SlideShare a Scribd company logo

Lecture 8 mail security

R
rajakhurram

Network Security Course (ET1318, ET2437) at Blekinge Institute of Technology, Karlskrona, Sweden

TechnologyEducation
1 of 30
Electronic mail security
Outline • Pretty Good Privacy (PGP) • S/MIME • Recommended web sites 2 2
Security facilities in the TCP/IP protocol stack 3 3
Pretty Good Privacy • Philip R. Zimmerman is the creator of PGP (1992). • PGP provides  confidentiality  and authentication service that can be used for electronic mail and file storage applications. 4 4
Why Is PGP Popular? • It is available free on a variety of platforms. • Wide range of applicability • Based on well known algorithms. (Why ?, Is it Secure ?) • Not developed or controlled by governmental or standards organizations (Is-it trust worthy) 5 5
Operational Description •Notations Z = Compression using ZIP Ks = Session key used in Algorithm symmetric encryption scheme R64 = Conversion to Radix 64 PRa = Private key of user A, ASCII format used in public-key encryption EP = Public key encryption scheme DP = Public key decryption PUa = Public key of user A, EC = Symmetric Encryption used in public-key encryption DC = Symmetric Decryption scheme H = Hash Function (SHA-1 Used, 160 bit hash) • Consist of five services: | | : Concatenation  Authentication  Confidentiality  Compression  E-mail compatibility  Segmentation 6 6
Authentication • The sender creates a message • SHA-1 is used to generate a 160-bit hash code of the message • The hash code is encrypted with RSA using the sender’s private key, and the result is prepended to the message • The reciever uses RSA with sender’s public key to decrypt and recover the hash code • The reciever generates a new hash code for the mesage and compares it with the decryupted hash code. 7
Confidentiality • The sender generates a message and a random 128-bit number to be used as a session key for this message only • The message is encrypted using CAST -128 / IDEA / #DES with the session key. • The session key is encrypted with RSA using recipients public key and is prepended to the message • The reciever uses RSA with its private key to decrypt and recover the session key. • The session key is used to decrypt the message 8
PGP Cryptographic Function E[PUb, Ks] 9 9
PGP Cryptographic Function 10 10
Compression • PGP compresses the message after applying the signature but before encryption • The placement of the compression algorithm is critical. • The compression algorithm used is ZIP (described in appendix G or search internet) • Message encryption is applied after compression to strengthen cryptographic security. 11 11
E-mail Compatibility • The scheme used is radix-64 conversion (see appendix or online). • The use of radix-64 expands the message by 33%. 12 12
Segmentation and Reassembly • Often restricted to a maximum message length of 50,000 octets. • Longer messages must be broken up into segments. • PGP automatically subdivides a message that is to large. • The receiver strip of all e-mail headers and reassemble the block. 13 13
Transmission and Reception of PGP Messages assembly 14 14
Format of PGP Message 15 15
General Structure of Private and Public Key Rings • Keys need to be stored and organized in a systematic way for efficient and effective use by all parties • Scheme used in PGP providesa pair of data structure at each node  To store public / private key pairs owned by that node (Private Key Ring)  To store public keys of other users known at this node (Public Key Ring) 16
General Structure of Private and Public Key Rings Least significant 64 bits 17
PGP Message Generation 18
PGP Message Reception 19
