Your SlideShare is downloading. ×
강의자료-7장(3)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

강의자료-7장(3)

456
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
456
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Various SSH implementations are vulnerable to a buffer overflow that allows a remote attacker to run arbitrary code. The SSH implementations include code for detection of a packet injection attack that would permit command execution. The code to detect the attack contains a vulnerability. A malicious user can overflow a 16-bit unsigned integer variable allowing memory address modification
  • Circuit level proxy (gateway?) is one that creates a circuit between the client and the server without interpreting the application protocol. Application level proxy is one that knows about the particular application it is providing proxy services for; it interprets the commands in the application protocol.
  • Pit against : 싸움시키다 , 경쟁시키다 .
  • From Zwicky, Building Internet Firewalls , second edition page 456
  • 각 데이터 패킷은 데이터의 시작 옵셋과 끝 옵셋을 보유 . 이들이 겹칠 경우 많은 OS 가 이를 재결합하려고 시도함 . 이때 문제 발생 가능 . 아래의 공격이 가능 1.. 단순한 DOS 2. 정보 은폐 공격 : 바이러스 탐지기나 침입탐지 시스템을 우회 가능 3. 두 번째 fragment 의 헤더를 검사하지 않고 그대로 전달 : 공격자가 블록된 포트의 정보획득 가능
  • The ZIP file format is a popular data compression and archival format . A ZIP file contains one or more files that have been compressed, to reduce their file size, or stored as-is. Multipurpose Internet Mail Extensions ( MIME ) is an Internet Standard that extends the format of e-mail to support text in character sets other than US-ASCII , non-text attachments, multi-part message bodies, and header information in non-ASCII character sets. Virtually all human-written Internet e-mail and a fairly large proportion of automated e-mail is transmitted via SMTP in MIME format. Internet e-mail is so closely associated with the SMTP and MIME standards that it is sometimes called SMTP/MIME e-mail.
  • Perimeter network is another layer of security.
  • Figure 6-1
  • SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall . SOCKS is an abbreviation for "SOCKetS" [1] . Clients behind a firewall, willing to access exterior servers, may connect to a SOCKS proxy server instead. Such proxy server controls the eligibility of the client to access the external server and passes the request on to the server. SOCKS can also be used in the opposite way, allowing the clients outside the firewall ("exterior clients") connect to servers inside the firewall (internal servers). The protocol was originally developed by David Koblas, a system administrator of MIPS Computer Systems . After MIPS was taken over by Silicon Graphics in 1992, Koblas presented a paper on SOCKS at that year's Usenix Security Symposium and SOCKS became publicly available. [1] The protocol was extended to version 4 by Ying-Da Lee of NEC . Transfers user info from the SOCKS client to the SOCKS server for user authentication Authenticates the user and the channel Guarantees the integrity of TCP and UDP channels
  • Created in 1997, Solsoft is the leading provider of security policy management solutions, enabling businesses to quickly deploy and update error-proof security policies across their global networks.
  • Securify delivers real-time identity aware security monitoring and controls for critical business systems. Our solutions continuously verify that insiders are doing what they are supposed to according to your business intent and best practices.
  • Transitions to wrong are omitted. Dashed line indicates interprocedural edges.
  • Samba is software that can be run on a platform other than Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. Samba uses the TCP/IP protocol that is installed on the host server. When correctly configured, it allows that host to interact with a Microsoft Windows client or server as if it is a Windows file and print server. From The Official Samba
  • Intrusion Detection Expert System (IDES )
  • AFIWC Air Force Information Warfare Center
  • Transcript

    • 1. 7.4 Firewalls
      • A device that filters all traffic between inside network and outside network
      • Purpose
        • protect a private network against intrusion
        • prevent unnoticed and unauthorized export of proprietary information.
    • 2. Firewalls John Mitchell Credit: some text, illustrations from Simon Cooper May 20, 2004
    • 3. Basic Firewall Concept
      • Separate local area net from internet
      Firewall All packets between LAN and internet routed through firewall Router
    • 4. Why firewalls?
      • Need to exchange information
        • Education, business, recreation, social and political
      • Attacks
        • Drawbacks; unsolicited attention and bugs
      • Program bugs
        • All programs contain bugs
        • Larger programs contain more bugs!
