Distributed Systems Security
|
|
- Jasper Gray
- 8 years ago
- Views:
Transcription
1 Distributed Systems Security Protocols (Application Layer) Prof. Dr. Stefan Fischer Institut für Telematik, Universität zu Lübeck
2 Overview Security on the Application Layer Mostly message-based security Example: Basics of (Format, MIME, SMTP) System Examples: PGP and S/MIME Example: XML Messaging / Web Service Security XML Encryption and XML Signature WS-Security Security - 07c Network and Transport Layer #2
3 SMTP and Security Basics Security - 04 Cryptology #3
4 Security - 04 Cryptology #4 SMTP Basics Mail client (MUA, mail user agent) sends a mail to its mail server (MSA, mail submission agent) MSA delivers mail to mail transfer agent (MTA) MTA look up the mail exchanger record (MX record) for the recipient's domain Forwards mail to destination MTA Destination MTA forwards mail to mail delivery agent (MDA) Saves the message in the recipients mailbox Clients use IMAP, POP, web interfaces, etc. to receive s MUA MSA MTA MTA MDA MUA SMTP SMTP POP, IMAP,...
5 Message Format Simple, text-based format Message comprised of headers and body Header Blank line Body From: Dennis Pfisterer To: Subject: HiWi Job zu vergeben Content-Type: text/plain; charset=iso Content-Transfer-Encoding: 8bit [...more headers...] Hallo allerseits, [...] Viele Grüße, Dennis Security - 04 Cryptology #5
6 Message Format: Issues Only supports 7-bit ASCII characters What about other characters? What about binary data? Traditional solution: Base64 encoding (increases size by ~30%) Solution: Multipurpose Internet Mail Extensions (MIME) Defined in RFC 5322 MIME extends the format to support Non-ASCII characters (body and headers) Message body comprised of multiple parts Security - 04 Cryptology #6
7 Security - 04 Cryptology #7 MIME Headers MIME defines new headers Inform receivers about the content type and format of messages Indication that the MIME format is used Header MIME-Version: 1.0 is present Identification of the content type Comprised of a type and subtype E.g. Content-type: text/plain; charset=iso Identification of the content encoding during transfer 7bit for standard SMTP or 8bit for extended SMTP quoted-printable : encodes non-printable characters (e.g., Universit=E4t zu L=FCbeck ) Base64 : content is Base64-encoded E.g., Content-Transfer-Encoding: quoted-printable
8 Security - 04 Cryptology #8 MIME Types RFC 2046 defines a set of major and minor types for different types of content Originally only intended for the Content-Type header field Today, the MIME-type is used in many different contexts File Extensions.htm.html.txt.gif.png.jpg.jpeg.gz.ai.eps.ps.exe.bin.zip.avi.pdf MIME Content Type text/html text/plain image/gif image/png image/jpeg application/x-gzip application/postscript application/octet-stream application/x-zip-compressed video/x-msvideo application/pdf Important major types Text, Image, Audio, Video Application Multipart Message.doc.docx application/msword.js text/javascript.qt.mov video/quicktime.mpeg.mpg.mpe video/mpeg.wav audio/x-wav.rtf application/rtf
9 Security - 04 Cryptology #9 MIME Type multipart Allow messages to be composed of several parts Major type multipart supports a variety of different minor types multipart/alternative Allows the same content to be represented in different formats (e.g., text/plain and text/html) Only the most suitable one is shown to the user multipart/digest Groups multiple text messages into one document multipart/mixed Allows an to be composed of multiple parts with different content types multipart/related Each part is a component of an aggregate whole E.g., HTML- (text/html) plus referenced images (text/jpg)
10 MIME Type multipart Parts are separated by boundaries Boundary ID specified in the contenttype header Individual parts are separated with boundary lines Start of a part: -- + Boundary ID After last part -- + Boundary ID + -- Multiparts may be nested MIME-Version: 1.0 From: Dennis Pfisterer <XXXXXXX@itm.uniluebeck.de> To: Dennis Pfisterer <XXXXXXX@itm.uni-luebeck.de> Content-Type: multipart/alternative; boundary= boundary" This is a multi-part message in MIME format. --boundary Content-Type: text/plain; charset=iso ; format=flowed Content-Transfer-Encoding: 7bit Das ist eine Testmail. --boundary Content-Type: text/html; charset=iso Content-Transfer-Encoding: 7bit Example multipart/alternative on the first level to allow for non-html MUAs multipart/related on the second level to include images referenced in the HTML document <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso "> </head> <body bgcolor="#ffffff" text="#000000"> Das ist eine Testmail. </body> </html> --boundary-- Security - 04 Cryptology #10
11 Security - 04 Cryptology #11 Example: Nested multiparts From: Dennis Pfisterer <XXXXXX@itm.uni-luebeck.de> MIME-Version: 1.0 To: Dennis Pfisterer <XXXXXXX@itm.uni-luebeck.de> Subject: Testmail mit Bild Content-Type: multipart/alternative; boundary= " This is a multi-part message in MIME format Content-Type: text/plain; charset=iso ; format=flowed Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=iso Content-Transfer-Encoding: 7bit <html><head><meta http-equiv="content-type" content="text/html; charset=iso "></head> <body bgcolor="#ffffff" text="#000000"> Das ist eine Testmail mit Bild. <br><br> <img src="cid:part @itm.uniluebeck.de"><br><br> </body> </html> Das ist eine Testmail mit Bild Content-Type: multipart/related; boundary= " [...] Content-Type: image/png; name="logoitm.png" Content-Transfer-Encoding: base64 Content-ID: <part @itm.uni-luebeck.de> Content-Disposition: inline; filename="logoitm.png" ivborw0kggoaaaansuheugaaasaaaabxcayaaack05hn AAAAAXNSR0IArs4c6QAAAAZiS0dE [...] +yygtayedap/dxjmkwtsbjanaaaaaelftksuqmcc