The Use of Trust • No specification for establishing certifying authorities or for establishing trust • Provides means of  Using trust  Associating trust with public keys  Exploiting trust information. • Basic Structure  Key legitimacy field : indicates the extent to which PGP will trust See Table 7.2 public key for user (W. Stallings)  Signature trust field : Indicates the degree to PGP user trusts the signer to certify public keys  Owner trust field : Indicates degree to which public key is trusted to sign other public-key certificates; assigned by user 20 20
PGP Trust Model (Example) 21 (Reading Assignment)
Revoking Public Keys • The owner issue a key revocation certificate. • Normal signature certificate with a revoke indicator. • Corresponding private key is used to sign the certificate. 22 22
S/MIME • Secure/Multipurpose Internet Mail Extension (RFC5751) • S/MIME on the IETF standard track  Will be the commercial standard for secure e-mails • Uses X.509 certificates (Public-Key Cryptography Standards (PKCS) #7) to sign/encrypt messages  PKCS # 7: An updated Cryptographic Message Syntax (CMS) – CMS is the IETF's standard for cryptographically protected messages which is used to digitally sign, digest, authenticate or encrypt digital data. • Provides same features as PGP  authentication, message integrity and non-repudiation of origin – provided by use of digital signatures  privacy, data security – provided by use of encryption • PGP for personal e-mail security, S/MIME for professional e-mail security 23 23
S/MIME Fucntion • Enveloped Data  Consists of encrypted content of any type and encrypteed-content encryption key • Signed Data  Digital signature is formed by taking the message digest and then encrypted with public key  Contents + Signature are encoded using base64 encoding  Can only viewed by recipeint with S/MIME capabilities. • Clear-Signed Data  Digital signature are formed and encoded using base64  All can see message but can not verify signature. • Singed and Enveloped Data  Encrypted data may be signed  Signed data or clear-signed data may be encrypted 24
Plain Mail (just MIME) Content-Type: multipart/mixed; boundary=bar --bar Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable =A1Hola Michael! How do you like the new S/MIME specification? It's generally a good idea to encode lines that begin with From=20because some mail transport agents will insert a greater- than (>) sign, thus invalidating the signature. Also, in some cases it might be desirable to encode any =20 trailing whitespace that occurs on lines in order to ensure =20 that the message signature is not invalidated when passing =20 a gateway that modifies such whitespace (like BITNET). =20 --bar Content-Type: image/jpeg Content-Transfer-Encoding: base64 iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn HOxEa44b+EI= --bar-- 25 25
S/MIME filenames Media Type File Extension application/pkcs7-mime (SignedData, .p7m EnvelopedData) application/pkcs7-mime (degenerate SignedData .p7c certificate management message) application/pkcs7-mime (CompressedData) .p7z application/pkcs7-signature (SignedData) .p7s 26 26
S/MIME singed message Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-- 27 27
Algorithms Used in S/MIME • Message Digesting  MUST : Absolute Requirement – SHA-1  SHOULD : May be required in particular cases – MD5 (Receiver) • Digital Signatures  MUST : DSS (Sender / Receiver)  SHOULD : RSA (Key size of 512 – 1024 bits) (Sender / Receiver) • Encryption with one time session key  MUST – Triple-DES (Sender / Receiver)  SHOULD – AES, RC2/40 (Sender) 28 28
Algorithms Used in S/MIME • Asymmetric encryption of the session key  MUST – RSA with key sizes of 512 to 1024 bits (Sender / Receiver)  SHOULD – Diffie-Hellman (for session keys). (Sender / Receiver) • Creation of MAC  MUST : HMAC with SHA-1 (Receiver)  SHOULD : HMAC with SHA-1 (Sender) 29
Recommended Web Sites • PGP home page: www.pgp.com • MIT distribution site for PGP • GOOGLE -> PGP • S/MIME Central: RSA Inc.’s Web Site 30 30