        • Network protocols contain;
          • Design weaknesses (SSH CRC)
          • Implementation flaws (SSL, NTP, FTP, SMTP...)
        • Careful (defensive) programming & protocol design is hard
    • 5. Firewall goals
      • What is a firewall ?
        • Logically
          • A separator, a restrictor and an analyzer
        • Rarely a single physical object!
          • Any place where internal and external data can meet
          • Can be distributed (although this is not common now)
      • Castle & Moat Analogy
        • Restricts access from the outside
        • Prevents attackers from getting too close
        • Restricts people from leaving <- Important!!
    • 6. Firewall Design & Architecture Issues
      • Least privilege
      • Defense in depth (very important)
      • Choke point
      • Weakest links
      • Fail-safe stance
      • Universal participation
      • Diversity of defense
      • Simplicity
    • 7. Two Separable Topics
      • Arrangement of firewall and routers
        • Several different configurations
          • Separate internal LAN from external Internet
          • Wall off subnetwork within an organization
            • Test networks, financial records, secret projects
          • Intermediate zone for web server, etc.
        • Personal firewall on end-user machine
      • How does the firewall process data
        • Packet filtering router
        • Application-level gateway
          • Proxy for protocols such as ftp, smtp, http, etc.
        • Circuit-level gateway
        • Personal firewall also knows which application
          • E.g., disallow telnet connection from email client
    • 8. Firewall Design Decisions
      • Two fundamental philosophies
        • not expressly permitted is prohibited.
          • Block everything, and allow services on a case-by-case basis.
          • This approach is the easiest from an administrator's point of view
          • It provides a more &quot;fail-safe&quot; stance and does not demand that the administrator possess exceptional skills.
    • 9. Firewall Design Decisions
        • not expressly prohibited is permitted
          • Although this offers the user the greatest flexibility, it often pits the user against the administrator.
          • This approach requires that the administrator anticipate what users will do and requires considerable skill in auditing and maintaining the overall security of the network.
          • From a security standpoint, this approach is an administrator's nightmare.
    • 10. Design of Firewalls
      • Firewall is a special form of a reference monitor.
        • always invoked
        • tamperproof
        • small and simple enough for rigorous analysis
    • 11. TCP Protocol Stack Application Transport Network Link Application protocol TCP, UDP protocol IP protocol Data Link IP Network Access IP protocol Data Link Application Transport Network Link Transport layer provides ports , logical channels identified by number
    • 12. Data Formats Application Transport (TCP, UDP) Network (IP) Link Layer Application message - data TCP data TCP data TCP data TCP Header data TCP IP IP Header data TCP IP ETH ETF Link (Ethernet) Header Link (Ethernet) Trailer segment packet frame message
    • 13. Types of Firewalls
      • Packet-Filtering Gateway
      • Stateful inspection firewalls
      • Bastion host(application proxies)
      • guards
      • personal firewalls
    • 14. Types of Firewalls
      • Packet-Filtering Gateway
        • Simplest, most effective
        • Controls access to packets based on packet address or specific transport protocol type
    • 15. Types of Firewalls
    • 16. Packet Filtering
      • Uses transport-layer information only
        • IP Source Address, Destination Address
        • Protocol/Next Header (TCP, UDP, ICMP, etc)
        • TCP or UDP source & destination ports
        • TCP Flags (SYN, ACK, FIN, RST, PSH, etc)
        • ICMP message type
      • Examples
        • DNS uses port 53
          • No incoming port 53 packets except known trusted servers
      • Issues
        • Stateful filtering
        • Encapsulation: address translation, …
        • Fragmentation
    • 17. Types of Firewalls
    • 18. Types of Firewalls
    • 19. Screening router for packet filtering
    • 20. Packet filtering examples
    • 21. Port numbering
      • TCP connection
        • Server port is number less than 1024
        • Client port is number between 1024 and 16383
      • Permanent assignment
        • Ports <1024 assigned permanently
          • 20,21 for FTP 23 for Telnet
          • 25 for server SMTP 80 for HTTP
      • Variable use
        • Ports >1024 must be available for client to make any connection
        • This presents a limitation for stateless packet filtering
          • If client wants to use port 2048, firewall must allow incoming traffic on this port
