SlideShare une entreprise Scribd logo

Lecture 8 mail security

R
rajakhurram

Network Security Course (ET1318, ET2437) at Blekinge Institute of Technology, Karlskrona, Sweden

TechnologieFormation
1  sur  30
Electronic mail security
Outline • Pretty Good Privacy (PGP) • S/MIME • Recommended web sites 2 2
Security facilities in the TCP/IP protocol stack 3 3
Pretty Good Privacy • Philip R. Zimmerman is the creator of PGP (1992). • PGP provides  confidentiality  and authentication service that can be used for electronic mail and file storage applications. 4 4
Why Is PGP Popular? • It is available free on a variety of platforms. • Wide range of applicability • Based on well known algorithms. (Why ?, Is it Secure ?) • Not developed or controlled by governmental or standards organizations (Is-it trust worthy) 5 5
Operational Description •Notations Z = Compression using ZIP Ks = Session key used in Algorithm symmetric encryption scheme R64 = Conversion to Radix 64 PRa = Private key of user A, ASCII format used in public-key encryption EP = Public key encryption scheme DP = Public key decryption PUa = Public key of user A, EC = Symmetric Encryption used in public-key encryption DC = Symmetric Decryption scheme H = Hash Function (SHA-1 Used, 160 bit hash) • Consist of five services: | | : Concatenation  Authentication  Confidentiality  Compression  E-mail compatibility  Segmentation 6 6
Authentication • The sender creates a message • SHA-1 is used to generate a 160-bit hash code of the message • The hash code is encrypted with RSA using the sender’s private key, and the result is prepended to the message • The reciever uses RSA with sender’s public key to decrypt and recover the hash code • The reciever generates a new hash code for the mesage and compares it with the decryupted hash code. 7
Confidentiality • The sender generates a message and a random 128-bit number to be used as a session key for this message only • The message is encrypted using CAST -128 / IDEA / #DES with the session key. • The session key is encrypted with RSA using recipients public key and is prepended to the message • The reciever uses RSA with its private key to decrypt and recover the session key. • The session key is used to decrypt the message 8
PGP Cryptographic Function E[PUb, Ks] 9 9
PGP Cryptographic Function 10 10
Compression • PGP compresses the message after applying the signature but before encryption • The placement of the compression algorithm is critical. • The compression algorithm used is ZIP (described in appendix G or search internet) • Message encryption is applied after compression to strengthen cryptographic security. 11 11
E-mail Compatibility • The scheme used is radix-64 conversion (see appendix or online). • The use of radix-64 expands the message by 33%. 12 12
Segmentation and Reassembly • Often restricted to a maximum message length of 50,000 octets. • Longer messages must be broken up into segments. • PGP automatically subdivides a message that is to large. • The receiver strip of all e-mail headers and reassemble the block. 13 13
Transmission and Reception of PGP Messages assembly 14 14
Format of PGP Message 15 15
General Structure of Private and Public Key Rings • Keys need to be stored and organized in a systematic way for efficient and effective use by all parties • Scheme used in PGP providesa pair of data structure at each node  To store public / private key pairs owned by that node (Private Key Ring)  To store public keys of other users known at this node (Public Key Ring) 16
General Structure of Private and Public Key Rings Least significant 64 bits 17
PGP Message Generation 18
PGP Message Reception 19
The Use of Trust • No specification for establishing certifying authorities or for establishing trust • Provides means of  Using trust  Associating trust with public keys  Exploiting trust information. • Basic Structure  Key legitimacy field : indicates the extent to which PGP will trust See Table 7.2 public key for user (W. Stallings)  Signature trust field : Indicates the degree to PGP user trusts the signer to certify public keys  Owner trust field : Indicates degree to which public key is trusted to sign other public-key certificates; assigned by user 20 20
PGP Trust Model (Example) 21 (Reading Assignment)
Revoking Public Keys • The owner issue a key revocation certificate. • Normal signature certificate with a revoke indicator. • Corresponding private key is used to sign the certificate. 22 22
S/MIME • Secure/Multipurpose Internet Mail Extension (RFC5751) • S/MIME on the IETF standard track  Will be the commercial standard for secure e-mails • Uses X.509 certificates (Public-Key Cryptography Standards (PKCS) #7) to sign/encrypt messages  PKCS # 7: An updated Cryptographic Message Syntax (CMS) – CMS is the IETF's standard for cryptographically protected messages which is used to digitally sign, digest, authenticate or encrypt digital data. • Provides same features as PGP  authentication, message integrity and non-repudiation of origin – provided by use of digital signatures  privacy, data security – provided by use of encryption • PGP for personal e-mail security, S/MIME for professional e-mail security 23 23
S/MIME Fucntion • Enveloped Data  Consists of encrypted content of any type and encrypteed-content encryption key • Signed Data  Digital signature is formed by taking the message digest and then encrypted with public key  Contents + Signature are encoded using base64 encoding  Can only viewed by recipeint with S/MIME capabilities. • Clear-Signed Data  Digital signature are formed and encoded using base64  All can see message but can not verify signature. • Singed and Enveloped Data  Encrypted data may be signed  Signed data or clear-signed data may be encrypted 24
Plain Mail (just MIME) Content-Type: multipart/mixed; boundary=bar --bar Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable =A1Hola Michael! How do you like the new S/MIME specification? It's generally a good idea to encode lines that begin with From=20because some mail transport agents will insert a greater- than (>) sign, thus invalidating the signature. Also, in some cases it might be desirable to encode any =20 trailing whitespace that occurs on lines in order to ensure =20 that the message signature is not invalidated when passing =20 a gateway that modifies such whitespace (like BITNET). =20 --bar Content-Type: image/jpeg Content-Transfer-Encoding: base64 iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn HOxEa44b+EI= --bar-- 25 25
S/MIME filenames Media Type File Extension application/pkcs7-mime (SignedData, .p7m EnvelopedData) application/pkcs7-mime (degenerate SignedData .p7c certificate management message) application/pkcs7-mime (CompressedData) .p7z application/pkcs7-signature (SignedData) .p7s 26 26
S/MIME singed message Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-- 27 27
Algorithms Used in S/MIME • Message Digesting  MUST : Absolute Requirement – SHA-1  SHOULD : May be required in particular cases – MD5 (Receiver) • Digital Signatures  MUST : DSS (Sender / Receiver)  SHOULD : RSA (Key size of 512 – 1024 bits) (Sender / Receiver) • Encryption with one time session key  MUST – Triple-DES (Sender / Receiver)  SHOULD – AES, RC2/40 (Sender) 28 28
Algorithms Used in S/MIME • Asymmetric encryption of the session key  MUST – RSA with key sizes of 512 to 1024 bits (Sender / Receiver)  SHOULD – Diffie-Hellman (for session keys). (Sender / Receiver) • Creation of MAC  MUST : HMAC with SHA-1 (Receiver)  SHOULD : HMAC with SHA-1 (Sender) 29
Recommended Web Sites • PGP home page: www.pgp.com • MIT distribution site for PGP • GOOGLE -> PGP • S/MIME Central: RSA Inc.’s Web Site 30 30

