﻲﺷزادﺮ(

١٦

slide-9
SLIDE 9

١٧

  • يﺎﻫﺪﻴﻠﻛ درﻮﻣاهدﺎﻔﺘﺳ

PGP عﻮﻧ رﺎﻬﭼ زا ﻛﺪﻴﻠ ﺑﻲﻣ هﺮﻬﺑ ﺮد:

ﻛﺪﻴﻠ نرﺎﻘﺘﻣ ﻳرﺎﺒﻜ ﺮﺼﻣ ف)ﻪﺴﻠﺟ ﺪﻴﻠﻛ( ﻛﺪﻴﻠ ﻲﻣﻮﻤﻋ ﻛﺪﻴﻠ ﺧﻲﺻﻮﺼ ﻛﺪﻴﻠ رﺎﻘﺘﻣنزاﻞﺻﺎﺣ هژاورﺬﮔ)دﺮﻛ ﺰﻣر ياﺮﺑنﻲﺻﻮﺼﺧ يﺎﻫﺪﻴﻠﻛ (

١٨

يﺎﻫﺪﻴﻠﻛ درﻮﻣاهدﺎﻔﺘﺳ

ﺪﻴﻠﻛ ﻪﺴﻠﺟ

ﺮﺼﻣ رﺎﺒﻜﻳ وﻲﻓدﺎﺼﺗ ترﻮﺻ ﻪﺑفﻲﻣدﺎﺠﻳا ددﺮﮔ ﻢﺘﻳرﻮﮕﻟا دﻮﺧ ﻲﻓدﺎﺼﺗ دﺪﻋ ﺪﻴﻟﻮﺗ

CAST-128 ﻲﻣ ﺑﻖﺒﻃ ﺪﺷﺎ اﺳاﺪﻧﺎﺘرد ANSI X12.17

ﮕﻟا ﻮﻢﺘﻳرزاﻪﻴﻟوا راﺪﻘﻣ ﺪﻴﻠﻛ ﻪﺤﻔﺻ يور هﺪﺷ هدﺮﺸﻓ يﺎﻫﺪﻴﻠﻛ يور

ﻲﻣ دﺮﻴﮔ.

ﺲﭙﺳ ﻫﺪﻴﻠﻛﺎترﻮﺻ ﻪﺑ ار ﻪﺴﻠﺟ ي

CFBﻮﺗﻟﻲﻣﺪﻴ ﺪﻨﻛ

slide-10
SLIDE 10

١٩

  • يﺎﻫﺪﻴﻠﻛ درﻮﻣاهدﺎﻔﺘﺳ

ﻣﻪﻠﺌﺴ :ﻦﺘﺷاد نﺎﻜﻣاﻨﭼﺪﻴﻠﻛ جوز ﺪنرﺎﻘﺘﻣﺎﻧ ﺎﺑ طﺎﺒﺗرا ياﺮﺑ ﮔﺮﻫوﻬﻒﻠﺘﺨﻣ يﺎ. رﻞﺣها :ﻣﺸﺨﺺﻚﻳﻪﻠﻴﺳﻮﺑ هﺪﺷ هدﺎﻔﺘﺳا ﺪﻴﻠﻛ ندﻮﻤﻧ ﻪﺳﺎﻨﺷ) Key Identifier (

  • اهدﺎﻔﺘﺳ راﺪﻘﻣ زا (KUa mod 264)ناﻮﻨﻋ ﻪﺑ ﻪﺳﺎﻨﺷ
  • ﺎﻤﺘﺣالﺖﺳا ﻦﻴﻳﺎﭘ رﺎﻴﺴﺑ درﻮﺧﺮﺑ .

Sharif Network Security Center ٢٠

Format of PGP Message

slide-11
SLIDE 11

٢١

  • يﺎﻫﺪﻴﻠﻛ درﻮﻣاهدﺎﻔﺘﺳ

ﻲﺻﻮﺼﺧ ﺪﻴﻠﻛ ﻪﺘﺳد) Private Key Ring (

اﺮﺑينرﺎﻘﺘﻣ ﺎﻧ يﺎﻫﺪﻴﻠﻛ ﺖﻳﺮﻳﺪﻣ دﻮﺷ ﻲﻣ هدﺎﻔﺘﺳا .ﺷﺖﺳا ﺮﻳز دراﻮﻣ ﻞﻣﺎ: 1-ﺪﻴﻠﻛ ﺪﻴﻟﻮﺗ نﺎﻣز 2-ﻪﺳﺎﻨﺷﻛﻠﺪﻴ 3–ﻮﻤﻋ ﺪﻴﻠﻛ ﻣﻲ4-ﻲﺻﻮﺼﺧ ﺪﻴﻠﻛ)ترﻮﺼﺑ ﺰﻣر ﺷهﺪ( 5-ﺷﻪﺳﺎﻨﺎﻣﻟﻠﻛﻚﻴﺪ