        • Better: stateful filtering knows outgoing requests
    • 22. Filtering Example: Inbound SMTP
    • 23. Filtering Example: Outbound SMTP
    • 24. Types of Firewalls
      • Stateful Inspection Firewall
        • Maintain state information from one packet to another in the input stream
        • Track the sequence of packets and conditions from one packet to another
          • detect attackers who break an attack into multiple packets
    • 25. Stateful or Dynamic Packet Filtering
    • 26. Telnet “ PORT 1234”   “ ACK” Telnet Client Telnet Server 23 1234  Client opens channel to server; tells server its port number. The ACK bit is not set while establishing the connection but will be set on the remaining packets  Server acknowledges
    • 27. FTP FTP Client FTP Server  Client opens command channel to server; tells server second port number  Server acknowledges  Server opens data channel to client’s second port  Client acknowledges “ PORT 5151”   “ OK”  DATA CHANNEL  TCP ACK 20 Data 21 Command 5150 5151
    • 28. Network Address Translation (NAT) Port & Address Translation (PAT)
    • 29. Normal Fragmentation
    • 30. Abnormal Fragmentation
    • 31. Types of Firewalls
      • Bastion host (Application proxy)
        • Simulate the effects of application
        • Application will receive only requests that act properly
        • Two-headed piece of software
          • Inside : as if it were the outside connection
          • Outside : it respond as the insider would
    • 32. Application-level proxies
      • Use “bastion host”
        • Computer running protocol stack
      • Enforce policy for specific protocols
        • E.g., Virus scanning for SMTP
          • Need to understand MIME, encoding, Zip archives
    • 33. Bastion Host
      • A secured system
        • Will interact/accepts data from the Internet
      • Disable all non-required services; keep it simple
      • Install/modify services you want
      • Run security audit to establish baseline
      • Connect system to network <- important
      • Be prepared for the system to be compromised
    • 34. Types of Firewalls
    • 35. Dual Homed Host Architecture
    • 36. Screened Host Architecture
    • 37. Screened Subnet Using Two Routers
    • 38. Source/Destination Address Forgery
    • 39. Firewall mechanism
      • Firewall runs set of proxy programs
        • Proxies filter incoming, outgoing packets
        • All incoming traffic directed to firewall
        • All outgoing traffic appears to come from firewall
      • Policy embedded in proxy programs
      • Two kinds of proxies
        • Application-level proxies
          • Tailored to http, ftp, smtp, etc.
        • Circuit-level proxies
          • Decisions based on header information
    • 40. Proxies
      • Application level: dedicated proxy (HTTP)
      • Circuit level: generic proxy
        • SOCKS
        • WinSock – almost generic proxy for Microsoft
      • Some protocols are natural to proxy
        • SMTP (E-Mail)
        • NNTP (Net news)
        • DNS (Domain Name System)
        • NTP (Network Time Protocol)
    • 41. Firewall architecture
      • Daemon spawns proxy when communication detected …
      Network Connection Telnet daemon SMTP daemon FTP daemon Telnet proxy FTP proxy SMTP proxy
    • 42. A Complex Firewall Setup
    • 43. Web server, database on perimeter network
    • 44. Web server, database on internal network
      • Not a good idea !!!
    • 45. Types of Firewalls : Guards
      • Guards are distinguished from firewalls in following ways
        • Guards have an application filtering capability that is much stronger than a typical firewall.
        • Guards interprets protocol data units.
        • Guards software is generally developed to meet higher assurance requirements.
        • Guards undergo a much more extensive test and evaluation.
    • 46. Personal Firewalls
      • Application program runs on a PC to block unwanted traffic
      • Complement conventional firewall by screening the kind of data a single host will accept
      • Compensate for the lack of a regular firewall as in a private DSL or cable modem connection.
    • 47. Comparison of Firewall Type
    • 48. Configuration issues
    • 49. Example Firewall Configuration
    • 50. Example Firewall Configuration
    • 51. Example Firewall Configuration
    • 52. Solsoft
    • 53. Securify
    • 54. What Firewalls Can and Can’t Block
      • Firewall is effective only if there are no connections through the perimeter that are not mediated by the firewall.
      • Firewalls do not protect data outside the perimeter.
      • Firewalls are the most visible part of an installation to the outside.
      • Firewalls must be correctly configured, and firewall activity reports must be reviewed periodically for evidence of attempted or successful intrusion.