Recommended

Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Email Security
Email SecurityEmail Security
Email Securityselvakumar_b1985
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the emailGianni Fiore
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5limsh
 
Pgp
PgpPgp
Pgpprecy02
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Tania Agni
 

Recommended

Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Email Security
Email SecurityEmail Security
Email Securityselvakumar_b1985
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the emailGianni Fiore
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5limsh
 
Pgp
PgpPgp
Pgpprecy02
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Tania Agni
 
PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01Qaisar Ayub
 
E mail security
E mail securityE mail security
E mail securitySoumya Vijoy
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
Network security
Network securityNetwork security
Network securityDhaval Kaneria
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Pretty good privacy - Email Security
Pretty good privacy - Email SecurityPretty good privacy - Email Security
Pretty good privacy - Email SecurityRakesh Mittal
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
 
Email security & threads
Email security & threadsEmail security & threads
Email security & threadsInocentshuja Ahmad
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPunnya Babu
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email securityMazin Alwaaly
 
Network security
Network securityNetwork security
Network securitySVijaylakshmi
 
Ch15
Ch15Ch15
Ch15Joe Christensen
 
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...DevigaR1
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)Pankaj Bhambhani
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
Email sec11
Email sec11Email sec11
Email sec11Athira Asakumar
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxprateekPallav2
 

More Related Content

What's hot

PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01Qaisar Ayub
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
Pretty good privacy - Email Security
Pretty good privacy - Email SecurityPretty good privacy - Email Security
Pretty good privacy - Email SecurityRakesh Mittal
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPunnya Babu
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email securityMazin Alwaaly
 
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...DevigaR1
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)Pankaj Bhambhani
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 

What's hot (20)

PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01
 
E mail security
E mail securityE mail security
E mail security
 
Pgp
PgpPgp
Pgp
 
Network security
Network securityNetwork security
Network security
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
Email security
Email securityEmail security
Email security
 
Pretty good privacy - Email Security
Pretty good privacy - Email SecurityPretty good privacy - Email Security
Pretty good privacy - Email Security
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
 
Email security & threads
Email security & threadsEmail security & threads
Email security & threads
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email security
 
Network security
Network securityNetwork security
Network security
 
Ch15
Ch15Ch15
Ch15
 
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
 

Similar to Lecture 8 mail security

module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxprateekPallav2
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
PGP desk top basis lecture 002
PGP desk top basis lecture 002PGP desk top basis lecture 002
PGP desk top basis lecture 002Qaisar Ayub
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 

Similar to Lecture 8 mail security (20)

Email sec11
Email sec11Email sec11
Email sec11
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptx
 
Pgp1
Pgp1Pgp1
Pgp1
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 
unit6.ppt
unit6.pptunit6.ppt
unit6.ppt
 
Unit 4
Unit 4Unit 4
Unit 4
 
pgp.ppt.pptx
pgp.ppt.pptxpgp.ppt.pptx
pgp.ppt.pptx
 
PGP desk top basis lecture 002
PGP desk top basis lecture 002PGP desk top basis lecture 002
PGP desk top basis lecture 002
 
CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
email.ppt
email.pptemail.ppt
email.ppt
 
Email2
Email2Email2
Email2
 
Pgp
PgpPgp
Pgp
 
PGP.ppt
PGP.pptPGP.ppt
PGP.ppt
 
ch15 (1).ppt
ch15 (1).pptch15 (1).ppt
ch15 (1).ppt
 
ch15.ppt
ch15.pptch15.ppt
ch15.ppt
 
ch15.ppt
ch15.pptch15.ppt
ch15.ppt
 

More from rajakhurram

Malicious software
Malicious softwareMalicious software
Malicious softwarerajakhurram
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious softwarerajakhurram
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
Lecture 11 wifi security
Lecture 11 wifi securityLecture 11 wifi security
Lecture 11 wifi securityrajakhurram
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Lecture 7 certificates
Lecture 7 certificatesLecture 7 certificates
Lecture 7 certificatesrajakhurram
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web securityrajakhurram
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Lecture 3b public key_encryption
Lecture 3b public key_encryptionLecture 3b public key_encryption
Lecture 3b public key_encryptionrajakhurram
 
Lecture3a symmetric encryption
Lecture3a symmetric encryptionLecture3a symmetric encryption
Lecture3a symmetric encryptionrajakhurram
 
Lecture2 network attack
Lecture2 network attackLecture2 network attack
Lecture2 network attackrajakhurram
 
Lecture1 Introduction
Lecture1 Introduction Lecture1 Introduction
Lecture1 Introduction rajakhurram
 

More from rajakhurram (14)

