SlideShare une entreprise Scribd logo

Lec 8.pptx.pdf

S
ssuserbab2f4

Network security

Logiciels
1  sur  15
Télécharger pour lire hors ligne
Network Security CIT 602 Lec 8 Dr. Ahmed Alwakeel Assistant Professor College of Computers and Information Technology University of Tabuk aalwakeel@ut.edu.sa
S/MIME Secure/Multipurpose Internet Mail Extension S/MIME is a security enhancement to the MIME Internet e-mail format standard based on technology from RSA Data Security. It appears likely that S/MIME will emerge as the industry standard for commercial and organizational use, while PGP will remain the choice for personal e-mail security for many users. we need first to have a general understanding of the underlying e-mail format that it uses, namely MIME. But to understand the significance of MIME, we need to go back to the traditional e-mail format standard, RFC 822, which is still in common use. Dr. Anas Bushnag 2
RFC 5322 It defines a format for text messages that are sent using electronic mail. It has been the standard for Internet-based text mail messages and remains in common use. In the RFC 5322 context, messages are viewed as having an envelope and contents. The envelope contains whatever information is needed to accomplish transmission and delivery. The contents compose the object to be delivered to the recipient. Dr. Anas Bushnag 3
RFC 5322 The RFC 5322 standard applies only to the contents. However, the content standard includes a set of header fields that may be used by the mail system to create the envelope. A message consists of some number of header lines (the header) followed by unrestricted text (the body). The header is separated from the body by a blank line. Another field that is commonly found in RFC 5322 headers is Message-ID. This field contains a unique identifier associated with this message. Dr. Anas Bushnag 4
RFC 5322 Dr. Anas Bushnag 5
Multipurpose Internet Mail Extensions (MIME) It is an extension to the RFC 5322 framework that is intended to address some of the problems and limitations of the use of Simple Mail Transfer Protocol (SMTP): 1. SMTP cannot transmit executable files or other binary objects. 2. SMTP cannot transmit text data that includes national language characters, because these are represented by 8-bit codes with values of 128 decimal or higher, and SMTP is limited to 7-bit ASCII. 3. SMTP servers may reject mail message over a certain size. Dr. Anas Bushnag 6
Multipurpose Internet Mail Extensions (MIME) The MIME specification includes the following elements: 1. Five new message header fields are defined. 2. A number of content formats are defined. 3. Transfer encodings are defined that enable the conversion of any content format into a form that is protected from alteration by the mail system. Dr. Anas Bushnag 7
Multipurpose Internet Mail Extensions (MIME) The five header fields defined in MIME are: 1. MIME-Version: Must have the parameter value 1.0. 2. Content-Type: Describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user 3. Content-Transfer-Encoding: Indicates the type of transformation that has been used to represent the body of the message in a way that is acceptable for mail transport. Dr. Anas Bushnag 8
Multipurpose Internet Mail Extensions (MIME) 4. Content-ID: Used to identify MIME entities uniquely in multiple contexts. 5. Content-Description: A text description of the object with the body; this is useful when the object is not readable (e.g., audio data). Dr. Anas Bushnag 9
Multipurpose Internet Mail Extensions (MIME) Dr. Anas Bushnag 10
S/MIME S/MIME is very similar to PGP. Both offer the ability to sign and/or encrypt messages. S/MIME provides the following functions: 1. Enveloped data: This consists of encrypted content of any type and encrypted content encryption keys for one or more recipients. 2. Signed data: A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer. The content plus signature are then encoded using base64 encoding. A signed data message can only be viewed by a recipient with S/MIME capability. Dr. Anas Bushnag 11
S/MIME 3. Clear-signed data: As with signed data, a digital signature of the content is formed. However, in this case, only the digital signature is encoded using base64. As a result, recipients without S/MIME capability can view the message content, although they cannot verify the signature. 4. Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted. Dr. Anas Bushnag 12
S/MIME To specify the requirement level: 1. MUST: An implementation must include this feature or function. 2. SHOULD: It is recommended that an implementation include the feature or function. Dr. Anas Bushnag 13
S/MIME Dr. Anas Bushnag 14
S/MIME S/MIME secures a MIME entity with a signature, encryption, or both. The use of transfer encoding requires special attention. For most cases, the result of applying the security algorithm will be to produce an object that is partially or totally represented in arbitrary binary data. This will then be wrapped in an outer MIME message, and transfer encoding can be applied at that point, typically base64. Dr. Anas Bushnag 15

Recommandé

S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
S_MIME[1].ppt
S_MIME[1].pptS_MIME[1].ppt
S_MIME[1].pptssuserec53e73
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit vArthyR3
 