      • Firewalls are targets for penetrators. Designers intentionally keep a firewall small and simple.
      • Firewalls exercise only minor control over the content admitted to the inside.
    • 55. Problems with Firewalls
      • They interfere with the Internet
      • They don't solve the real problems
        • Buggy software
        • Bad protocols
      • Generally cannot prevent Denial of Service
      • Firewalls do not prevent insider attacks
      • Are becoming more complicated
      • Many commercial firewalls permit very, very complex configurations
    • 56. Reference 1 Elizabeth D. Zwicky Simon Cooper D. Brent Chapman
    • 57. Reference 2 William R Cheswick Steven M Bellovin Aviel D Rubin
    • 58. Intrusion Detection John Mitchell
    • 59. 7.5 침입탐지시스템 (IDS)
      • Intrusion detection system (IDS) is a device that monitors activity to identify malicious or suspicious events.
    • 60. Method of last resort
      • Intrusion prevention
        • Network firewall
          • Restrict flow of packets
        • System security
          • Find buffer overflow vulnerabilities and remove them!
      • Intrusion detection
        • Discover system modifications
          • Tripwire
        • Look for attack in progress
          • Network traffic patterns
          • System calls, other system events
    • 61. IDS
    • 62. IDS
      • IDS perform a variety of functions
        • Monitoring users and system activity
        • Auditing system configuration for vulnerabilities and misconfigurations
        • Assessing the integrity of critical system and data files
        • Recognizing known attack patterns in system activity
        • Identifying abnormal activity through statistical Analysis
        • Managing audit trails and highlighting users violating policy or normal activity
        • Correcting system configuration errors
        • Installing and operating traps to record information about intruders
    • 63. Tripwire
      • What is Tripwire software?
        • A software tool that checks to see what has changed on your system.
        • The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc.
      • What is Tripwire used for?
        • Tripwire is originally known as an intrusion detection tool, but can be used for many other purposes such as integrity assurance, change management, policy compliance and more.
    • 64. Tripwire
      • Outline of standard attack
        • Gain user access to system
        • Gain root access
        • Replace system binaries to set up backdoor
        • Use backdoor for future activities
      • Tripwire detection point: system binaries
        • Compute hash of key system binaries
        • Compare current hash to hash stored earlier
        • Report problem if hash is different
        • Store reference hash codes on read-only medium
    • 65. Is Tripwire too late?
      • Typical attack on server
        • Gain access
        • Install backdoor
          • This can be in memory, not on disk!!
        • Use it
      • Tripwire
        • Is a good idea
        • Won’t catch attacks that don’t change system files
        • Detects a compromise that has happened
        • Remember: Defense in depth
    • 66. Detect modified binary in memory?
      • Can use system-call monitoring techniques
      • For example [Wagner, Dean IEEE S&P ’01]
        • Build automaton of expected system calls
          • Can be done automatically from source code
        • Monitor system calls from each program
        • Catch violation
      • Results so far: lots better than not using source code!
    • 67. Example code and automaton Entry(f) Entry(g) Exit(f) Exit(g) open() close() exit() getuid() geteuid() f(int x) { x ? getuid() : geteuid(); x++ } g() { fd = open(&quot;foo&quot;, O_RDONLY); f(0); close(fd); f(1); exit(0); } If code behavior is inconsistent with automaton, something is wrong
    • 68. General intrusion detection
      • Many intrusion detection systems
        • Close to 100 systems with current web pages
        • Network-based, host-based, or combination
      • Two basic models
        • Misuse detection model (Signature based)
          • Maintain data on known attacks
          • Look for activity with corresponding signatures
        • Anomaly detection model (Heuristic)
          • Try to figure out what is “normal”
          • Report anomalous behavior
      • Fundamental problem: too many false alarms
      http://www.snort.org/
    • 69. Types of IDS
      • Signature-Based Intrusion Detection
        • simple pattern matching and report situations that match a pattern corresponding to a known attack type.
        • Problem
          • An attacker will try to modify a basic attack such that it will not match the known signature of that attack.
          • cannot detect a new attack, one for which there is no signature installed yet in the IDS database.
    • 70. Types of IDS
      • Heuristic Intrusion Detection
        • build a model of acceptable behavior and flag exceptions to that model
        • The technique compares real activity with a known representation of normality.