Malicious software
Malicious softwareMalicious software
Malicious software
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
Lecture 11 wifi security
Lecture 11 wifi securityLecture 11 wifi security
Lecture 11 wifi security
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
 
Lecture 7 certificates
Lecture 7 certificatesLecture 7 certificates
Lecture 7 certificates
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
Lecture 3b public key_encryption
Lecture 3b public key_encryptionLecture 3b public key_encryption
Lecture 3b public key_encryption
 
Lecture3a symmetric encryption
Lecture3a symmetric encryptionLecture3a symmetric encryption
Lecture3a symmetric encryption
 
Lecture2 network attack
Lecture2 network attackLecture2 network attack
Lecture2 network attack
 
Lecture1 Introduction
Lecture1 Introduction Lecture1 Introduction
Lecture1 Introduction
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Lecture 8 mail security

  • 2. Outline • Pretty Good Privacy (PGP) • S/MIME • Recommended web sites 2 2
  • 3. Security facilities in the TCP/IP protocol stack 3 3
  • 4. Pretty Good Privacy • Philip R. Zimmerman is the creator of PGP (1992). • PGP provides  confidentiality  and authentication service that can be used for electronic mail and file storage applications. 4 4
  • 5. Why Is PGP Popular? • It is available free on a variety of platforms. • Wide range of applicability • Based on well known algorithms. (Why ?, Is it Secure ?) • Not developed or controlled by governmental or standards organizations (Is-it trust worthy) 5 5
  • 6. Operational Description •Notations Z = Compression using ZIP Ks = Session key used in Algorithm symmetric encryption scheme R64 = Conversion to Radix 64 PRa = Private key of user A, ASCII format used in public-key encryption EP = Public key encryption scheme DP = Public key decryption PUa = Public key of user A, EC = Symmetric Encryption used in public-key encryption DC = Symmetric Decryption scheme H = Hash Function (SHA-1 Used, 160 bit hash) • Consist of five services: | | : Concatenation  Authentication  Confidentiality  Compression  E-mail compatibility  Segmentation 6 6
  • 7. Authentication • The sender creates a message • SHA-1 is used to generate a 160-bit hash code of the message • The hash code is encrypted with RSA using the sender’s private key, and the result is prepended to the message • The reciever uses RSA with sender’s public key to decrypt and recover the hash code • The reciever generates a new hash code for the mesage and compares it with the decryupted hash code. 7
  • 8. Confidentiality • The sender generates a message and a random 128-bit number to be used as a session key for this message only • The message is encrypted using CAST -128 / IDEA / #DES with the session key. • The session key is encrypted with RSA using recipients public key and is prepended to the message • The reciever uses RSA with its private key to decrypt and recover the session key. • The session key is used to decrypt the message 8
  • 9. PGP Cryptographic Function E[PUb, Ks] 9 9
  • 11. Compression • PGP compresses the message after applying the signature but before encryption • The placement of the compression algorithm is critical. • The compression algorithm used is ZIP (described in appendix G or search internet) • Message encryption is applied after compression to strengthen cryptographic security. 11 11
  • 12. E-mail Compatibility • The scheme used is radix-64 conversion (see appendix or online). • The use of radix-64 expands the message by 33%. 12 12
  • 13. Segmentation and Reassembly • Often restricted to a maximum message length of 50,000 octets. • Longer messages must be broken up into segments. • PGP automatically subdivides a message that is to large. • The receiver strip of all e-mail headers and reassemble the block. 13 13
  • 14. Transmission and Reception of PGP Messages assembly 14 14
  • 15. Format of PGP Message 15 15
  • 16. General Structure of Private and Public Key Rings • Keys need to be stored and organized in a systematic way for efficient and effective use by all parties • Scheme used in PGP providesa pair of data structure at each node  To store public / private key pairs owned by that node (Private Key Ring)  To store public keys of other users known at this node (Public Key Ring) 16