ﺪﻴﻠﻛ ﻂﺳﻮﺗ ﻲﺻﻮﺼﺧ ﺪﻴﻠﻛ ﻲﻧرﺎﻘﺘﻣ ﻪﻛ ترﻮﺼﺑ زا يا هﺪﻴﻜﭼ هژاورﺬﮔ ﺮﺑرﺎﻛ

ﻲﻣ ﺰﻣر ،ﺪﺷﺎﺑ ﻲﻣ دﻮﺷ

دﻮﺷ ﻲﻣ هﺮﻴﺧذ ﺶﺒﺣﺎﺻ ﻦﻴﺷﺎﻣ يور ﻲﺻﻮﺼﺧ يﺎﻫﺪﻴﻠﻛ لوﺪﺟ .

٢٢

ﻲﺻﻮﺼﺧ ﺪﻴﻠﻛ لوﺪﺟ

slide-12
SLIDE 12

٢٣

  • يﺎﻫﺪﻴﻠﻛ درﻮﻣاهدﺎﻔﺘﺳ

ﻲﻣﻮﻤﻋ ﺪﻴﻠﻛ ﻪﺘﺳد) Public Key Ring (

ﺷﺖﺳا ﺮﻳز دراﻮﻣ ﻞﻣﺎ: 1-ﺪﻴﻠﻛ ﺪﻴﻟﻮﺗ نﺎﻣز 2-ﻪﺳﺎﻨﺷ ﻛﻠﺪﻴ 3–ﻮﻤﻋ ﺪﻴﻠﻛ ﻣﻲ4-ﻪﺳﺎﻨﺷ ﺮﺑرﺎﻛ 5-ﺖﻴﻨﻣا ﺖﻬﺟ ﺮﮕﻳد ﺪﻠﻴﻓ ﺪﻨﭼ وﺮﺘﺸﻴﺑ ﻤﻫ ﻞﻣﺎﺷ لوﺪﺟ ﻦﻳا ﻪﻮﻤﻋ يﺎﻫﺪﻴﻠﻛ ﻣناﺮﺑرﺎﻛ ﻲدﻳﺮﮕﻛﺮﺑرﺎﻛ ﻦﻳا ياﺮﺑ ﻪ ﺪﺷﺎﺑ ﻲﻣ ،ﺖﺳا ﺺﺨﺸﻣ .

٢٤

Public Key Ring

slide-13
SLIDE 13

Sharif Network Security Center ٢٥

PGP Message Generation

Sharif Network Security Center ٢٦

PGP Reception

slide-14
SLIDE 14

٢٧

  • ﻣﺪﺖﻳﺮﻳ ﺪﻴﻠﻛ

ﻞﻜﺸﻣ :ﻲﻣﻮﻤﻋ يﺎﻫﺪﻴﻠﻛ لوﺪﺟ رد Aﻪﺑﻖﻠﻌﺘﻣ ﺪﺳر ﻲﻣ ﺮﻈﻧ ﻪﺑ ﺪﻴﻠﻛ ﻚﻳ ، ﺮﺑرﺎﻛ Bﻪﺑﻖﻠﻌﺘﻣ ﻊﻗاو رد ﻲﻟو ،ﺖﺳا Cﺖﺳا .ﻪﺠﻴﺘﻧ رد Cﺪﻧاﻮﺗ ﻲﻣ :

يﺎﺠﺑ

Bﻪﺑ Aمﺎﻐﻴﭘ ﺪﺘﺳﺮﻔﺑ

يﺎﻬﻣﺎﻐﻴﭘ زا هﺪﺷ لﺎﺳرا

Aﺖﻤﺳ ﻪﺑ Bارﺪﻧاﻮﺨﺑ

٢٨

رد ﻲﻣﻮﻤﻋ ﺪﻴﻠﻛ ﺖﻳﺮﻳﺪﻣ PGP

ﺖﻳﻮﻫ زاﺮﺣا ﺖﻴﺻﺎﺧ ﺎﺑ ﻲﻣﻮﻤﻋ ﺪﻴﻠﻛ لﺎﺳرا

ﻲﻜﻳﺰﻴﻓ ترﻮﺼﺑ لﺎﻘﺘﻧا

ﻦﻳا ﻪﻜﺒﺷ رد ﺖﺳا ﻲﻠﻤﻋ ﺮﻴﻏ رﺎﻛ.