        • misuse intrusion detection
          • the real activity is compared against a known suspicious area.
        • Detection activity is classified in one of three categories
          • good/benign, suspicious, or unknown.
    • 71. Types of IDS
      • Stealth Mode
        • most IDS run in stealth mode ,
        • IDS has two network interfaces
          • the network (or network segment) being monitored
          • the other to generate alerts and perhaps other administrative needs
    • 72. Types of IDS
    • 73. Types of IDS
      • Other IDS Types
        • Tripwire program
        • ISS Scanner or Nessus
        • honeypot
    • 74. Misuse example - rootkit
      • Rootkit sniffs network for passwords
        • Collection of programs that allow attacker to install and operate a packet sniffer (on Unix machines)
        • Emerged in 1994, has evolved since then
        • 1994 estimate: 100,000 systems compromised
      • Rootkit attack
        • Use stolen password or dictionary attack to get user access
        • Get root access using vulnerabilities in rdist, sendmail, /bin/mail, loadmodule, rpc.ypupdated, lpr, or passwd
        • Ftp Rootkit to the host, unpack, compile, and install it
        • Collect more username/password pairs and move on
    • 75. Rootkit covers its tracks
      • Modifies netstat, ps, ls, du, ifconfig, login
        • Modified binaries hide new files used by rootkit
        • Modified login allows attacker to return for passwords
      • Rootkit fools simple Tripwire checksum
        • Modified binaries have same checksum
        • But a better hash would be able to detect rootkit
    • 76. Detecting rootkit on system
      • Sad way to find out
        • Disk is full of sniffer logs
      • Manual confirmation
        • Reinstall clean ps and see what processes are running
      • Automatic detection
        • Rootkit does not alter the data structures normally used by netstat, ps, ls, du, ifconfig
        • Host-based intrusion detection can find rootkit files
          • As long as an update version of Rootkit does not disable your intrusion detection system …
    • 77. Detecting network attack (Sept 2003)
      • Symantec honeypot running Red Hat Linux 9
      • Attack
        • Samba ‘call_trans2open’ Remote Buffer Overflow (BID 7294)
        • Attacker installed a copy of the SHV4 Rootkit
      • Snort NIDS generated alerts, from this signature
          • alert tcp $EXTERNAL_NET any -> $HOME_NET 139
          • (msg:&quot;NETBIOS SMB trans2open buffer overflow attempt&quot;;
          • flow:to_server,established;
          • content:&quot;|00|&quot;; offset:0; depth:1;
          • content:&quot;|ff|SMB|32|&quot;; offset:4; depth:5;
          • content:&quot;|00 14|&quot;; offset:60; depth:2;
      More info: https://tms.symantec.com/members/ AnalystReports/030929-Analysis-SHV4Rootkit.pdf
    • 78. Misuse example - port sweep
      • Attacks can be OS specific
        • Bugs in specific implementations
        • Oversights in default configuration
      • Attacker sweeps net to find vulnerabilities
        • Port sweep tries many ports on many IP addresses
        • If characteristic behavior detected, mount attack
          • SGI IRIX responds TCPMUX port (TCP port 1)
          • If machine responds, SGI IRIX vulnerabilities can be tested and used to break in
      • Port sweep activity can be detected
    • 79. Anomaly Detection
      • Basic idea
        • Monitor network traffic, system calls
        • Compute statistical properties
        • Report errors if statistics outside established range
      • Example – IDES (Denning, SRI)
        • For each user, store daily count of certain activities
          • E.g., Fraction of hours spent reading email
        • Maintain list of counts for several days
        • Report anomaly if count is outside weighted norm
      Big problem: most unpredictable user is the most important
    • 80. Anomaly – sys call sequences
      • Build traces during normal run of program
        • Example program behavior (sys calls)
          • open read write open mmap write fchmod close
        • Sample traces stored in file (4-call sequences)
          • open read write open
          • read write open mmap
          • write open mmap write
          • open mmap write fchmod
          • mmap write fchmod close
        • Report anomaly if following sequence observed
          • open read read open mmap write fchmod close
          • Compute # of mismatches to get mismatch rate
      [Hofmeyr, Somayaji, Forrest]
    • 81. Difficulties in intrusion detection
      • Lack of training data
        • Lots of “normal” network, system call data
        • Little data containing realistic attacks, anomalies
      • Data drift
        • Statistical methods detect changes in behavior
        • Attacker can attack gradually and incrementally
      • Main characteristics not well understood
        • By many measures, attack may be within bounds of “normal” range of activities
      • False identifications are very costly
        • Sys Admin spend many hours examining evidence
    • 82. Response to intrusion?