M.FLORENCE DAYANA/electronic mail security.pdf
M.FLORENCE DAYANA/electronic mail security.pdfM.FLORENCE DAYANA/electronic mail security.pdf
M.FLORENCE DAYANA/electronic mail security.pdfDr.Florence Dayana
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Network Security CS2
Network Security CS2Network Security CS2
Network Security CS2Infinity Tech Solutions
 
E-mail Security.ppt
E-mail Security.pptE-mail Security.ppt
E-mail Security.pptmaniklal123
 
R.Deviga II-M.Sc computer science
R.Deviga II-M.Sc computer scienceR.Deviga II-M.Sc computer science
R.Deviga II-M.Sc computer scienceSrideviM4
 

Recommandé

S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
S_MIME[1].ppt
S_MIME[1].pptS_MIME[1].ppt
S_MIME[1].pptssuserec53e73
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit vArthyR3
 
M.FLORENCE DAYANA/electronic mail security.pdf
M.FLORENCE DAYANA/electronic mail security.pdfM.FLORENCE DAYANA/electronic mail security.pdf
M.FLORENCE DAYANA/electronic mail security.pdfDr.Florence Dayana
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Network Security CS2
Network Security CS2Network Security CS2
Network Security CS2Infinity Tech Solutions
 
E-mail Security.ppt
E-mail Security.pptE-mail Security.ppt
E-mail Security.pptmaniklal123
 
R.Deviga II-M.Sc computer science
R.Deviga II-M.Sc computer scienceR.Deviga II-M.Sc computer science
R.Deviga II-M.Sc computer scienceSrideviM4
 
R.Deviga II-M.Sc computer science
R.Deviga II-M.Sc computer scienceR.Deviga II-M.Sc computer science
R.Deviga II-M.Sc computer scienceDevigaR1
 
computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptjayaprasanna10
 
Ch15
Ch15Ch15
Ch15Joe Christensen
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5limsh
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
Network security
Network securityNetwork security
Network securitySVijaylakshmi
 
crypto ppt.pptx
crypto ppt.pptxcrypto ppt.pptx
crypto ppt.pptxSrinivasRao591013
 
Email sec11
Email sec11Email sec11
Email sec11Athira Asakumar
 
Email
EmailEmail
EmailV.V.Vanniaperumal College for Women
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber securityShruthi Reddy
 
Email security
Email securityEmail security
Email securitykumarviji
 
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...DevigaR1
 
ch22.ppt
ch22.pptch22.ppt
ch22.pptImXaib
 
Pgp
PgpPgp
PgpAbhishek Kesharwani
 
Encrypting E-mail Messages
Encrypting E-mail MessagesEncrypting E-mail Messages
Encrypting E-mail MessagesD's Surti
 
Pgp
PgpPgp
PgpAbhishek Kesharwani
 
Cn u5
Cn u5Cn u5
Cn u5Poovarasu Thirunavukkarasu
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 

Contenu connexe

Similaire à Lec 8.pptx.pdf

R.Deviga II-M.Sc computer science
R.Deviga II-M.Sc computer scienceR.Deviga II-M.Sc computer science
R.Deviga II-M.Sc computer scienceDevigaR1
 
computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptjayaprasanna10
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5limsh
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber securityShruthi Reddy
 
Email security
Email securityEmail security
Email securitykumarviji
 
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...DevigaR1
 
ch22.ppt
ch22.pptch22.ppt
ch22.pptImXaib
 
Encrypting E-mail Messages
Encrypting E-mail MessagesEncrypting E-mail Messages
Encrypting E-mail MessagesD's Surti
 

Similaire à Lec 8.pptx.pdf (20)

R.Deviga II-M.Sc computer science
R.Deviga II-M.Sc computer scienceR.Deviga II-M.Sc computer science
R.Deviga II-M.Sc computer science
 
computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.ppt
 
Ch15
Ch15Ch15
Ch15
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
 
Email security
Email securityEmail security
Email security
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
Network security
Network securityNetwork security
Network security
 
crypto ppt.pptx
crypto ppt.pptxcrypto ppt.pptx
crypto ppt.pptx
 
Email sec11
Email sec11Email sec11
Email sec11
 
Email
EmailEmail
Email
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber security
 
Email security
Email securityEmail security
Email security
 
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
 
ch22.ppt
ch22.pptch22.ppt
ch22.ppt
 
Pgp
PgpPgp
Pgp
 
Encrypting E-mail Messages
Encrypting E-mail MessagesEncrypting E-mail Messages
Encrypting E-mail Messages
 
