Your SlideShare is downloading. ×
0
A Security Primer Venkatesh Iyer Created: 30/11/2005
Security Topics Algorithms Encryption Digital Signatures Certificates Algorithms Encryption Key Mgmt PGP S/MIME SSL TLS IP...
Need for message security <ul><li>Privacy </li></ul><ul><ul><li>Am I sure no body else knows this? </li></ul></ul><ul><li>...
Cryptography
Cryptography  <ul><li>Jargon </li></ul><ul><ul><li>Cryptography means “ Secret Writing ” </li></ul></ul><ul><ul><li>Origin...
Symmetric Key Cryptography Encrypt Network Decrypt Shared secret key <ul><li>Features </li></ul><ul><ul><li>Same key used ...
Symmetric Key (contd.) <ul><li>Algorithms </li></ul><ul><ul><li>DES (Data Encryption Standard) </li></ul></ul><ul><ul><li>...
Public Key Cryptography Encrypt Network Decrypt Bob’s public key Alice Bob Bob’s private key To the public 1 2 <ul><li>Fea...
Public Key (contd.) <ul><li>Algorithms </li></ul><ul><ul><li>RSA (Rivest, Shamir and Adleman) </li></ul></ul><ul><li>Advan...
Digital Signatures <ul><li>Features </li></ul><ul><ul><li>Enables integrity, authentication and non-repudiation </li></ul>...
Digital Signatures (contd.) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Dig...
Digital Signatures (contd.) Receiver site Bob From Alice Decrypt Hash Function Digest Alice’s public key Digest X Compare ...
Key Management <ul><li>In symmetric key systems: </li></ul><ul><ul><li>We need a mechanism to share the key between sender...
Key Management (contd.) <ul><li>In public key systems: </li></ul><ul><ul><li>Alice needs to know whether Bob’s public key ...
Certificates <ul><li>Certificate is described by  X.509  protocol </li></ul><ul><li>X.509 uses ASN.1 (Abstract Syntax Nota...
Chain of Trust <ul><li>Query propagation similar to DNS queries  </li></ul><ul><li>At any level, the CA can certify perfor...
Security at IP Level
IPSec – IP Security <ul><li>Secures the IP packet by adding additional header  </li></ul><ul><li>Selection of encryption, ...
Security at Transport Layer
Secure Sockets Layer (SSL) <ul><li>Developed by Netscape </li></ul><ul><li>Used to establish secure connection between two...
Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer...
Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer...
Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer...
Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer...
Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer...
Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer...
Security at Application Layer
Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Diges...
Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Diges...
Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Diges...
Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Diges...
Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Diges...
Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Diges...
Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Diges...
PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret ...
PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret ...
PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret ...
PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret ...
PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret ...
PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret ...
Sample PGP Signature From: alice@wonderland.com Date: Mon, 16 Nov 1998 19:03:30 -0600 Subject: Message signed with PGP MIM...
S/MIME <ul><li>Working principle similar to PGP </li></ul><ul><li>S/MIME uses multipart MIME type to include the cryptogra...
Sample SMIME Signature From: alice@wonderland.com Date: Mon, 16 Nov 1998 19:03:08 -0600 Subject: Message signed with S/MIM...
Sample SMIME Signature UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1h cnkgQ2VydGlmaWNhdGlvbi...
References
References <ul><li>Overview of cryptography:  </li></ul><ul><ul><li>www.rsalabs.com/faq/ </li></ul></ul><ul><ul><li>http:/...
Upcoming SlideShare
Loading in...5
×

Network Security Primer

14,259

Published on

Basic concepts of network security

Published in: Technology
5 Comments
28 Likes
Statistics
Notes
  • @TeishaFoglia You seem really professional and you are an engineer, amazing!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • neat presentation with clear information.thanks for your slide share. here is a blog related to scam awareness: http://scambaitings.blogspot.com/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • As a management instructor I appreciate viewing the function of others. This is probably the greatest demonstration on planning I've viewed.
    Teisha
    http://dashinghealth.com http://healthimplants.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • thanks you very much.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dear ll,.