Recommandé

Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 
Email Security
Email SecurityEmail Security
Email Security
selvakumar_b1985
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the email
Gianni Fiore
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
Yosef Gamble
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
Dr.Florence Dayana
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5
limsh
 
Pgp
PgpPgp
Pgp
precy02
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/
Tania Agni
 

Recommandé

Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 
Email Security
Email SecurityEmail Security
Email Security
selvakumar_b1985
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the email
Gianni Fiore
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
Yosef Gamble
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
Dr.Florence Dayana
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5
limsh
 
Pgp
PgpPgp
Pgp
precy02
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/
Tania Agni
 
PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01
Qaisar Ayub
 
E mail security
E mail securityE mail security
E mail security
Soumya Vijoy
 
Pgp
PgpPgp
Pgp
Reham Maher El-Safarini
 
Network security
Network securityNetwork security
Network security
Dhaval Kaneria
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
Prafull Johri
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Pretty good privacy - Email Security
Pretty good privacy - Email SecurityPretty good privacy - Email Security
Pretty good privacy - Email Security
Rakesh Mittal
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
Vishal Kumar
 
Email security & threads
Email security & threadsEmail security & threads
Email security & threads
Inocentshuja Ahmad
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
koolkampus
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
Rohit Soni
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Punnya Babu
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email security
Mazin Alwaaly
 
Network security
Network securityNetwork security
Network security
SVijaylakshmi
 
Ch15
Ch15Ch15
Ch15
Joe Christensen
 
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
DevigaR1
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)
Pankaj Bhambhani
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
Email sec11
Email sec11Email sec11
Email sec11
Athira Asakumar
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptx
prateekPallav2
 

Contenu connexe

Tendances

E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
koolkampus
 

Tendances (20)

PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01
 
E mail security
E mail securityE mail security
E mail security
 
Pgp
PgpPgp
Pgp
 
Network security
Network securityNetwork security
Network security
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
Email security
Email securityEmail security
Email security
 
Pretty good privacy - Email Security
Pretty good privacy - Email SecurityPretty good privacy - Email Security
Pretty good privacy - Email Security
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
 
Email security & threads
Email security & threadsEmail security & threads
Email security & threads
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email security
 
Network security
Network securityNetwork security
Network security
 
Ch15
Ch15Ch15
Ch15
 
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
 

Similaire à Lecture 8 mail security

Similaire à Lecture 8 mail security (20)