12 SMTP Protocol Text-based, human-readable protocol Client issues commands, server responds with status code and human-readable description Initially, the client sends a HELO command (e.g., HELO example.com) and server replies (e.g., 250 itm01.itm.uniluebeck.de) SMTP sessions consists of zero or more SMTP transactions Each transaction comprises a sequence of MAIL, one or more RCPT, and one DATA command After the DATA command, the is sent Finalized by a blank line with. Security - 04 Cryptology #12
13 SMTP Protocol Example Client initially performs a HELO handshake Client then communicates sender, recipient, and message 220 itm01.itm.uni-luebeck.de ESMTP Postfix (Debian/GNU) HELO example.com 250 itm01.itm.uni-luebeck.de MAIL FROM: XXXXXXX@itm.uni-luebeck.de Ok RCPT TO: XXXXXX@itm.uni-luebeck.de Ok DATA 354 End data with <CR><LF>.<CR><LF> From: Dennis Pfisterer <XXXXXXX@itm.uni-luebeck.de> To: XXXXXX@informatik.uni-luebeck.de Subject: HiWi Job zu vergeben Content-Type: text/plain; charset=iso Content-Transfer-Encoding: 8bit Hallo allerseits, [...] Viele Grüße, Dennis Ok: queued as F8E1 quit Bye Security - 04 Cryptology #13
14 Security - 04 Cryptology #14 SMTP Protocol Example Example shows received message at the client Contains more / different headers than the original message Headers are modified by transit systems E.g., to support debugging or to add antispam headers Return-Path: <XXXXXXX@itm.uni-luebeck.de> X-Original-To: XXXXXXX@itm.uni-luebeck.de Delivered-To: XXXXXXX@itm.uni-luebeck.de Received: from example.com (localhost.localdomain [ ]) by itm01.itm.uni-luebeck.de (Postfix) with SMTP id F8E1 for <XXXXXXX@itm.uni-luebeck.de>; Mon, 18 Jun :05: (CEST) From: Dennis Pfisterer <XXXXXXX@itm.uni-luebeck.de> To: XXXXXX@informatik.uni-luebeck.de Subject: HiWi Job zu vergeben Content-Type: text/plain; charset=iso Content-Transfer-Encoding: 8bit Message-Id: < F8E1@itm01.itm.uniluebeck.de> Date: Mon, 18 Jun :05: (CEST) Hallo allerseits, [...] Viele Grüße, Dennis
15 ESMTP Extensions Instead of sending HELO, clients send EHLO (Extended HELLO) Servers supporting ESMTP answer with a list of supported extensions ip2.rz.uni-luebeck.de EHLO example.com 250-ip2.rz.uni-luebeck.de 250-8BITMIME 250 SIZE itm01.itm.uni-luebeck.de EHLO example.com 250-itm01.itm.uni-luebeck.de 250-PIPELINING 250-SIZE VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Servers not supporting ESMTP answer with an error code Server not supporting ESMTP EHLO example.com Error: command not recognized Security - 04 Cryptology #15
16 ESMTP Extension: STARTTLS Generic extension to plain text protocols Method to upgrade existing, unsecured connections to TLS protected ones Allows offering the same service unencrypted and encrypted on the same port (e.g., 25 for mail) Protocol remains unchanged after the initial upgrade Defined for many well-known protocols SMTP (RFC 3207) IMAP and POP3 (RFC 2595) XMPP (RFC 3920) LDAP (RFC 2830) NNTP (RFC 4642) 220 mail.example.org ESMTP service EHLO example.org 250-mail.example.org welcomes you 250 STARTTLS STARTTLS 220 Go ahead <client and server TLS negotiation> EHLO example.org... Unmodified protocol over secure TLS connection Security - 04 Cryptology #16
17 ESMTP Extension: STARTTLS for SMTP Mostly used for MUA MTA interactions i.e., clients sending mail Due to spam issues, many MTAs only accept mail for the served domain or require clients to authenticate before relaying mail Often, authentication involves transmission of the password in plain text Requires a safe communication channel Often provided using TLS and the STARTTLS extension of SMTP Security - 04 Cryptology #17
18 Security: Motivation Data passed in plaintext between SMTP servers No protection of confidentiality, integrity, and authenticity Sender Often TLS secured and authenticated No confidentiality, no authenticated connections Data processed on untrusted systems Receiver Sender SMTP Organization Outgoing SMTP Intermediate SMTP Organization Incoming SMTP SPAM Filter Appliance Receiver SMTP Security - 04 Cryptology #18
19 Security Objectives for Which security objectives are important for ? Confidentiality? Authenticity? Integrity? Non-Repudiation? Access Control? Availability? Typically implemented security objectives Confidentiality End-to-end encryption Integrity Avoid undetected changes Authenticity Detect forged s Non-Repudiation Requires electronic signatures Security - 04 Cryptology #19
20 Pretty Good Privacy (PGP) Security - 04 Cryptology #20
21 Pretty Good Privacy Pretty Good Privacy (PGP) First Release by Phil Zimmermann (1991) For practical and simplified use of strong cryptography Designed for confidential and authenticated Extended for securing documents and network traffic... SET PGP Kerbero s HTTP IP / IPSec SMTP S/MIM E PGP initially limited to the US Due to laws limiting export of weapons Code published as a book and sold world-wide (freedom of speech) Text was scanned and OCRed by volunteers PGPi Since 1998 OpenPGP is standardized by the IETF [rfc ] An open source implementation of OpenPGP is Security - 07b Application Layer #21
22 Pretty Good Privacy A user owns one or multiple asymmetric key pairs Users claim to own a certain public key Public & Private Key Pair... Public & Private Key Pair PGP doesn t use a classical public key infrastructure to certify <identity, public-key> pairs + Public Key Requires a safe key distribution scheme Security - 04 Cryptology #22