    We need slide a security primer & please sent my email : afgan3x@gmail.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
14,259
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
1,156
Comments
5
Likes
28
Embeds 0
No embeds

No notes for slide

Transcript of "Network Security Primer"

  1. 1. A Security Primer Venkatesh Iyer Created: 30/11/2005
  2. 2. Security Topics Algorithms Encryption Digital Signatures Certificates Algorithms Encryption Key Mgmt PGP S/MIME SSL TLS IPSec Cryptography Symmetric Key Public Key
  3. 3. Need for message security <ul><li>Privacy </li></ul><ul><ul><li>Am I sure no body else knows this? </li></ul></ul><ul><li>Authentication </li></ul><ul><ul><li>Am I sure that the sender is genuine and not an imposter? </li></ul></ul><ul><li>Integrity </li></ul><ul><ul><li>Am I sure that the message has not been tampered on its way? </li></ul></ul><ul><li>Non-repudiation </li></ul><ul><ul><li>What will I do if the sender denies sending the message? </li></ul></ul>
  4. 4. Cryptography
  5. 5. Cryptography <ul><li>Jargon </li></ul><ul><ul><li>Cryptography means “ Secret Writing ” </li></ul></ul><ul><ul><li>Original message – plaintext </li></ul></ul><ul><ul><li>Encrypted message – ciphertext </li></ul></ul><ul><ul><li>Encryption and decryption algorithms – ciphers </li></ul></ul><ul><ul><li>The number value that the cipher operates on – key </li></ul></ul><ul><li>Types </li></ul><ul><ul><li>Symmetric key cryptography </li></ul></ul><ul><ul><li>Public key cryptography </li></ul></ul>
  6. 6. Symmetric Key Cryptography Encrypt Network Decrypt Shared secret key <ul><li>Features </li></ul><ul><ul><li>Same key used by sender and receiver </li></ul></ul><ul><ul><li>Algorithm for decryption is inverse of the algorithm used for encryption </li></ul></ul>Alice Bob 1 2
  7. 7. Symmetric Key (contd.) <ul><li>Algorithms </li></ul><ul><ul><li>DES (Data Encryption Standard) </li></ul></ul><ul><ul><li>Triple DES </li></ul></ul><ul><li>Advantages </li></ul><ul><ul><li>Efficient algorithms (takes less time to encrypt and decrypt) </li></ul></ul><ul><ul><li>Simple </li></ul></ul><ul><li>Disadvantages </li></ul><ul><ul><li>Each pair must have unique keys. i.e. N people will require N(N-1)/2 keys </li></ul></ul><ul><ul><li>Distribution of keys between two parties can be difficult </li></ul></ul>
  8. 8. Public Key Cryptography Encrypt Network Decrypt Bob’s public key Alice Bob Bob’s private key To the public 1 2 <ul><li>Features </li></ul><ul><ul><li>There are two keys: a private key and a public key </li></ul></ul><ul><ul><li>The private key is kept by the receiver and the public key is announced to the public </li></ul></ul>
  9. 9. Public Key (contd.) <ul><li>Algorithms </li></ul><ul><ul><li>RSA (Rivest, Shamir and Adleman) </li></ul></ul><ul><li>Advantages </li></ul><ul><ul><li>Need to distribute only the public key. Private key can be safely kept </li></ul></ul><ul><ul><li>Lesser number of keys i.e. 1 million users may need only 2 million keys (as compared to 500 billion, if they use symmetric key cryptography) </li></ul></ul><ul><li>Disadvantages </li></ul><ul><ul><li>Complex algorithms </li></ul></ul><ul><ul><li>Association between the public key and the entity must be verified (need for certificates) </li></ul></ul>
  10. 10. Digital Signatures <ul><li>Features </li></ul><ul><ul><li>Enables integrity, authentication and non-repudiation </li></ul></ul><ul><ul><li>Private keys are used to sign a message (or hash) </li></ul></ul><ul><ul><li>Public keys are used to verify the signatures </li></ul></ul><ul><li>Hash Functions </li></ul><ul><ul><li>Signing the whole message is inefficient </li></ul></ul><ul><ul><li>Hash functions are used to create a unique digest of the message </li></ul></ul><ul><ul><li>Popular hashing algorithms are SHA-1 (secure hash algorithm) and MD5 (message digest) </li></ul></ul>
  11. 11. Digital Signatures (contd.) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Digest To Bob 1 2 3 Sender site
