the algorithm that used in email for security

1. Aleppo university
Faculty of electrical and electronic engineering
Computer engineering department
First semester 2016/2017
Prepared by:
Mohammed Haj Hilal
E-Mail Security

2. 2
 Why?
1. How to forge email?
2. How to spot spoofed email.
 Mail Infrastructure
 Security Characteristics
1. Authentication
2. Confidentiality
3. Non-repudiation
 Solutions:
1. S/MIME
2. PGP

3. 3
1. Can be easily forged.
2. Can be generated almost free of cost
and used for spamming.
3. Contains no guarantee for delivery.
4. Has currently no inbuilt authentication
method.

4. 4
Email travels from
originating computer to
the receiving computer
through email servers.
All email servers add to the
header.
Use important internet
services to interpret and
verify data in a header.
Typical path of an email message:Client
Mail Server
Mail Server
Mail Server
Client

5. 5
Email program such as
outlook is a client
application.
Needs to interact with
an email server:
A. Post Office Protocol
(POP)
B. Internet Message
Access Protocol
(IMAP)
C. Microsoft’s Mail
API (MAPI)
Post Office Service Protocol Characteristics
Stores only
incoming
messages.
POP Investigation must be at the
workstation.
Stores all messages IMAP
MS’ MAPI
Lotus Notes
Copies of incoming and outgoing
messages might be stored on the
workstation or on the server or on
both.
Web-based send
and receive.
HTTP Incoming and outgoing messages
are stored on the server, but there
might be archived or copied
messages on the workstation. Easy
to spoof identity.

6. 6
 Privacy
 Authentication
 Integrity
 Non repudiation
 Proof of submission
 Proof of delivery
 Message flow confidentiality
 Anonymity
 Containment
 Self destruct
 Message sequence integrity

7. 7
Secure/Multipurpose Internet Mail Extension
 Originated from RSA Data Security Inc. in 1995
 Widely supported, e.g. in Microsoft Outlook,
Netscape Messenger, Lotus Notes.
 S/MIME provides
Enveloped Data
Signed Data
Clear-signed Data

8. 8
• S/MIME incorporates three public-key algorithms
1. DSS for digital signatures.
2. Diffie-Hellman for encrypting session keys.
3. RSA.
• SHA1 or MD5 for calculating digests.
• Three-key triple DES for message encryption.

9. 9
generate a pseudo-random session key for either Triple DES or
RC2/40.
1. for each recipient, encrypt the session key with the
recipients public RSA key.
2. for each recipient, prepare a block known as
Recipient-Info that contains the sender's public-key certificate
identifier for the , the session key and encrypt the message
content with the session key.
To recover the encrypted message, the recipient:
A. reconverts the base64 encoding .
B. uses his private key to recover the session key.
C. He uses this key to decrypt the message.

10. 10

11. 11
Freeware: Open PGP and variants:
www.openpgp.org, www.gnupg.org
Open PGP specified in RFC 2440 and defined by IETF Open PGP
working group.
Available as plug-in for popular e-mail clients, can also be used as
stand-alone software.
PGP is an e-mail security program written by Phil Zimmermann

12. 12
• “If all the personal computers in the world—260
million—were put to work on a single PGP
encrypted message, it would still take an estimated
12 million times the age of the universe, on
average, to break a single message.”

13. 13
PGP is an open-source freely available software
package for e-mail security.
It provides :
 authentication
 confidentiality
 compression
 e-mail compatibility
 segmentation and reassembly.

14. 14
Digital
signature
DSS/SHA or
RSA/SHA
A hash code of a message is created using SHA-1. This
message digest is encrypted using DSS or RSA with the
sender's private key and included with the message.
Compression ZIP A message may be compressed, for storage or transmission,
using ZIP.

15. 15
Symmetric encryption:
• DES, 3DES, AES and others.
Public key encryption of session keys:
• RSA
Hashing:
• SHA-1, MD-5 and others.
Signature:
• RSA, DSS, ECDSA and others
PGP use:
public keys for
encrypting session keys
/ verifying signatures.
private keys for
decrypting session keys
/ creating signatures.

16. 16
Alice:
 generates random symmetric private key, KS.
 encrypts message with KS (for efficiency)
 also encrypts KS with Bob’s public key.
 sends both KS(m) and KB(KS) to Bob.
Alice wants to send confidential e-mail, m, to Bob.
KS( ).
KB( ).+
+ -
KS(m )
KB(KS )
+
m
KS
KS
KB
+
Internet
KS( ).
KB( ).-
KB
-
KS
m
KS(m )
KB(KS )
+
Bob:
 uses his private key to decrypt and
recover KS
 uses KS to decrypt KS(m) to recover m

17. 17
•Alice wants to provide sender authentication message integrity.
•Alice digitally signs message.
•sends both message (in the clear) and digital signature.
H( ). KA( )
.-
+ -
H(m )KA(H(m))
-
m
KA
-
Internet
m
KA( )
.+
KA
+
KA(H(m))
-
m
H( ). H(m )
compare

18. 18

19. 19