23 Security - 04 Cryptology #23 PGP Key Distribution Physical exchange USB stick, CD,... Exchange via Internet Via , web pages, PGP key server,... Requires follow-up checks E.g., phone connection with verification of key fingerprint Alternative: web of trust Users digitally sign key of others
24 PGP Web of Trust Users sign <identity, public-key> pairs of others Forms a directed graph of signatures Different trust levels associated with the signature (depending on the types of checks performed) Unknown Not Trusted Marginal (some checks performed) Complete (full trust) Ultimate (own private key) Complete Alice Bob Peter Ultimate Marginal Carl Marginal Security - 04 Cryptology #24
25 PGP Web of Trust Signatory Trust Bob signs Carl s key; Alice trusts Bob Only complete or marginal signatures are used Alice assigns Carl s key the same trust level as Bob Key Legitimacy Trust in key authenticity is calculated from signatory trust Complete Marginal Alice Bob x: Number of signatures with signatory trust marginal y: same with complete X: Number of required marginal signatures for a key to be considered authentic (often 2) Y: same with complete signatures (often 1) Carl key_leg = (x/x) + (y/y) = 0: untrusted; < 1: partially authentic; >=1 fully authentic Security - 04 Cryptology #25
26 Security - 04 Cryptology #26 Figure source: PGP Key Signing Parties People meet in person to sign a number of keys They upload their signatures to a key server Improves web of trust by adding a lot of strongly verified keys
27 PGP: Authentication & Integrity PGP uses cryptographic hash values to protect integrity These are digitally signed to proof the authenticity of messages Algorithms Cryptographic hashes: RIPEMD-160, MD5, SHA-1, SHA-2, and Tiger Digital signatures algorithms: DSA and RSA M h(m) E KPriv,a (h(m)) M + signed hash Zip Zip -1 M + signed hash h(m) Compare D KPub,a (signed-hash) Security - 04 Cryptology #27
28 PGP: Confidentiality PGP uses hybrid encryption (asymmetric + symmetric) A temporary symmetric key is generated (session key) Message is encrypted symmetrically with the session key Session key is encrypted asymmetrically (one or more times and appended to the message ciphertext) Public keys used are those of the sender and all receivers Advantages of hybrid encryption Multiple recipients with only one message ciphertext (less bandwidth) Symmetric encryption is much faster Algorithms Block ciphers: CAST5, Camellia, Triple DES, AES, Blowfish, and Twofish Asymmetric-key ciphers: ElGamal and RSA Security - 04 Cryptology #28
29 Security - 07b Application Layer #29 PGP: Confidentiality Sender Generates random session key K Message is compressed and symmetrically encrypted with K K is asymmetrically encrypted with receivers public key and appended to the message Receiver Uses its private key to decrypt K Decrypt message with K and decompress message Sender A Receiver B M Z M' E K E C D D K M' Z -1 M KUB KRB
30 PGP: Compatibility with PGP generates binary data Compressed and encrypted data Standard format only supports 7 bit data Solution could be to use MIME For compatibility, another solution has been chosen PGP encodes binary data with printable ASCII characters Uses Base64 algorithm with additional CRC appended This extension is called Radix-64 (see next slide) Application Data Add Signature Compress Encrypt Add KeyInfo Base64 + CRC Security - 07b Application Layer #30
31 Security - 04 Cryptology #31 Radix-64 Blocks of three bytes are encoded with four characters Replacement characters determined by 6 Bit value (0-63) Text length % 3!= 0: zero bits padded Number of padded characters indicated by one or two = characters at the end Additionally adds a CRC-24 value Polynomials specified in RFC2440 Properties Increases text size by ~30% Not even partially readable (cf. quoted printable) Byte #1 Byte #2 Byte # Character #1 Character #2 Character #3 Character #4 Value Char Value Char Value Char Value Char 0 A 16 Q 32 g 48 w 1 B 17 R 33 h 49 x 2 C 18 S 34 i 50 y 3 D 19 T 35 j 51 z 4 E 20 U 36 k F 21 V 37 l G 22 W 38 m H 23 X 39 n I 24 Y 40 o J 25 Z 41 p K 26 a 42 q L 27 b 43 r M 28 c 44 s N 29 d 45 t O 30 e 46 u P 31 f 47 v 63 /
32 PGP Standard Message Format Header Body From: Dennis Pfisterer MIME-Version: 1.0 To: Dennis Pfisterer Subject: Test message - PGP signed and encrypted Content-Type: text/plain; charset=iso Content-Transfer-Encoding: quoted-printable -----BEGIN PGP MESSAGE----- Charset: ISO Version: GnuPG v (MingW32) Comment: GnuPT v3.6.3 Comment: Using GnuPG with Mozilla - =20 hqioa00tjphncwtneagaqmlfk63y4seux5idrqo4acajerndurcwtpsxwprw ZQs4 [...] cysmpuqwdejdmggydy3mbo0b4ifi1kvbjqxnj1kvwzhvqjadvqdymbkcuttyn 6XG GCNce+M=3D =3DBKO END PGP MESSAGE----- Security - 07b Application Layer #32
33 Security - 07b Application Layer #33 PGP/MIME Message Format To: Dennis Pfisterer <xxxxxx@itm.uni-luebeck.de> From: Dennis Pfisterer <xxxxxx@itm.uni-luebeck.de> MIME-Version: 1.0 Subject: Test message - PGP signed and encrypted Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="enigf6545c92" This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156) --enigf6545c92 Content-Type: application/pgp-encrypted Content-Description: PGP/MIME version identification Version: 1 --enigf6545c92 Content-Type: application/octet-stream; name="encrypted.asc" Content-Description: OpenPGP encrypted message Content-Disposition: inline; filename="encrypted.asc" -----BEGIN PGP MESSAGE----- Version: GnuPG v (MingW32) hqioa00tjphncwtneagaz+vwfstebf/jd0tl5jtfq84m6ozpqkmjgmb4hymzmldw [...] =1JfL -----END PGP MESSAGE enigf6545c92--