ﺎﻳ ﻦﻔﻠﺗ ﻂﺳﻮﺗ ﺪﻴﻳﺎﺗ وﻲﻜﻴﻧوﺮﺘﻜﻟا ترﻮﺼﺑ لﺎﻘﺘﻧا…

هﺪﻴﻜﭼ دﻮﺷ ﻲﺳرﺮﺑ ﻚﻟﺎﻣ ﺎﺑ ﻦﻔﻠﺗ ﻖﻳﺮﻃ زا ﻲﺘﻓﺎﻳرد ﺪﻴﻠﻛ زا يا.

ﺖﺳا رﺎﻴﺘﺧا رد يو ﻲﻣﻮﻤﻋ ﺪﻴﻠﻛ ﻪﻛ ﻲﻨﺌﻤﻄﻣ دﺮﻓ ﻂﺳﻮﺗ لﺎﻘﺘﻧا.

ﺮﺑرﺎﻛ ﻲﻣﻮﻤﻋ ﺪﻴﻠﻛ

Bهﺪﺷ ﻪﺘﺧﺎﻨﺷ ﺮﺑرﺎﻛ ﻂﺳﻮﺗ Dﺮﺑرﺎﻛ ﻪﺑ وءﺎﻀﻣا A ﻲﻣ لﺎﺳرا دﻮﺷ.

دﺎﻤﺘﻋا ﻞﺑﺎﻗ ﻊﺟﺮﻣ ﻂﺳﻮﺗ هﺪﺷ ﺪﻴﻳﺎﺗ ﻲﻫاﻮﮔ ترﻮﺼﺑ لﺎﻘﺘﻧا.

slide-15
SLIDE 15

٢٩

  • ﻣﺪﺖﻳﺮﻳ ﺪﻴﻠﻛ
  • PGP

ﻮﻤﻋ يﺎﻫﺪﻴﻠﻛ ﺖﻳﺮﻳﺪﻣ ياﺮﺑ ﻣيﺎﺠﺑ ﻲ CAازمﺎﻨﺑ ﻲﻟﺪﻣ دﺎﻤﺘﻋا ) Trust (ﻲﻣهدﺎﻔﺘﺳاﻛﺪﻨ.

يﺎﻫﺪﻠﻴﻓ

Trust

.١ﺪﻠﻴﻓ

Key Legitimacy :ﺑﻴﺮﮕﻧﺎ دﺎﻤﺘﻋا ناﺰﻴﻣ PGPﺑﻪﻲﻣﻮﻤﻋ ﺪﻴﻠﻛ رﺎﺒﺘﻋا .

.٢ﻓﺪﻠﻴ

signature trust :ﺺﺨﺸﻣ ار يﺮﺑرﺎﻛ ﻲﻣﻮﻤﻋ ﺪﻴﻠﻛ ﻚﻳ ﻪﻛ ﻞﺧﺪﻣ ﺮﻫ ﺖﺳا ﺎﻀﻣا ﺪﻨﭼ ياراد ﺪﻨﻛ ﻲﻣ .ﻦﻳا زا ﻚﻳ ﺮﻫﺎﻫﺎﻀﻣاﺪﻨﺘﺴﻫ دﺎﻤﺘﻋا ﻪﺟرد ﻚﻳ ياراد .

.٣ﺪﻠﻴﻓ

  • wner trust

:ناﺰﻴﻣ ﺮﮕﻧﺎﻴﺑﺘﻋاﻤدﺎياﺮﺑ ﺪﻴﻠﻛ ﺐﺣﺎﺻ ﻪﺑ ﺗﺪﻴﻳﺎ رﺎﺒﺘﻋا ﺮﮕﻳد ﻲﻣﻮﻤﻋ يﺎﻫﺪﻴﻠﻛ)ﻲﻫاﻮﮔ.(

  • ناﻮﻨﻋ ﺖﺤﺗ ﺖﻳﺎﺑ ﻚﻳ ﻞﺧاد رد قﻮﻓ ﺪﻠﻴﻓ ﻪﺳ ﺮﻫ

trust flag يراﺪﻬﮕﻧ ﺪﻧﻮﺷ ﻲﻣ.