Email sec11
Email sec11Email sec11
Email sec11
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptx
 
Pgp1
Pgp1Pgp1
Pgp1
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 
unit6.ppt
unit6.pptunit6.ppt
unit6.ppt
 
Unit 4
Unit 4Unit 4
Unit 4
 
pgp.ppt.pptx
pgp.ppt.pptxpgp.ppt.pptx
pgp.ppt.pptx
 
PGP desk top basis lecture 002
PGP desk top basis lecture 002PGP desk top basis lecture 002
PGP desk top basis lecture 002
 
CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
email.ppt
email.pptemail.ppt
email.ppt
 
Email2
Email2Email2
Email2
 
Pgp
PgpPgp
Pgp
 
PGP.ppt
PGP.pptPGP.ppt
PGP.ppt
 
ch15 (1).ppt
ch15 (1).pptch15 (1).ppt
ch15 (1).ppt
 
ch15.ppt
ch15.pptch15.ppt
ch15.ppt
 
ch15.ppt
ch15.pptch15.ppt
ch15.ppt
 

Plus de rajakhurram

Malicious software
Malicious softwareMalicious software
Malicious software
rajakhurram
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
rajakhurram
 
Lecture3a symmetric encryption
Lecture3a symmetric encryptionLecture3a symmetric encryption
Lecture3a symmetric encryption
rajakhurram
 
Lecture2 network attack
Lecture2 network attackLecture2 network attack
Lecture2 network attack
rajakhurram
 

Plus de rajakhurram (14)

Malicious software
Malicious softwareMalicious software
Malicious software
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
Lecture 11 wifi security
Lecture 11 wifi securityLecture 11 wifi security
Lecture 11 wifi security
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
 
Lecture 7 certificates
Lecture 7 certificatesLecture 7 certificates
Lecture 7 certificates
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
Lecture 3b public key_encryption
Lecture 3b public key_encryptionLecture 3b public key_encryption
Lecture 3b public key_encryption
 
Lecture3a symmetric encryption
Lecture3a symmetric encryptionLecture3a symmetric encryption
Lecture3a symmetric encryption
 
Lecture2 network attack
Lecture2 network attackLecture2 network attack
Lecture2 network attack
 
Lecture1 Introduction
Lecture1 Introduction Lecture1 Introduction
Lecture1 Introduction
 