34 Issues with PGP No infrastructure / PKI Users select trust level of keys Users must transitively trust others Hard to revoke compromised keys Privacy Private key contains personal data ( addresses) Web of Trust can be used to analyze relationships with other users Security - 07b Application Layer #34
35 Secure/Multipurpose Internet Mail Extensions (S/MIME) Security - 04 Cryptology #35
36 Secure/Multipurpose Internet Mail Extensions Standard for public key encryption and signing of MIME data Mostly used by organizations that operate and use a PKI Signatures based on X.509 certificates... SET PGP Kerbero s HTTP IP / IPSec SMTP S/MIM E Originally developed by RSA Data Security Inc. Now standardized by the IETF RFC 3850 (Certificate Handling) [rfc ] RFC 3851 (Message Specification) [rfc ] Initially used PKCS#7 as format Later changed to Cryptographic Message Syntax Specified in RFCs 3369, 3370 [rfc , rfc3370- Security - 04 Cryptology #36
37 S/MIME Definition of new MIME Content Types Enveloped Data Encrypted content of arbitrary (inner) type Use of hybrid encryption (just like PGP) Symmetric session key encrypted with public keys of sender and recipients Signed Data Message digest (cryptographic hash) of a MIME part are digitally signed with the private key of the sender Signed-and-Enveloped Data Combination of both Security - 04 Cryptology #37
38 Security - 07b Application Layer #38 S/MIME Entity: Enveloped (Encrypted) Data MIME entity K E KUB E Certs Key info C b64 S/MIME Header S/MIME body S/MIME envelope S/MIME entity
39 S/MIME Entity: Enveloped (Encrypted) Data From: Dennis Pfisterer MIME-Version: 1.0 To: Dennis Pfisterer Subject: S/MIME Test Content-Type: application/pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7m" Content-Description: S/MIME Encrypted Message MIAGCSqGSIb3DQEHA6CAMIACAQAxggGjMIIBnwIBADCBhjB7MQswCQYDVQQGEwJERT EgMB4G A1UEChMXVW5pdmVyc2l0YWV0IHp1IEx1ZWJlY2sxJzAlBgNVBAMTHkNBIGRlciBVbml2ZXJ z [ ] dko7r+9413cb/fcwgayjkozihvcnaqcbmbqgccqgsib3dqmhbagdlezkiy+2oqcabhiehjf j 134+krNo74glU1Ozungs9NMlBYL3Jx18Pvat/ENUV2MWkjGA85kYFYZigvG2+gbL0epJjfYm HPGgWmmwY93VFaTfm9ixbh9k5/IlP/CjISR9YDBkJVnKYiMdJqqTaW+6U/a0MIXXa/eQZ3c4 Security - 04 Cryptology #39
40 Security - 07b Application Layer #40 S/MIME Entity: Signed Data MIME entity H KRA E Certs Sig MIME entity b64 S/MIME Header S/MIME body S/MIME signed-data S/MIME entity
41 S/MIME Entity: Signed Data From: Dennis Pfisterer MIME-Version: 1.0 To: Dennis Pfisterer Subject: S/MIME signature test Content-Type: multipart/signed; protocol="application/pkcs7-signature ; micalg=sha1; boundary=" ms " This is a cryptographically signed message in MIME format ms Content-Type: text/plain; charset=iso Content-Transfer-Encoding: quoted-printable This is an S/MIME signature test ms Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOcjCC [...] byoqr9x22qplroaarhoqxacrpt5oqfnvbl5v48f1f/k84mnymrgjbovsf7aryqhqusdur8tb feu/aaaaaaaa ms Security - 04 Cryptology #41
42 Security - 04 Cryptology #42 S/MIME Entity: Signed Data with Attachment From: Dennis Pfisterer <pfisterer@itm.uni-luebeck.de> MIME-Version: 1.0 To: Dennis Pfisterer <pfisterer@itm.uni-luebeck.de> Subject: S/MIME attachment test Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=" ms " This is a cryptographically signed message in MIME format ms Content-Type: multipart/mixed; boundary=" " This is a multi-part message in MIME format Content-Type: text/plain; charset=iso Content-Transfer-Encoding: quoted-printable This is an S/MIME attachment test Content-Type: image/png; name="screenshot.png" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="screenshot.png" ivborw0kggoaaaansuheugaaa14aaanjcayaaac6pmubaaaaaxnsr0iars4c6qaaaarnqu1b [...] ig6uva24aaaaaelftksuqmcc ms Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOcjCC [...] QYkMtV8lI7ov6Hpm4YEoYPdSRASo1IFm57RQMS+quVsrz5DZ9GBcywmWmcVAsWn2ZZGTypoJ iwkwaaaaaaaa ms
43 Web Service Sicherheit Security - 04 Cryptology #43
44 Sicherheit Die Kombination von Authentifizierung und HTTPS schützt vor Mithören der Nachrichten Unbefugtem Zugriff auf die Ressourcen Einfache und trotzdem mächtige Kombination Trotzdem sind Verbesserungen nötig Schutz der Nachrichten vor Veränderungen Transportunabhängige Verschlüsselungen
45 Sicherheit auf Nachrichtenebene Deshalb setzt man oft auf Sicherheitsmechanismen, die auf Nachrichtenebene ansetzen. Aktuelle Ansätze: XML Encryption XML Signature XML Encryption: Verschlüsselung auch von Teilen einer Nachricht die Nachricht kann zwischen mehreren Stationen weiter vermittelt werden XML Signature: liefert Authentifizierung des Senders, Integrität der Nachricht, Zurechenbarkeit zu einer Person und Nicht- Anfechtbarkeit der Transaktion
46 XML Encryption Granularität der Verschlüsselung: Es kann ein komplettes Element verschlüsselt werden, also dessen Inhalt (der selbst wieder aus Kindelementen bestehen kann) und sein Name (Tag). Damit wird sowohl der eigentlich wichtige Inhalt als auch die Tatsache, dass ein Element dieses Typs übertragen wird, verschleiert. Es kann nur der Inhalt des Elements verschlüsselt werden. Dies ist eine sinnvolle Variante, wenn es keine Rolle spielt, ob die Tatsache der Übertragung eines bestimmten Elements bekannt wird. Schließlich kann auch ein ganzes XML-Dokument verschlüsselt werden. Unterschiedliche Teile eines Dokuments können für unterschiedliche Empfänger verschlüsselt werden. Es kann eine Vielzahl Verschlüsselungsverfahren eingesetzt und kombiniert werden. Je weniger verschlüsselt wird, desto schneller ist der Prozess.
