Chapter 6 Electronic Mail Security

Similar documents
Network Security Essentials Chapter 7

Cryptography and Network Security Chapter 15

PGP from: Cryptography and Network Security

Electronic Mail Security. Security. is one of the most widely used and regarded network services currently message contents are not secure

Electronic Mail Security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Cryptography and Network Security

Cryptography and Security

CS549: Cryptography and Network Security

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Elements of Security

PGP - Pretty Good Privacy

A Noval Approach for S/MIME

Managing and Securing Computer Networks. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:

SubmitedBy: Name Reg No Address. Mirza Kashif Abrar T079 kasmir07 (at) student.hh.se

Forging Digital Signatures

Prof. Sead Muftic Feng Zhang. Lecture 10: Secure Systems

WiMAX Public Key Infrastructure (PKI) Users Overview

Chapter 7 Transport-Level Security

An Introduction to Cryptography as Applied to the Smart Grid

Electronic mail security. MHS (Message Handling System)

Lecture 10: 1. Secure E mail E systems. Systems. Page 1

Overview. SSL Cryptography Overview CHAPTER 1

IT Networks & Security CERT Luncheon Series: Cryptography

to hide away details from prying eyes. Pretty Good Privacy (PGP) utilizes many

Chapter 10. Network Security

Authentication requirement Authentication function MAC Hash function Security of

Message Authentication Codes

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Unifying Information Security. Implementing Encryption on the CLEARSWIFT SECURE Gateway

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

Number of relevant issues

Installing your Digital Certificate & Using on MS Out Look 2007.

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

GlobalSign Enterprise Solutions

PGP (Pretty Good Privacy) INTRODUCTION ZHONG ZHAO

Introduction to Cryptography

Taxonomy of Security Protocol

The Electronic Postcard. By Daniel Herren

A Novel Approach For Intranet Mailing For Providing. User Authentication

CRIPT - Cryptography and Network Security

CRYPTOG NETWORK SECURITY

Network Security Protocols

Electronic Mail

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

How To Encrypt With An Certificate On An From A Gmail Account On A Pc Or Mac Or Ipa (For A Pc) On A Microsoft Gmail (For An Ipa) Or Ipad (For Mac) On

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Cryptography and Network Security

A Mechanism for VHDL Source Protection

Internet Programming. Security

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

CRYPTOGRAPHY AND NETWORK SECURITY

mod_ssl Cryptographic Techniques

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Savitribai Phule Pune University

4.1: Securing Applications Remote Login: Secure Shell (SSH) PEM/PGP. Chapter 5: Security Concepts for Networks

Secure Client Applications

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Supplement 113 Transport

Best Practices

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

SecureStore I.CA. User manual. Version 2.16 and higher

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

Deep-Secure Mail Guard Feature Guide

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Cryptography and network security CNET4523

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Ciphire Mail. Abstract

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Sharing Secrets Using Encryption Facility

Secure Part II Due Date: Sept 27 Points: 25 Points

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Cryptography and Network Security Chapter 14

SSL A discussion of the Secure Socket Layer

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Balamaruthu Mani. Supervisor: Professor Barak A. Pearlmutter

Aloaha Sign! (English Version)

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Introduction to Computer Security

Standards and Products. Computer Security. Kerberos. Kerberos

Message authentication and. digital signatures

Paper-based Document Authentication using Digital Signature and QR Code

Network Security Essentials Chapter 5

Computer Security: Principles and Practice

AD Image Encryption. Format Version 1.2

Receiving Secure from Citi For External Customers and Business Partners

7! Cryptographic Techniques! A Brief Introduction

The Misuse of RC4 in Microsoft Word and Excel

Cryptography & Digital Signatures

Secure Network Communications FIPS Non Proprietary Security Policy

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Transcription:

Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái

Outline Pretty Good Privacy S/MIME 2

Electronic Mail Security In virtually all distributed environments, electronic mail is the most heavily used network-based application. Users expect to be able to, and do, send e-mail to others who are connected directly or indirectly to the Internet, regardless of host operating system or communications suite With the explosively growing reliance on e-mail, there grows a demand for authentication and confidentiality services Two schemes in use: Pretty Good Privacy (PGP) and S/MIME 3