  • 17. General Structure of Private and Public Key Rings Least significant 64 bits 17
  • 20. The Use of Trust • No specification for establishing certifying authorities or for establishing trust • Provides means of  Using trust  Associating trust with public keys  Exploiting trust information. • Basic Structure  Key legitimacy field : indicates the extent to which PGP will trust See Table 7.2 public key for user (W. Stallings)  Signature trust field : Indicates the degree to PGP user trusts the signer to certify public keys  Owner trust field : Indicates degree to which public key is trusted to sign other public-key certificates; assigned by user 20 20
  • 21. PGP Trust Model (Example) 21 (Reading Assignment)
  • 22. Revoking Public Keys • The owner issue a key revocation certificate. • Normal signature certificate with a revoke indicator. • Corresponding private key is used to sign the certificate. 22 22
  • 23. S/MIME • Secure/Multipurpose Internet Mail Extension (RFC5751) • S/MIME on the IETF standard track  Will be the commercial standard for secure e-mails • Uses X.509 certificates (Public-Key Cryptography Standards (PKCS) #7) to sign/encrypt messages  PKCS # 7: An updated Cryptographic Message Syntax (CMS) – CMS is the IETF's standard for cryptographically protected messages which is used to digitally sign, digest, authenticate or encrypt digital data. • Provides same features as PGP  authentication, message integrity and non-repudiation of origin – provided by use of digital signatures  privacy, data security – provided by use of encryption • PGP for personal e-mail security, S/MIME for professional e-mail security 23 23
  • 24. S/MIME Fucntion • Enveloped Data  Consists of encrypted content of any type and encrypteed-content encryption key • Signed Data  Digital signature is formed by taking the message digest and then encrypted with public key  Contents + Signature are encoded using base64 encoding  Can only viewed by recipeint with S/MIME capabilities. • Clear-Signed Data  Digital signature are formed and encoded using base64  All can see message but can not verify signature. • Singed and Enveloped Data  Encrypted data may be signed  Signed data or clear-signed data may be encrypted 24
  • 25. Plain Mail (just MIME) Content-Type: multipart/mixed; boundary=bar --bar Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable =A1Hola Michael! How do you like the new S/MIME specification? It's generally a good idea to encode lines that begin with From=20because some mail transport agents will insert a greater- than (>) sign, thus invalidating the signature. Also, in some cases it might be desirable to encode any =20 trailing whitespace that occurs on lines in order to ensure =20 that the message signature is not invalidated when passing =20 a gateway that modifies such whitespace (like BITNET). =20 --bar Content-Type: image/jpeg Content-Transfer-Encoding: base64 iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn HOxEa44b+EI= --bar-- 25 25
  • 26. S/MIME filenames Media Type File Extension application/pkcs7-mime (SignedData, .p7m EnvelopedData) application/pkcs7-mime (degenerate SignedData .p7c certificate management message) application/pkcs7-mime (CompressedData) .p7z application/pkcs7-signature (SignedData) .p7s 26 26
  • 27. S/MIME singed message Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-- 27 27
  • 28. Algorithms Used in S/MIME • Message Digesting  MUST : Absolute Requirement – SHA-1  SHOULD : May be required in particular cases – MD5 (Receiver) • Digital Signatures  MUST : DSS (Sender / Receiver)  SHOULD : RSA (Key size of 512 – 1024 bits) (Sender / Receiver) • Encryption with one time session key  MUST – Triple-DES (Sender / Receiver)  SHOULD – AES, RC2/40 (Sender) 28 28
  • 29. Algorithms Used in S/MIME • Asymmetric encryption of the session key  MUST – RSA with key sizes of 512 to 1024 bits (Sender / Receiver)  SHOULD – Diffie-Hellman (for session keys). (Sender / Receiver) • Creation of MAC  MUST : HMAC with SHA-1 (Receiver)  SHOULD : HMAC with SHA-1 (Sender) 29
  • 30. Recommended Web Sites • PGP home page: www.pgp.com • MIT distribution site for PGP • GOOGLE -> PGP • S/MIME Central: RSA Inc.’s Web Site 30 30