47 Beispiel: Kreditkartennummer <soapenv:body> <ns1:buche xmlns:ns1=" webair.de/buchung"> <flugnummer>wa417</flugnummer> <sitze>3</sitze> <datum> t12:00:00.000z</datum> <preis>eur 1399,00</preis> <karte> <typ>easycredit</typ> <nummer> </nummer> <besitzer>ws-reisen</besitzer> <gueltig-bis> </gueltig-bis> </karte> </ns1:buche> </soapenv:body>
48 Verschlüsselung <soapenv:body> <ns1:buche xmlns:ns1=" <flugnummer>wa417</flugnummer> <sitze>3</sitze> <datum> t12:00:00.000z</datum> <preis>eur 1399,00</preis> <EncryptedData Id="ed1" Type=" xmlns=" <EncryptionMethod Algorithm=" <KeyInfo xmlns=" <EncryptedKey xmlns=" <EncryptionMethod Algorithm=" xmlenc#rsa-1_5"/> <KeyInfo xmlns=" <KeyName>Web Air</KeyName> </KeyInfo> <CipherData> <CipherValue>MEn/q Nc2OwS</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>aQgT RGOqoh5Y=</CipherValue> </CipherData> </EncryptedData> </ns1:buche> </soapenv:body>
49 XML Signature Realisierung von digitalen Signaturen für XML-Dokumente. Eine XML-Signatur kann auf drei verschiedene Arten mit dem unterschriebenen Objekt in Verbindung stehen. Sie kann selbst in das Objekt eingebettet sein, dann spricht man von einer Enveloped Signature. Das Objekt kann in die Signatur eingebettet sein, dann bezeichnet man dies als Enveloping Signature. Das Objekt kann sich an einem ganz anderen Ort befinden, der über eine URI referenziert wird, wobei man dann von einer Detached Signature spricht. Unterschiedliche Teile eines Dokuments können von unterschiedlichen Empfängern signiert werden. Es kann eine Vielzahl Signatur- und Normalisierungsverfahren eingesetzt und kombiniert werden.
50 XML-Normalisierung Problem: Logisch gleiche XML-Dokumente können aufgrund von Leerzeichen, Zeilenumbrüchen, etc. unterschiedlich serialisiert sein. Gleiche Dokumente können unterschiedliche Hash- Werte haben. Lösung: Normalisierung Transformation von XML-Dokumenten in eine XML- Teilmenge, die logisch gleiche Dokumente immer gleich serialisiert. Hash-verfahren können nun angewendet werden. XML Signature setzt Normalisierung voraus.
51 Beispiel <?xml version="1.0" encoding="utf-8"?> <Signature xmlns=" <SignedInfo Id="2ndDecemberNewsItem"> <CanonicalizationMethod Algorithm=" <SignatureMethod Algorithm=" <Reference URI=" <DigestMethod Algorithm=" <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue> </Reference> <Reference URI="#AMadeUpTimeStamp" Type=" <DigestMethod Algorithm=" <DigestValue>k3453rvEPO0vKtMup4NbeVu8nk=</DigestValue> </Reference> </SignedInfo> <SignatureValue>MC0E~LE= </SignatureValue> <KeyInfo> <X509Data> <X509SubjectName> CN=News Items Inc., O=Today s News Items, C=USA </X509SubjectName> <X509Certificate> MIID5jCCA0+gA...lVN </X509Certificate> </X509Data> </KeyInfo> <Object> <SignatureProperties> <SignatureProperty Id="AMadeUpTimeStamp" Target="#2ndDecemberNewsItem"> <timestamp xmlns=" <date> </date> <time>18:30</time> </timestamp> </SignatureProperty> </SignatureProperties> </Object> </Signature>
52 Web-Services-Sicherheitserweiterungen WS- SecureConversation WS-Federation WS-Authorization WS-SecurityPolicy WS-Trust WS-Privacy WS-Security SOAP XML-Signature XML-Encryption
53 WS-Security Spezifikation für XML-basierten Container für Sicherheitsmetadaten Ermöglicht die Verwendung/Anbindung von Vielzahl Sicherheitslösung an Webservice- Technologie (z.b. Kerberos) Schwerpunkt: Verwendung von XML Signature und XML Encryption in Webservice-Kommunikation
54 WS-Security structure
55 WS-SecurityPolicy Web Service Security Policy Language Erweiterung von WS-Policy um Möglichkeiten zur Beschreibung von Sicherheitsrichtlinien Definition von sicherheitsrelevanten Zusicherungen auf verschiedenen Ebenen: Transportebene Nachrichtenebene
56 Beispiel <definitions [ ]"> [ ] <ns8:policy xmlns:ns8=" wsu:id="calculatorwsportbinding_add_input_policy"> <ns8:exactlyone> <ns8:all> <ns9:encryptedparts xmlns:ns9=" <ns9:body></ns9:body> </ns9:encryptedparts> <ns10:signedparts xmlns:ns10=" <ns10:body></ns10:body> <ns10:header Namespace=" Name="ReplyTo"></ns10:Header> <ns10:header Namespace=" Name="To"></ns10:Header> [...] </ns10:signedparts> </ns8:all> </ns8:exactlyone> </ns8:policy>
57 Beispiel (Fortsetzung) [...] <message name="add"> <part name="parameters" element="tns:add"></part> </message> [...] <porttype name="calculatorws"> <operation name="add"> <input message="tns:add"></input> <output message="tns:addresponse"></output> </operation> </porttype> <binding name="calculatorwsportbinding" type="tns:calculatorws"> <ns14:policyreference xmlns:ns14=" URI="#CalculatorWSPortBindingPolicy"></ns14:PolicyReference> <soap:binding transport=" style="document"></soap:binding> <operation name="add"> <soap:operation soapaction="add"></soap:operation> <input> <ns15:policyreference xmlns:ns15=" URI="#CalculatorWSPortBinding_add_Input_Policy"></ns15:PolicyReference> <soap:body use="literal"></soap:body> </input> [...] </operation> </binding> [...] </definitions>
SMTP Basics. Email Message Format. Simple, text-based format. Message comprised of headers and body. Email Message Format: Issues
Distributed Systems Security Protocols (Application Layer) Prof. Dr. Stefan Fischer Institut für Telematik, Universität zu Lübeck https://www.itm.uni-luebeck.de/people/fischer Overview Security on the
More informationElectronic Mail Security
Electronic Mail Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationElectronic mail security. MHS (Message Handling System)
Electronic mail security Diana Berbecaru < diana.berbecaru @ polito.it> Politecnico di Torino Dip. Automatica e Informatica MHS (Message Handling System) MS MS MUA MUA (Message Transfer ) MS (Message Store)
More informationProf. Sead Muftic Feng Zhang. Lecture 10: Secure E-mail Systems
Prof. Sead Muftic Feng Zhang Lecture 10: Secure E-mail Systems Lecture 10 : Secure E mail Systems Subjects / Topics : 1. Secure E mail systems 2. Secure, Trusted, Authorized and Reliable E Mail System
More information4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.1:
More informationElectronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure
Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by
More informationEmail. MIME is the protocol that was devised to allow non-ascii encoded content in an email and attached files to an email.