      • Ideally,
        • Identify attack (possible if misuse, hard if anomaly)
        • Limit damage, stop attack, block further attacks
        • Restore system, identify and prosecute attacker
      • Cliff Stoll
        • Detected attacker at Lawrence Berkeley
        • Created large file with nuclear weapons keywords
        • Traced international phone call during download
    • 83. Goal for IDS
      • fast, simple, and accurate, being complete
      • Design approach
        • Filter on packet headers
        • Filter on packet content
        • Maintain connection state
        • Use complex, multipacket signatures
        • Use minimal number of signatures with maximum effect
        • Filter in real time, on line
        • Hide its presence
        • Use optimal sliding time window size to match signatures
    • 84. Goal for IDS
      • Responding to Alarms
        • responses fall into three major categories
          • Monitor, collect data, perhaps increase amount of data collected
          • Protect, act to reduce exposure
          • Call a human
      • False Results
        • false positive or type I error : raising an alarm for something that is not really an attack
        • false negative or type II error : not raising an alarm for a real attack
    • 85. IDS Strengths and Limitations
      • Strengths
        • IDS detect an ever-growing number of serious problems.
      • Limitations
        • Avoiding an IDS is a first priority for successful attackers.
        • Sensitivity : difficult to measure and adjust.
        • IDS does not run itself.
    • 86. Strategic Intrusion Assessment [Lunt] International/Allied Reporting Centers National Reporting Centers DoD Reporting Centers Regional Reporting Centers (CERTs) Organizational Security Centers Local Intrusion Detectors www.blackhat.com/presentations/bh-usa-99/teresa-lunt/tutorial.ppt
    • 87. Strategic Intrusion Assessment [Lunt]
      • Test over two-week period
        • AFIWC’s intrusion detectors at 100 AFBs alarmed on 2 million sessions
        • Manual review identified 12,000 suspicious events
        • Further manual review => four actual incidents
          • * AFIWC:Air Force Warfare Information Center
      • Conclusion
        • Most alarms are false positives
        • Most true positives are trivial incidents
        • Of the significant incidents, most are isolated attacks to be dealt with locally
    • 88. 7.6 Secure E-mail
      • Security Threats for E-mail
        • message interception (confidentiality)
        • message interception (blocked delivery)
        • message interception and subsequent replay
        • message content modification
        • message origin modification
        • message content forgery by outsider
        • message origin forgery by outsider
        • message content forgery by recipient
        • message origin forgery by recipient
        • denial of message transmission
    • 89. Secure E-mail
      • Requirements for Secure E-mail
        • message confidentiality
          • the message is not exposed en route to the receiver
        • message integrity
          • what the receiver sees is what was sent
        • sender authenticity
          • the receiver is confident who the sender was
        • Nonrepudiation
          • the sender cannot deny having sent the message
    • 90. Encrypted E-mail
    • 91. Encrypted E-mail
    • 92. Encrypted E-mail
    • 93. Example of Secure E-mail Systems
      • PGP – Pretty Good Privacy
        • Process
          • Create a random session key for a symmetric algorithm.
          • Encrypt the message using the session key (for message confidentiality).
          • Encrypt the session key under the recipient’s public key.
          • Generate a message digest or hash of the message; sign the hash by encrypting it with the sender’s private key (for message integrity and authenticity).
          • Attach the encrypted session key to the encrypted message and digest.
          • Transmit the message to the recipient.
    • 94. Example of Secure E-mail Systems
      • S/MIME
        • Internet standard for secure e-mail attachment
        • S/MIME is very much like PGP.
        • Difference of S/MIME and PGP : method of key exchange.
          • S/MIME uses hierarchically validated certificates, usually represented in X.509 format, for key exchange.
          • it is not necessary for sender and recipient to have exchanged keys in advance, as long as they have a common certifier they both trust.
        • works with a variety of cryptographic algorithms
          • DES, AES, and RC2 for symmetric encryption.