٣٠

Trust Flag Bytes

slide-16
SLIDE 16

Sharif Network Security Center ٣١

Trust Model Example

٣٢

  • ﻣﺪﺖﻳﺮﻳ ﺪﻴﻠﻛ

ﻪﺘﻜﻧ ﺪﻨﭼدﻗﻞﻜﺷ درﻮﻣ رﺒﻞ

.١ﻟ،ﺪﻨﺷﺎﺑ ﻲﻣ ﺮﺑرﺎﻛ ﻚﻳ دﺎﻤﺘﻋا درﻮﻣ ﻪﻛ ﻲﻧاﺮﺑ رﺎﻛ يﺎﻫﺪﻴﻠﻛﺰﺎﻣو وﻂﺳﻮﺗ يهﺪﺸﻧ ءﺎﻀﻣا ﺪﻧا)ﺪﻨﻧﺎﻣ

L (

.٢ﻪﻛ يﺮﺑرﺎﻛ ود ﺮﮔا ﻻﻮﻤﻌﻣ ﺪﻴﻳﺎﺗ درﻮﻣ ﻪﻃﻮﺑﺮﻣ ﺪﻴﻠﻛ ،ﺪﻨﻨﻛ ءﺎﻀﻣا ار يﺪﻴﻠﻛ ﺪﻨﺘﺴﻫ دﺎﻤﺘﻋا ﻞﺑﺎﻗ

دﺮﻴﮔ ﻲﻣ راﺮﻗ ) Aو B (

.٣ﺎﻣوﺰﻟ ،ﺖﺳا هﺪﺷ ﺪﻴﻳﺎﺗ ﻪﻛ يﺪﻴﻠﻛﻲﻤﻧ دور رﺎﻜﺑ يﺮﮕﻳد ﺪﻴﻠﻛ يﺎﻀﻣا ﺪﻴﻳﺎﺗ ياﺮﺑ ﺪﻧاﻮﺗ )ﺪﻨﻧﺎﻣ

N (

.ﺴﻣ ترﻮﺻ ﻪﺑ ﺖﺳا ﻦﻜﻤﻣ ،ﺖﺳا هﺪﺷ ءﺎﻀﻣا ﻢﻴﻘﺘﺴﻣﺮﻴﻏ رﻮﻄﺑ ﻪﻛ يﺮﺑرﺎﻛ ﺪﻴﻠﻛ ءﺎﻀﻣا ﺰﻴﻧ ﻢﻴﻘﺘ

دﻮﺷ)ﺪﻴﻠﻛ ﺪﻨﻧﺎﻣ E ّﻂﺳﻮﺗ ﻪﻛ Fو You ﺖﺳا هﺪﺷ ﺎﻀﻣا ﻢﻴﻘﺘﺴﻣ وﻢﻴﻘﺘﺴﻣﺮﻴﻏ ترﻮﺻ ﻪﺑ (

slide-17
SLIDE 17

٣٣

  • Simple Mail Transfer

Protocol (SMTP, RFC 822)

  • SMTP Limitations - Can not transmit, or has a

problem with:

  • executable files, or other binary files (jpeg

image)

  • “national language” characters (non-ASCII)
  • messages over a certain size
  • ASCII to EBCDIC translation problems
  • lines longer than a certain length (72 to 254

characters)

٣٤

  • Header fields in MIME
  • MIME-Version: Must be “1.0” -> RFC 2045, RFC

2046

  • Content-Type: More types being added by

developers (application/word)

  • Content-Transfer-Encoding: How message has

been encoded (radix-64)

  • Content-ID: Unique identifying character string.
  • Content Description: Needed when content is not

readable text (e.g.,mpeg)

slide-18
SLIDE 18

٣٥

  • S/MIME Functions

Enveloped Data: Encrypted content and

encrypted session keys for recipients.

Signed Data: Message Digest encrypted

with private key of “signer”.

Clear-Signed Data: Signed but not

encrypted.

Signed and Enveloped Data: Various

  • rderings for encrypting and signing.

٣٦

  • Algorithms Used

Message Digesting: SHA-1 and MD5 Digital Signatures: DSS Secret-Key Encryption: Triple-DES,

RC2/40 (exportable)

Public-Private Key Encryption: RSA with

key sizes of 512 and 1024 bits, and Diffie- Hellman (for session keys).

slide-19
SLIDE 19

٣٧

  • User Agent Role
  • S/MIME uses Public-Key Certificates - X.509 version 3

signed by Certification Authority

  • Functions:
  • Key Generation - Diffie-Hellman, DSS, and RSA

key-pairs.

  • Registration - Public keys must be registered with

X.509 CA.

  • Certificate Storage - Local (as in browser

application) for different services.

  • Signed and Enveloped Data - Various orderings for

encrypting and signing.

٣٨

  • User Agent Role

Example: Verisign (www.verisign.com)

Class-1: Buyer’s email address

confirmed by emailing vital info.

Class-2: Postal address is confirmed as

well, and data checked against directories.

Class-3: Buyer must appear in person,

  • r send notarized documents.
slide-20
SLIDE 20

٣٩

  • Recommended Web

Sites

PGP home page: www.pgp.com MIT distribution site for PGP S/MIME Charter S/MIME Central: RSA Inc.’s Web Site

٤٠

نﺎﻳﺎﭘ

؟