Email Basics: Email protocols were developed even before there was an Internet, at a time when no one was anticipating widespread use of digital graphics or even rich text format (fonts, colors, etc.),
More informationCryptography and Network Security Chapter 15
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email
CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure
More informationNetwork Security Essentials Chapter 7
Network Security Essentials Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 7 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,
More informationChapter 6 Electronic Mail Security
Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationEmail, SNMP, Securing the Web: SSL
Email, SNMP, Securing the Web: SSL 4 January 2015 Lecture 12 4 Jan 2015 SE 428: Advanced Computer Networks 1 Topics for Today Email (SMTP, POP) Network Management (SNMP) ASN.1 Secure Sockets Layer 4 Jan
More informationPGP from: Cryptography and Network Security
PGP from: Cryptography and Network Security Fifth Edition by William Stallings Lecture slides by Lawrie Brown (*) (*) adjusted by Fabrizio d'amore Electronic Mail Security Despite the refusal of VADM Poindexter
More informationNetwork Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr.
Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance
More informationLecture 10: 1. Secure E mail E systems. Systems. Page 1
1 2 Prof. Sead Matei Ciobanu Morogan Abdul Ghafoor Abbasi Lecture 10: Secure E-mailE Lecture 10 : Secure E mail E Subjects / opics : 1. Secure E mail E systems 2. Secure, rusted, Authorized and eliable
More informationElectronic Mail Security
email 1 Electronic Mail Security Slide 1 Characteristics File transfer, except... sender, receiver may not be present at the same time diversity(charactersets, headers,...) not a transparent channel (8
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 11: Email security: PGP and S/MIME Ion Petre Department of IT, Åbo Akademi University February 14, 2012 1 Email
More information19531 - Telematics. 13th Tutorial - Application Layer Protocols
19531 - Telematics 13th Tutorial - Application Layer Protocols Bastian Blywis Department of Mathematics and Computer Science Institute of Computer Science 03. February, 2011 Institute of Computer Science
More informationNetworking Applications
Networking Dr. Ayman A. Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Electronic Mail 1 Outline Introduction SMTP MIME Mail Access
More informationCommunication Systems Network Applications - Electronic Mail
Scope Communication Systems Network s - Electronic Mail Prof. Dr.-Ing. Lars Wolf TU Braunschweig Institut für Betriebssysteme und Rechnerverbund Mühlenpfordtstraße 23, 38106 Braunschweig, Germany Email:
More informationThe basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.
Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components
More informationNetwork Services. Email SMTP, Internet Message Format. Johann Oberleitner SS 2006
Network Services Email SMTP, Internet Message Format Johann Oberleitner SS 2006 Agenda Email SMTP Internet Message Format Email Protocols SMTP Send emails POP3/IMAPv4 Read Emails Administrate mailboxes
More informationEmail Electronic Mail
Email Electronic Mail Electronic mail paradigm Most heavily used application on any network Electronic version of paper-based office memo Quick, low-overhead written communication Dates back to time-sharing
More informationAuthentication applications Kerberos X.509 Authentication services E mail security IP security Web security
UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,
More informationEvolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used:
Evolution of the WWW Communication in the WWW World Wide Web (WWW) Access to linked documents, which are distributed over several computers in the History of the WWW Origin 1989 in the nuclear research
More informationElectronic mail security. MHS (Message Handling System) E-mail on multi-user systems. Antonio Lioy - Politecnico di Torino (1995-2009) 1
Electronic mail security Antonio Lioy < lioy @ polito.it> Politecnico di Torino Dip. Automatica e Informatica MHS (Message Handling System) MTA MSA MTA chain MTA MSA MS MS MUA MUA MUA (Message User Agent)
More informationInternet Technology 2/13/2013
Internet Technology 03r. Application layer protocols: email Email: Paul Krzyzanowski Rutgers University Spring 2013 1 2 Simple Mail Transfer Protocol () Defined in RFC 2821 (April 2001) Original definition
More informationElectronic mail security
Electronic mail security Antonio Lioy < lioy @ polito.it> Politecnico di Torino Dip. Automatica e Informatica MHS (Message Handling System) MTA MSA MTA chain MTA MSA MS MS MUA MUA MUA (Message User Agent)
More informationThis Working Paper provides an introduction to the web services security standards.