Dernier

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Lecture 8 mail security

  • 2. Outline • Pretty Good Privacy (PGP) • S/MIME • Recommended web sites 2 2
  • 3. Security facilities in the TCP/IP protocol stack 3 3
  • 4. Pretty Good Privacy • Philip R. Zimmerman is the creator of PGP (1992). • PGP provides  confidentiality  and authentication service that can be used for electronic mail and file storage applications. 4 4
  • 5. Why Is PGP Popular? • It is available free on a variety of platforms. • Wide range of applicability • Based on well known algorithms. (Why ?, Is it Secure ?) • Not developed or controlled by governmental or standards organizations (Is-it trust worthy) 5 5
  • 6. Operational Description •Notations Z = Compression using ZIP Ks = Session key used in Algorithm symmetric encryption scheme R64 = Conversion to Radix 64 PRa = Private key of user A, ASCII format used in public-key encryption EP = Public key encryption scheme DP = Public key decryption PUa = Public key of user A, EC = Symmetric Encryption used in public-key encryption DC = Symmetric Decryption scheme H = Hash Function (SHA-1 Used, 160 bit hash) • Consist of five services: | | : Concatenation  Authentication  Confidentiality  Compression  E-mail compatibility  Segmentation 6 6
  • 7. Authentication • The sender creates a message • SHA-1 is used to generate a 160-bit hash code of the message • The hash code is encrypted with RSA using the sender’s private key, and the result is prepended to the message • The reciever uses RSA with sender’s public key to decrypt and recover the hash code • The reciever generates a new hash code for the mesage and compares it with the decryupted hash code. 7
  • 8. Confidentiality • The sender generates a message and a random 128-bit number to be used as a session key for this message only • The message is encrypted using CAST -128 / IDEA / #DES with the session key. • The session key is encrypted with RSA using recipients public key and is prepended to the message • The reciever uses RSA with its private key to decrypt and recover the session key. • The session key is used to decrypt the message 8
  • 9. PGP Cryptographic Function E[PUb, Ks] 9 9
  • 11. Compression • PGP compresses the message after applying the signature but before encryption • The placement of the compression algorithm is critical. • The compression algorithm used is ZIP (described in appendix G or search internet) • Message encryption is applied after compression to strengthen cryptographic security. 11 11
  • 12. E-mail Compatibility • The scheme used is radix-64 conversion (see appendix or online). • The use of radix-64 expands the message by 33%. 12 12
  • 13. Segmentation and Reassembly • Often restricted to a maximum message length of 50,000 octets. • Longer messages must be broken up into segments. • PGP automatically subdivides a message that is to large. • The receiver strip of all e-mail headers and reassemble the block. 13 13
  • 14. Transmission and Reception of PGP Messages assembly 14 14
  • 15. Format of PGP Message 15 15
  • 16. General Structure of Private and Public Key Rings • Keys need to be stored and organized in a systematic way for efficient and effective use by all parties • Scheme used in PGP providesa pair of data structure at each node  To store public / private key pairs owned by that node (Private Key Ring)  To store public keys of other users known at this node (Public Key Ring) 16
  • 17. General Structure of Private and Public Key Rings Least significant 64 bits 17
  • 20. The Use of Trust • No specification for establishing certifying authorities or for establishing trust • Provides means of  Using trust  Associating trust with public keys  Exploiting trust information. • Basic Structure  Key legitimacy field : indicates the extent to which PGP will trust See Table 7.2 public key for user (W. Stallings)  Signature trust field : Indicates the degree to PGP user trusts the signer to certify public keys  Owner trust field : Indicates degree to which public key is trusted to sign other public-key certificates; assigned by user 20 20
  • 21. PGP Trust Model (Example) 21 (Reading Assignment)
  • 22. Revoking Public Keys • The owner issue a key revocation certificate. • Normal signature certificate with a revoke indicator. • Corresponding private key is used to sign the certificate. 22 22
  • 23. S/MIME • Secure/Multipurpose Internet Mail Extension (RFC5751) • S/MIME on the IETF standard track  Will be the commercial standard for secure e-mails • Uses X.509 certificates (Public-Key Cryptography Standards (PKCS) #7) to sign/encrypt messages  PKCS # 7: An updated Cryptographic Message Syntax (CMS) – CMS is the IETF's standard for cryptographically protected messages which is used to digitally sign, digest, authenticate or encrypt digital data. • Provides same features as PGP  authentication, message integrity and non-repudiation of origin – provided by use of digital signatures  privacy, data security – provided by use of encryption • PGP for personal e-mail security, S/MIME for professional e-mail security 23 23
  • 24. S/MIME Fucntion • Enveloped Data  Consists of encrypted content of any type and encrypteed-content encryption key • Signed Data  Digital signature is formed by taking the message digest and then encrypted with public key  Contents + Signature are encoded using base64 encoding  Can only viewed by recipeint with S/MIME capabilities. • Clear-Signed Data  Digital signature are formed and encoded using base64  All can see message but can not verify signature. • Singed and Enveloped Data  Encrypted data may be signed  Signed data or clear-signed data may be encrypted 24
  • 25. Plain Mail (just MIME) Content-Type: multipart/mixed; boundary=bar --bar Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable =A1Hola Michael! How do you like the new S/MIME specification? It's generally a good idea to encode lines that begin with From=20because some mail transport agents will insert a greater- than (>) sign, thus invalidating the signature. Also, in some cases it might be desirable to encode any =20 trailing whitespace that occurs on lines in order to ensure =20 that the message signature is not invalidated when passing =20 a gateway that modifies such whitespace (like BITNET). =20 --bar Content-Type: image/jpeg Content-Transfer-Encoding: base64 iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn HOxEa44b+EI= --bar-- 25 25
  • 26. S/MIME filenames Media Type File Extension application/pkcs7-mime (SignedData, .p7m EnvelopedData) application/pkcs7-mime (degenerate SignedData .p7c certificate management message) application/pkcs7-mime (CompressedData) .p7z application/pkcs7-signature (SignedData) .p7s 26 26
  • 27. S/MIME singed message Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-- 27 27
  • 28. Algorithms Used in S/MIME • Message Digesting  MUST : Absolute Requirement – SHA-1  SHOULD : May be required in particular cases – MD5 (Receiver) • Digital Signatures  MUST : DSS (Sender / Receiver)  SHOULD : RSA (Key size of 512 – 1024 bits) (Sender / Receiver) • Encryption with one time session key  MUST – Triple-DES (Sender / Receiver)  SHOULD – AES, RC2/40 (Sender) 28 28
  • 29. Algorithms Used in S/MIME • Asymmetric encryption of the session key  MUST – RSA with key sizes of 512 to 1024 bits (Sender / Receiver)  SHOULD – Diffie-Hellman (for session keys). (Sender / Receiver) • Creation of MAC  MUST : HMAC with SHA-1 (Receiver)  SHOULD : HMAC with SHA-1 (Sender) 29
  • 30. Recommended Web Sites • PGP home page: www.pgp.com • MIT distribution site for PGP • GOOGLE -> PGP • S/MIME Central: RSA Inc.’s Web Site 30 30