  12. 12. Digital Signatures (contd.) Receiver site Bob From Alice Decrypt Hash Function Digest Alice’s public key Digest X Compare 4 5 6
  13. 13. Key Management <ul><li>In symmetric key systems: </li></ul><ul><ul><li>We need a mechanism to share the key between sender and receiver, and also reduce the number of keys </li></ul></ul><ul><ul><li>In some cases, public key systems also use symmetric key to encrypt a message and encrypt the key using public key </li></ul></ul><ul><ul><li>Solution: session keys. Symmetric keys are created for a session and destroyed when the session is over </li></ul></ul><ul><ul><li>Techniques for key management: </li></ul></ul><ul><ul><ul><li>Deffie Hellman method </li></ul></ul></ul><ul><ul><ul><li>Key distribution center (Needham-Schroeder protocol and Otway-Rees protocol) </li></ul></ul></ul>
  14. 14. Key Management (contd.) <ul><li>In public key systems: </li></ul><ul><ul><li>Alice needs to know whether Bob’s public key is genuine </li></ul></ul><ul><ul><li>Solution: Certificates </li></ul></ul><ul><ul><li>Bob goes to a Certification Authority (CA), e.g. VeriSign, which binds Bob’s public key to an entity called certificate . </li></ul></ul><ul><ul><li>Certificate is signed by CA, which has a well known public key, and hence cannot be forged. </li></ul></ul><ul><ul><li>Alice can verify the CA’s signature and hence be sure about Bob’s public key </li></ul></ul>
  15. 15. Certificates <ul><li>Certificate is described by X.509 protocol </li></ul><ul><li>X.509 uses ASN.1 (Abstract Syntax Notation 1) to define the fields </li></ul><ul><li>X.509 fields: </li></ul>The subject public key and the algorithms that use it Public Key The entity whose public key is being certified Subject Name Start and end period that certificate is valid Validity Period The name of the CA defined by X.509 Issuer The certificate signature Signature The unique identifier used by the CA Serial Number Version number of X.509 Version Explanation Field
  16. 16. Chain of Trust <ul><li>Query propagation similar to DNS queries </li></ul><ul><li>At any level, the CA can certify performance of CAs in the next level i.e. level-1 CA can certify level-2 CAs. </li></ul><ul><li>Thumb-rule : Everyone trusts Root CA </li></ul>Root CA Level-1 CA 1 Level-2 CA 3 Level-2 CA 4 Level-2 CA 5 Level-2 CA 6 Level-2 CA 2 Level-2 CA 1 Level-1 CA 2
  17. 17. Security at IP Level
  18. 18. IPSec – IP Security <ul><li>Secures the IP packet by adding additional header </li></ul><ul><li>Selection of encryption, authentication and hashing methods left to the user </li></ul><ul><li>It requires a logical connection between two hosts, achieved using Security Association (SA) </li></ul><ul><li>An SA is defined by: </li></ul><ul><ul><li>A 32-bit security parameter index (SPI) </li></ul></ul><ul><ul><li>Protocol type: Authentication Header (AH) Or Encapsulating Security Payload (ESP) </li></ul></ul><ul><ul><li>The source IP address </li></ul></ul>IP Header IPSec Header Rest of the Packet New IP Header IP Header IPSec Header Rest of the Packet Transport Mode Tunnel Mode OR
  19. 19. Security at Transport Layer
  20. 20. Secure Sockets Layer (SSL) <ul><li>Developed by Netscape </li></ul><ul><li>Used to establish secure connection between two parties </li></ul><ul><li>Protocol similar to TLS (p.t.o) </li></ul><ul><li>OpenSSL ( www.openssl.org ) provides libraries which implement SSL and TLS </li></ul><ul><li>Several application layer security protocols run on top of SSL. E.g. Secure HTTP (https) </li></ul>
  21. 21. Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer </li></ul><ul><li>Uses two protocols: </li></ul><ul><ul><li>Handshake Protocol </li></ul></ul><ul><ul><li>Data exchange protocol </li></ul></ul><ul><ul><ul><li>Uses secret key to encrypt data. </li></ul></ul></ul><ul><ul><ul><li>Secret key already shared during handshake </li></ul></ul></ul>Hello Certificate Secret key End Handshaking Encrypted Ack Client Server