International Civil Aviation Organization ATNICG WG/8-WP/12 AERONAUTICAL TELECOMMUNICATION NETWORK IMPLEMENTATION COORDINATION GROUP EIGHTH WORKING GROUP MEETING (ATNICG WG/8) Christchurch New Zealand
More informationE-Mail Security. Raj Jain. Washington University in St. Louis
E-Mail Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationCPSC 360 - Network Programming. Email, FTP, and NAT. http://www.cs.clemson.edu/~mweigle/courses/cpsc360
CPSC 360 - Network Programming E, FTP, and NAT Michele Weigle Department of Computer Science Clemson University mweigle@cs.clemson.edu April 18, 2005 http://www.cs.clemson.edu/~mweigle/courses/cpsc360
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationEvolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP - Message Format. The Client/Server model is used:
Evolution of the WWW Communication in the WWW World Wide Web (WWW) Access to linked documents, which are distributed over several computers in the History of the WWW Origin 1989 in the nuclear research
More information2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET)
2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET) There are three popular applications for exchanging information. Electronic mail exchanges information between people and file
More informationE-Mail security. Mag. iur. Dr. techn. Michael Sonntag
Mag. iur. Dr. techn. Michael Sonntag E-Mail security E-Mail: sonntag@fim.uni-linz.ac.at http://www.fim.uni-linz.ac.at/staff/sonntag.htm Institute for Information Processing and Microprocessor Technology
More informationDomain Name System (DNS)
Application Layer Domain Name System Domain Name System (DNS) Problem Want to go to www.google.com, but don t know the IP address Solution DNS queries Name Servers to get correct IP address Essentially
More informationStandards and Products. Computer Security. Kerberos. Kerberos
3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationCS43: Computer Networks Email. Kevin Webb Swarthmore College September 24, 2015
CS43: Computer Networks Email Kevin Webb Swarthmore College September 24, 2015 Three major components: mail (MUA) mail transfer (MTA) simple mail transfer protocol: SMTP User Agent a.k.a. mail reader composing,
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationCryptography and Security
Cunsheng DING Version 3 Lecture 17: Electronic Mail Security Outline of this Lecture 1. Email security issues. 2. Detailed introduction of PGP. Page 1 Version 3 About Electronic Mail 1. In virtually all
More informationEnterprise Applikation Integration und Service-orientierte Architekturen. 10 Webservices Addons
Enterprise Applikation Integration und Service-orientierte Architekturen 10 Webservices Addons Überblick über die Spezifikationen http://www.ws-universe.com/index.html [28.04.2010] Prof. Dr. Holger Wache
More informationTable of Contents. Electronic mail. History of email (2) History of email (1) Email history. Basic concepts. Aka e-mail (or email according to Knuth)
Table of Contents Electronic mail Aka e-mail (or email according to Knuth) Karst Koymans / Jeroen van der Ham Informatics Institute University of Amsterdam Tuesday, September 25, 2011 Email history Basic
More informationPGP - Pretty Good Privacy
I should be able to whisper something in your ear, even if your ear is 1000 miles away, and the government disagrees with that. -- Philip Zimmermann PGP - Pretty Good Privacy - services - message format
More informationEncryption, Signing and Compression in Financial Web Services
Danske Bank Encryption, Signing and Compression in Financial Web Services Details of how to call the Danske Bank financial web service Version 2.4.7 Encryption, Signing and Compression in Financial Web
More informationMail system components. Electronic Mail MRA MUA MSA MAA. David Byers
Electronic Mail PRINCIPLES DNS ARCHITECTURES SPAM Mail system components () () David Byers MRA davby@ida.liu.se IDA/ADIT/IISLAB Mail User Agent Reads and writes e-mail Writes e-mail to using (usually)
More informationEmail. Daniel Zappala. CS 460 Computer Networking Brigham Young University
Email Daniel Zappala CS 460 Computer Networking Brigham Young University How Email Works 3/25 Major Components user agents POP, IMAP, or HTTP to exchange mail mail transfer agents (MTAs) mailbox to hold
More informationXML Encryption Syntax and Processing. Duan,Limiao 07,12,2006
XML Encryption Syntax and Processing Duan,Limiao 07,12,2006 Agenda Introduction Encryption Overview and Examples - An XML Element - XML Element Content (Elements) - XML Element Content (Character Data)
More information2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET)
2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET) There are three popular applications for exchanging information. Electronic mail exchanges information between people and file
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationProtocolo FTP. FTP: Active Mode. FTP: Active Mode. FTP: Active Mode. FTP: the file transfer protocol. Separate control, data connections
: the file transfer protocol Protocolo at host interface local file system file transfer remote file system utilizes two ports: - a 'data' port (usually port 20...) - a 'command' port (port 21) SISTEMAS
More informationCiphermail Gateway Administration Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Administration Guide September 23, 2014, Rev: 9112 Copyright 2008-2014, ciphermail.com. Acknowledgements: Thanks goes out to Andreas Hödle for feedback. CONTENTS
More informationA Noval Approach for S/MIME
Volume 1, Issue 7, December 2013 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com A Noval Approach for S/MIME K.Suganya
More informationCiphermail Gateway Administration Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Administration Guide October 10, 2015, Rev: 10214 Copyright 2008-2015, ciphermail.com. Acknowledgements: Thanks goes out to Andreas Hödle for feedback. CONTENTS
More informationWeb Services. Web Service Security. Copyright 2010 Davide Cerri & Srdjan Komazec
Web Services Web Service Security Copyright 2010 Davide Cerri & Srdjan Komazec 1 Where Are We? # Title 1 Distributed Information Systems 2 Middleware 3 Web Technologies 4 Web Services 5 Basic Web Service
More informationWhat Your Mother Didn't Tell You About PEM, DER, PKCS. Eric Norman University of Wisconsin-Madison
What Your Mother Didn't Tell You About PEM, DER, PKCS Eric Norman University of Wisconsin-Madison 1 Audience I'm nuts Some of you might want to bolt Who needs to know? Developers Support personnel diagnose
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:
Managing and Securing Computer Networks Guy Leduc Chapter 3: Securing applications Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section 8.5)
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationCategory: Standards Track June 1999
Network Working Group P. Hoffman, Editor Request for Comments: 2634 Internet Mail Consortium Category: Standards Track June 1999 Status of this Memo Enhanced Security Services for S/MIME This document
More informationSending MIME Messages in LISTSERV DISTRIBUTE Jobs
Whitepaper Sending MIME Messages in LISTSERV DISTRIBUTE Jobs August 25, 2010 Copyright 2010 L-Soft international, Inc. Information in this document is subject to change without notice. Companies, names,