Electronic Mail Security Currently message contents are not secure may be inspected either in transit or by suitably privileged users on destination system PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications 4

Email Security Enhancements Confidentiality protection from disclosure Authentication of sender of message Message integrity protection from modification Non-repudiation of origin protection from denial by sender 5

Pretty Good Privacy (PGP) widely used de facto secure email developed by Phil Zimmermann selected best available crypto algorithm to use integrated into a single program on Unix, PC, Macintosh and other systems originally free, now also have commercial versions available 6

PGP Operation - Authentication 1. sender creates message 2. make SHA-1160-bit hash of message 3. attached RSA signed hash to message 4. receiver decrypts & recovers hash code 5. receiver verifies received message hash 7

PGP Operation - Confidentiality 1. sender forms 128-bit random session key 2. encrypts message with session key 3. attaches session key encrypted with RSA 4. receiver decrypts & recovers session key 5. session key is used to decrypt message 8

PGP Authentication & Confidentiality Can use both services on same message create signature & attach to message encrypt both message & signature attach RSA/ElGamal encrypted session key 9

PGP Operation - Compression by default PGP compresses message after signing but before encrypting so can store uncompressed message & signature for later verification & because compression is non deterministic uses ZIP compression algorithm 10

PGP Operation Email Compatibility When PGP is used, at least part of the block to be transmitted is encrypted However email was designed only for text Hence PGP must encode raw binary data into printable ASCII characters Uses radix-64 algorithm maps 3 bytes to 4 printable chars also appends a CRC PGP also segments messages if too big 11

PGP Operation Summary 12

S/MIME Secure/Multipurpose Internet Mail Extensions security enhancement to MIME email original Internet RFC822 email was text only MIME provided support for varying content types and multi-part messages with encoding of binary data to textual form S/MIME added security enhancements have S/MIME support in many mail agents eg MS Outlook, Mozilla, Mac Mail etc 13

S/MIME Functions enveloped data encrypted content and associated keys signed data encoded message + signed digest clear-signed data cleartext message + encoded signed digest signed & enveloped data nesting of signed & encrypted entities 14

S/MIME Cryptographic Algorithms Digital signatures: DSS & RSA Hash functions: SHA-1 & MD5 Session key encryption: ElGamal & RSA Message encryption: AES, Triple-DES, RC2/40 and others MAC: HMAC with SHA-1 Have process to decide which algorithms to use 15

S/MIME Messages S/MIME secures a MIME entity with a signature, encryption, or both Forming a MIME wrapped PKCS object Have a range of content-types: enveloped data signed data clear-signed data registration request certificate only message 16

S/MIME Certificate Processing S/MIME uses X.509 v3 certificates managed using a hybrid of a strict X.509 CA hierarchy & PGP s web of trust each client has a list of trusted CA s certificates and own public/private key pairs & certificates certificates must be signed by trusted CA s 17

Certificate Authorities have several well-known CA s Verisign one of most widely used Verisign issues several types of Digital IDs increasing levels of checks & hence trust Class Identity Checks Usage 1 name/email check web browsing/email 2 + enroll/addr check email, subs, s/w validate 3 + ID documents e-banking/service access 18

S/MIME Enhanced Security Services 3 proposed enhanced security services: signed receipts security labels secure mailing lists 19

Domain Keys Identified Mails a specification for cryptographically signing email messages so signing domain claims responsibility recipients / agents can verify signature proposed Internet Standard RFC 4871 has been widely adopted 20

Internet Mail Architecture 21

Email Threats see RFC 4684- Analysis of Threats Motivating DomainKeys Identified Mail describes the problem space in terms of: range: low end, spammers, fraudsters capabilities in terms of where submitted, signed, volume, routing naming etc outside located attackers 22

Summary We have discussed: Pretty Good Privacy S/MIME 23

References 1. Cryptography and Network Security, Principles and Practice, William Stallings, Prentice Hall, Sixth Edition, 2013 24

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information