  22. 22. Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer </li></ul><ul><li>Uses two protocols: </li></ul><ul><ul><li>Handshake Protocol </li></ul></ul><ul><ul><li>Data exchange protocol </li></ul></ul><ul><ul><ul><li>Uses secret key to encrypt data. </li></ul></ul></ul><ul><ul><ul><li>Secret key already shared during handshake </li></ul></ul></ul>Hello Certificate Secret key End Handshaking Encrypted Ack Client Server Browser sends a hello message that includes TLS version and other preferences
  23. 23. Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer </li></ul><ul><li>Uses two protocols: </li></ul><ul><ul><li>Handshake Protocol </li></ul></ul><ul><ul><li>Data exchange protocol </li></ul></ul><ul><ul><ul><li>Uses secret key to encrypt data. </li></ul></ul></ul><ul><ul><ul><li>Secret key already shared during handshake </li></ul></ul></ul>Hello Certificate Secret key End Handshaking Encrypted Ack Client Server Server sends a certificate that has its public key
  24. 24. Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer </li></ul><ul><li>Uses two protocols: </li></ul><ul><ul><li>Handshake Protocol </li></ul></ul><ul><ul><li>Data exchange protocol </li></ul></ul><ul><ul><ul><li>Uses secret key to encrypt data. </li></ul></ul></ul><ul><ul><ul><li>Secret key already shared during handshake </li></ul></ul></ul>Hello Certificate Secret key End Handshaking Encrypted Ack Client Server Browser verifies the certificate. It generates a session key , encrypts with server’s public key and sends it to the server
  25. 25. Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer </li></ul><ul><li>Uses two protocols: </li></ul><ul><ul><li>Handshake Protocol </li></ul></ul><ul><ul><li>Data exchange protocol </li></ul></ul><ul><ul><ul><li>Uses secret key to encrypt data. </li></ul></ul></ul><ul><ul><ul><li>Secret key already shared during handshake </li></ul></ul></ul>Hello Certificate Secret key End Handshaking Encrypted Ack Client Server Browser sends handshake terminating message, encrypted by the secret key
  26. 26. Transport Layer Security (TLS) <ul><li>Designed by IETF; derived from SSL </li></ul><ul><li>Lies on top of Transport layer </li></ul><ul><li>Uses two protocols: </li></ul><ul><ul><li>Handshake Protocol </li></ul></ul><ul><ul><li>Data exchange protocol </li></ul></ul><ul><ul><ul><li>Uses secret key to encrypt data. </li></ul></ul></ul><ul><ul><ul><li>Secret key already shared during handshake </li></ul></ul></ul>Hello Certificate Secret key End Handshaking Encrypted Ack Client Server Server decrypts secret key with its private key. Uses secret key to decode message ad sends encrypted ack
  27. 27. Security at Application Layer
  28. 28. Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Digest Encrypted (secret key & message + digest) to Bob 1 2 3 Encrypt Bob’s public key Encrypt One-time secret key + 4 5 6 Sender site
  29. 29. Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Digest Encrypted (secret key & message + digest) to Bob 1 2 3 Encrypt Bob’s public key Encrypt One-time secret key + 4 5 6 Sender site Email message is hashed to create digest
  30. 30. Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Digest Encrypted (secret key & message + digest) to Bob 1 2 3 Encrypt Bob’s public key Encrypt One-time secret key + 4 5 6 Sender site Digest is encrypted using Alice’s private key
  31. 31. Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Digest Encrypted (secret key & message + digest) to Bob 1 2 3 Encrypt Bob’s public key Encrypt One-time secret key + 4 5 6 Sender site Signed digest added to the message
  32. 32. Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Digest Encrypted (secret key & message + digest) to Bob 1 2 3 Encrypt Bob’s public key Encrypt One-time secret key + 4 5 6 Sender site The message and digest are encrypted using one time secret key created by Alice
  33. 33. Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Digest Encrypted (secret key & message + digest) to Bob 1 2 3 Encrypt Bob’s public key Encrypt One-time secret key + 4 5 6 Sender site The secret key is encrypted using Bob’s public key