More informationHow To Write An Email On A Linux Computer (No Mail) (No Email) (For Ahem) (Or Ahem, For Ahem). (For An Email) Or Ahem.Org) (Ahem) Or An Email
Electronic mail Aka email (Knuth) dr. C. P. J. Koymans Informatics Institute Universiteit van Amsterdam November 20, 2007 dr. C. P. J. Koymans (UvA) Electronic mail November 20, 2007 1 / 31 History of
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationInternet, intranet and Web Lecture I
Internet, intranet and Web Lecture I Technologies and protocols for application communications Marco Solieri marco.solieri@lipn.univ-paris13.fr Info et Réseaux en Apprentissage, Sup Galilée, Université
More informationMessage authentication and. digital signatures
Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation
More informationFTP and email. Computer Networks. FTP: the file transfer protocol
Computer Networks and email Based on Computer Networking, 4 th Edition by Kurose and Ross : the file transfer protocol transfer file to/from remote host client/ model client: side that initiates transfer
More informationSECURITY FOR XML MESSAGES
EAN UCC Implementation Guidelines ebmethodology Group Working Group 4 - WG4 DOCUMENT STATUS: DISCUSSION DRAFT DOCUMENT 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
More informationCommunication Systems SSL
Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security
More information02267: Software Development of Web Services
02267: Software Development of Web Services Week 11 Hubert Baumeister huba@dtu.dk Department of Applied Mathematics and Computer Science Technical University of Denmark Fall 2015 1 Contents WS-Policy Web
More informationSecuring Web Services with WS-Security
Securing Web Services with WS-Security Demystifying WS-Security, WS-Policy, SAML, XML Signature and XML Encryption jothy Rosenberg David L. Remy SAMS Sams Publishing, 800 East 96th Street, Indianapolis,
More informationEE 7376: Introduction to Computer Networks. Homework #3: Network Security, Email, Web, DNS, and Network Management. Maximum Points: 60
EE 7376: Introduction to Computer Networks Homework #3: Network Security, Email, Web, DNS, and Network Management Maximum Points: 60 1. Network security attacks that have to do with eavesdropping on, or
More informationSIP Security. ENUM-Tag am 28. September in Frankfurt. Prof. Dr. Andreas Steffen. Agenda. andreas.steffen@zhwin.ch
ENUM-Tag am 28. September in Frankfurt SIP Security Prof. Dr. Andreas Steffen andreas.steffen@zhwin.ch Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 1 Agenda SIP The Session Initiation Protocol Securing the
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationCipherMail Gateway Quick Setup Guide
CIPHERMAIL EMAIL ENCRYPTION CipherMail Gateway Quick Setup Guide October 10, 2015, Rev: 9537 Copyright 2015, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 4 2 Typical setups 4 2.1 Direct delivery............................
More informationSpecifying the content and formal specifications of document formats for QES
NATIONAL SECURITY AUTHORITY Version 1.0 Specifying the content and formal specifications of document formats for QES 24 July 2007 No.: 3198/2007/IBEP-013 NSA Page 1/14 This English version of the Slovak
More informationSimple Mail Transfer Protocol
Page 1 of 6 Home : Network Programming Simple Mail Transfer Protocol Contents What is SMTP? Basics of SMTP SMTP Commands Relaying of Messages Time Stamps and Return Path in Message Header Mail Exchangers
More informationInternational Journal of Computer Trends and Technology- March to April Issue 2011
EMAIL SECURITY PROTOCOL Sunny gill 1, Gaurav Rupnar 1, Vaibhav Ramteke 1,PROF. Dipti Patil 2, Vijay M.Wadhai 3 1 Computer Engineering Department, MIT College of Engineering,Pune 2 Assistant Professor,
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationElements of Security
Elements of Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 15, 2015 Slideset 8: 1 Some Poetry Mary had a little key (It s all she could export)
More informationCiphire Mail Email Encryption and Authentication
Ciphire Mail Email Encryption and Authentication Lars Eilebrecht Ciphire Labs le@ciphirelabs.com Abstract. Ciphire Mail is cryptographic software that provides email encryption and digital signatures.
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationApplication Example: WWW. Communication in the WWW. WWW, HTML, URL and HTTP. Loading of Web Pages. The Client/Server model is used in the WWW
Application Example WWW Communication in the WWW In the following application protocol examples for WWW and E-Mail World Wide Web (WWW) Access to linked documents, which are distributed over several computers
More informationGrid Computing - X.509
Grid Computing - X.509 Sylva Girtelschmid October 20, 2009 Public Key Infrastructure - PKI PKI Digital Certificates IT infrastructure that provides means for private and secure data exchange By using cryptographic
More informationEmail Security. Issues:
Email Security Email Security Issues: Not real time, can afford to use public key cryptosystems more. Certification of keys is much harder because anyone can send anyone else some mail Strictly end to
More informationInternet Technologies Internet Protocols and Services
QAFQAZ UNIVERSITY Computer Engineering Department Internet Technologies Internet Protocols and Services Dr. Abzetdin ADAMOV Chair of Computer Engineering Department aadamov@qu.edu.az http://ce.qu.edu.az/~aadamov
More informationWeb Services Security SOAP Messages with Attachments (SwA) Profile 1.1
1 2 3 4 Web Services Security SOAP Messages with Attachments (SwA) Profile 1.1 OASIS Standard, 1 February 2006 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Document identifier:
More informationCIPHERMAIL EMAIL ENCRYPTION. CipherMail white paper
CIPHERMAIL EMAIL ENCRYPTION CipherMail white paper Copyright 2009-2014, ciphermail.com. Introduction Most email is sent as plain text. This means that anyone who can intercept email messages, either in
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationA Guide E-Mail Systems and Security. Brian Donadio. East Carolina University
E-Mail Security 1 A Guide E-Mail Systems and Security Brian Donadio East Carolina University E-Mail Security 2 Abstract Electronic Mail is quite arguably the most important application for personal and
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationOpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.
OpenADR 2.0 Security Jim Zuber, CTO QualityLogic, Inc. Security Overview Client and server x.509v3 certificates TLS 1.2 with SHA256 ECC or RSA cipher suites TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationInternet Architecture
Internet Architecture Lecture 10: How Email Work Assistant Teacher Samraa Adnan Al-Asadi 1 How Email Works Electronic mail, or email, might be the most heavily used feature of the Internet. You can use
More informationDigital Certificates Demystified
Digital Certificates Demystified Alyson Comer IBM Corporation System SSL Development Endicott, NY Email: comera@us.ibm.com February 7 th, 2013 Session 12534 (C) 2012, 2013 IBM Corporation Trademarks The
More information