Application Security
There are few application security protocols which are of interest to us .
a) PGP
b)
S/MIME
c)
SSL/TLS
d) SSH
PGP:
PGP comes in two versions, PGP 2.x (sometimes referred to as PGP classic) and OpenPGP.
PGP 2.x is
deprecated but still enjoys some popularity because of the open availability of its source code, because support for it
is built in to a lot of existing software,and because it’s seen as good enough by many users who see no pressing need
to upgrade. In general though the more modern OpenPGP format is the preferred one,and because it’s functionally
(if not bits-on-the-wire) identical to PGP 2.x in most cases, only OpenPGP is considered here. Where the term PGP
is used in the text, the OpenPGP format should be assumed unless explicit reference to PGP 2.x is made, with
Elgamal key exchange and DSA signatures (OpenPGP) or RSA key exchange and signatures (PGP 2.x).
S/MIME:
S/MIME also comes in a variety of versions that differ mostly in name. S/MIME is something of a misnomer since
it merely refers to a MIME wrapping of an underlying cryptographic message format, and it’s the underlying format that contains the security mechanisms. The original S/MIME was the PKCS #7 cryptographic message format
wrapped in MIME. When the IETF took over PKCS #7 from RSA Data Security, the format was renamed
Cryptographic Message Syntax (CMS), with the result when wrapped in MIME again being called
S/MIME . CMS added a few (rarely-used) extensions to PKCS #7 and cleaned up some minor problems, but
by and large the version that’s normally used is identical to PKCS#7.The term S/MIME refers to
PKCS #7/CMS with RSA key exchange and RSA/DSA signatures, the only version supported by most
implementations.
SSL/TLS :
SSL comes in two major and one minor versions. SSL( SSLv3) and TLS(SSLv3.1) are
identical save for a few minor protocol details and a switch from the HMAC (hashed message authentication
code) used in SSLv3 to the actual HMAC in TLS, along with accompanying
minor changes in the way the HMAC was used. TLS 1.1(SSLv3.2) is a minor tweak of TLS to include
explicit initialization vectors (IVs) in messages to counter a (somewhat unlikely) attack against SSLv3/TLS 1.0,
which used the last block of the preceding packet as the IV .
TLS supports a wide range of security mechanisms (cipher suites in TLS terminology), but in practice the only one ever used is RSA key exchange with RSA (or very rarely DSA) signatures, a choice popularised originally by Netscape and then by Microsoft’s Netscape compatible SSL implementation. Most applications don’t support any of the others, so we can restrict ourselves to examining only this option rather than the full fifty-four possible cipher suites.
SSH :
SSH comes in two versions, 1 and 2, of which version 1 has mostly fallen out of use due to widely publicized attacks against both the protocol and individual implementations. SSH version 2 is a complete re-design of the original resulting in a protocol very similar to SSL when DH key agreement is used. This similarity wasn’t because of any deliberate attempt to copy SSL (quite the opposite), but because the most straightforward (and secure) design for a protocol of this type tends to end up looking like SSL/SSHv2.