Pgp
PgpPgp
Pgp
 
Cn u5
Cn u5Cn u5
Cn u5
 

Dernier

Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 

Dernier (20)

Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 

Lec 8.pptx.pdf

  • 1. Network Security CIT 602 Lec 8 Dr. Ahmed Alwakeel Assistant Professor College of Computers and Information Technology University of Tabuk aalwakeel@ut.edu.sa
  • 2. S/MIME Secure/Multipurpose Internet Mail Extension S/MIME is a security enhancement to the MIME Internet e-mail format standard based on technology from RSA Data Security. It appears likely that S/MIME will emerge as the industry standard for commercial and organizational use, while PGP will remain the choice for personal e-mail security for many users. we need first to have a general understanding of the underlying e-mail format that it uses, namely MIME. But to understand the significance of MIME, we need to go back to the traditional e-mail format standard, RFC 822, which is still in common use. Dr. Anas Bushnag 2
  • 3. RFC 5322 It defines a format for text messages that are sent using electronic mail. It has been the standard for Internet-based text mail messages and remains in common use. In the RFC 5322 context, messages are viewed as having an envelope and contents. The envelope contains whatever information is needed to accomplish transmission and delivery. The contents compose the object to be delivered to the recipient. Dr. Anas Bushnag 3
  • 4. RFC 5322 The RFC 5322 standard applies only to the contents. However, the content standard includes a set of header fields that may be used by the mail system to create the envelope. A message consists of some number of header lines (the header) followed by unrestricted text (the body). The header is separated from the body by a blank line. Another field that is commonly found in RFC 5322 headers is Message-ID. This field contains a unique identifier associated with this message. Dr. Anas Bushnag 4
  • 5. RFC 5322 Dr. Anas Bushnag 5
  • 6. Multipurpose Internet Mail Extensions (MIME) It is an extension to the RFC 5322 framework that is intended to address some of the problems and limitations of the use of Simple Mail Transfer Protocol (SMTP): 1. SMTP cannot transmit executable files or other binary objects. 2. SMTP cannot transmit text data that includes national language characters, because these are represented by 8-bit codes with values of 128 decimal or higher, and SMTP is limited to 7-bit ASCII. 3. SMTP servers may reject mail message over a certain size. Dr. Anas Bushnag 6
  • 7. Multipurpose Internet Mail Extensions (MIME) The MIME specification includes the following elements: 1. Five new message header fields are defined. 2. A number of content formats are defined. 3. Transfer encodings are defined that enable the conversion of any content format into a form that is protected from alteration by the mail system. Dr. Anas Bushnag 7
  • 8. Multipurpose Internet Mail Extensions (MIME) The five header fields defined in MIME are: 1. MIME-Version: Must have the parameter value 1.0. 2. Content-Type: Describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user 3. Content-Transfer-Encoding: Indicates the type of transformation that has been used to represent the body of the message in a way that is acceptable for mail transport. Dr. Anas Bushnag 8
  • 9. Multipurpose Internet Mail Extensions (MIME) 4. Content-ID: Used to identify MIME entities uniquely in multiple contexts. 5. Content-Description: A text description of the object with the body; this is useful when the object is not readable (e.g., audio data). Dr. Anas Bushnag 9
  • 10. Multipurpose Internet Mail Extensions (MIME) Dr. Anas Bushnag 10
  • 11. S/MIME S/MIME is very similar to PGP. Both offer the ability to sign and/or encrypt messages. S/MIME provides the following functions: 1. Enveloped data: This consists of encrypted content of any type and encrypted content encryption keys for one or more recipients. 2. Signed data: A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer. The content plus signature are then encoded using base64 encoding. A signed data message can only be viewed by a recipient with S/MIME capability. Dr. Anas Bushnag 11
  • 12. S/MIME 3. Clear-signed data: As with signed data, a digital signature of the content is formed. However, in this case, only the digital signature is encoded using base64. As a result, recipients without S/MIME capability can view the message content, although they cannot verify the signature. 4. Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted. Dr. Anas Bushnag 12
  • 13. S/MIME To specify the requirement level: 1. MUST: An implementation must include this feature or function. 2. SHOULD: It is recommended that an implementation include the feature or function. Dr. Anas Bushnag 13
  • 15. S/MIME S/MIME secures a MIME entity with a signature, encryption, or both. The use of transfer encoding requires special attention. For most cases, the result of applying the security algorithm will be to produce an object that is partially or totally represented in arbitrary binary data. This will then be wrapped in an outer MIME message, and transfer encoding can be applied at that point, typically base64. Dr. Anas Bushnag 15