Call Now โ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
ย
Email security
1. Aleppo university
Faculty of electrical and electronic engineering
Computer engineering department
First semester 2016/2017
Prepared by:
Mohammed Haj Hilal
E-Mail Security
2. 2
๏ Why?
1. How to forge email?
2. How to spot spoofed email.
๏ Mail Infrastructure
๏ Security Characteristics
1. Authentication
2. Confidentiality
3. Non-repudiation
๏ Solutions:
1. S/MIME
2. PGP
3. 3
1. Can be easily forged.
2. Can be generated almost free of cost
and used for spamming.
3. Contains no guarantee for delivery.
4. Has currently no inbuilt authentication
method.
4. 4
๏Email travels from
originating computer to
the receiving computer
through email servers.
๏All email servers add to the
header.
๏Use important internet
services to interpret and
verify data in a header.
Typical path of an email message:Client
Mail Server
Mail Server
Mail Server
Client
5. 5
Email program such as
outlook is a client
application.
Needs to interact with
an email server:
A. Post Office Protocol
(POP)
B. Internet Message
Access Protocol
(IMAP)
C. Microsoftโs Mail
API (MAPI)
Post Office Service Protocol Characteristics
Stores only
incoming
messages.
POP Investigation must be at the
workstation.
Stores all messages IMAP
MSโ MAPI
Lotus Notes
Copies of incoming and outgoing
messages might be stored on the
workstation or on the server or on
both.
Web-based send
and receive.
HTTP Incoming and outgoing messages
are stored on the server, but there
might be archived or copied
messages on the workstation. Easy
to spoof identity.
7. 7
๏ถSecure/Multipurpose Internet Mail Extension
๏ง Originated from RSA Data Security Inc. in 1995
๏ง Widely supported, e.g. in Microsoft Outlook,
Netscape Messenger, Lotus Notes.
๏ง S/MIME provides
๏ผEnveloped Data
๏ผSigned Data
๏ผClear-signed Data
8. 8
โข S/MIME incorporates three public-key algorithms
1. DSS for digital signatures.
2. Diffie-Hellman for encrypting session keys.
3. RSA.
โข SHA1 or MD5 for calculating digests.
โข Three-key triple DES for message encryption.
9. 9
generate a pseudo-random session key for either Triple DES or
RC2/40.
1. for each recipient, encrypt the session key with the
recipients public RSA key.
2. for each recipient, prepare a block known as
Recipient-Info that contains the sender's public-key certificate
identifier for the , the session key and encrypt the message
content with the session key.
To recover the encrypted message, the recipient:
A. reconverts the base64 encoding .
B. uses his private key to recover the session key.
C. He uses this key to decrypt the message.
11. 11
๏ถFreeware: Open PGP and variants:
๏ถwww.openpgp.org, www.gnupg.org
๏ถOpen PGP specified in RFC 2440 and defined by IETF Open PGP
working group.
๏ถAvailable as plug-in for popular e-mail clients, can also be used as
stand-alone software.
๏ถPGP is an e-mail security program written by Phil Zimmermann
12. 12
โข โIf all the personal computers in the worldโ260
millionโwere put to work on a single PGP
encrypted message, it would still take an estimated
12 million times the age of the universe, on
average, to break a single message.โ
13. 13
PGP is an open-source freely available software
package for e-mail security.
It provides :
๏ authentication
๏ confidentiality
๏ compression
๏ e-mail compatibility
๏ segmentation and reassembly.
14. 14
Digital
signature
DSS/SHA or
RSA/SHA
A hash code of a message is created using SHA-1. This
message digest is encrypted using DSS or RSA with the
sender's private key and included with the message.
Compression ZIP A message may be compressed, for storage or transmission,
using ZIP.
15. 15
Symmetric encryption:
โข DES, 3DES, AES and others.
Public key encryption of session keys:
โข RSA
Hashing:
โข SHA-1, MD-5 and others.
Signature:
โข RSA, DSS, ECDSA and others
PGP use:
public keys for
encrypting session keys
/ verifying signatures.
private keys for
decrypting session keys
/ creating signatures.
16. 16
Alice:
๏ฑ generates random symmetric private key, KS.
๏ฑ encrypts message with KS (for efficiency)
๏ฑ also encrypts KS with Bobโs public key.
๏ฑ sends both KS(m) and KB(KS) to Bob.
๏ฑAlice wants to send confidential e-mail, m, to Bob.
KS( ).
KB( ).+
+ -
KS(m )
KB(KS )
+
m
KS
KS
KB
+
Internet
KS( ).
KB( ).-
KB
-
KS
m
KS(m )
KB(KS )
+
Bob:
๏ฑ uses his private key to decrypt and
recover KS
๏ฑ uses KS to decrypt KS(m) to recover m
17. 17
โขAlice wants to provide sender authentication message integrity.
โขAlice digitally signs message.
โขsends both message (in the clear) and digital signature.
H( ). KA( )
.-
+ -
H(m )KA(H(m))
-
m
KA
-
Internet
m
KA( )
.+
KA
+
KA(H(m))
-
m
H( ). H(m )
compare