  34. 34. Pretty Good Privacy (PGP) Alice Hash Function Digest Encrypt Alice’s private key + Signed Digest Message plus Signed Digest Encrypted (secret key & message + digest) to Bob 1 2 3 Encrypt Bob’s public key Encrypt One-time secret key + 4 5 6 Sender site The encrypted message, digest and secret key is sent to Bob
  35. 35. PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret key & message + digest) Bob’s private key Decrypt Decrypt Encrypted (message + digest) One-time secret key 7 8
  36. 36. PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret key & message + digest) Bob’s private key Decrypt Decrypt Encrypted (message + digest) One-time secret key 7 8 Bob decrypts the secret key with his private key
  37. 37. PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret key & message + digest) Bob’s private key Decrypt Decrypt Encrypted (message + digest) One-time secret key 7 8 Bob decrypts the encrypted message and digest using the decrypted secret key
  38. 38. PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret key & message + digest) Bob’s private key Decrypt Decrypt Encrypted (message + digest) One-time secret key 7 8 Bob decrypts the encrypted digest with Alice’s public key
  39. 39. PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret key & message + digest) Bob’s private key Decrypt Decrypt Encrypted (message + digest) One-time secret key 7 8 Bob hashes the received message to create a digest (for message integrity)
  40. 40. PGP (contd.) Receiver site Bob Decrypt Hash Function Digest Alice’s public key Digest X Compare 9 10 11 Encrypted (secret key & message + digest) Bob’s private key Decrypt Decrypt Encrypted (message + digest) One-time secret key 7 8 The two digests are compared, thus providing authentication and integrity
  41. 41. Sample PGP Signature From: alice@wonderland.com Date: Mon, 16 Nov 1998 19:03:30 -0600 Subject: Message signed with PGP MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: &quot;cc:Mail Note Part&quot; -----BEGIN PGP SIGNED MESSAGE----- Bob, This is a message signed with PGP, so you can see how much overhead PGP signatues introduce. Compare this with a similar message signed with S/MIME. Alice -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQCVAwUBM+oTwFcsAarXHFeRAQEsJgP/X3noON57U/6XVygOFjSY5lTpvAduPZ8M aIFalUkCNuLLGxmtsbwRiDWLtCeWG3k+7zXDfx4YxuUcofGJn0QaTlk8b3nxADL0 O/EIvC/k8zJ6aGaPLB7rTIizamGOt5n6/08rPwwVkRB03tmT8UNMAUCgoM02d6HX rKvnc2aBPFI= =mUaH -----END PGP SIGNATURE-----
  42. 42. S/MIME <ul><li>Working principle similar to PGP </li></ul><ul><li>S/MIME uses multipart MIME type to include the cryptographic information with the message </li></ul><ul><li>S/MIME uses Cryptographic Message Syntax (CMS) to specify the cryptographic information </li></ul><ul><li>Creating S/MIME message: </li></ul>MIME Entity CMS Object S/MIME Certificates Algo identifiers CMS Processing MIME Wrapping
  43. 43. Sample SMIME Signature From: alice@wonderland.com Date: Mon, 16 Nov 1998 19:03:08 -0600 Subject: Message signed with S/MIME MIME-Version: 1.0 Content-Type: multipart/mixed ; boundary=&quot;simple boundary&quot; --simple boundary Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: &quot;cc:Mail Note Part&quot; Bob, This is a message signed with S/MIME, so you can see how much overhead S/MIME signatures introduce. Compare this with a similar message signed with PGP. Alice --simple boundary Content-Type: application/octet-stream; name=&quot;smime.p7s&quot; Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=&quot;smime.p7s&quot; MIIQQwYJKoZIhvcNAQcCoIIQNDCCEDACAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCDnww ggnGMIIJL6ADAgECAhBQQRR9a+DX0FHXfQOVHQhPMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcT CEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NzAxMjcwMDAwMDBaFw05ODAxMjcy MzU5NTlaMIIBFzERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMUYwRAYD
  44. 44. Sample SMIME Signature UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1h cnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwNjI3MDAwMDAwWhcNOTkwNjI3MjM1OTU5 WjBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsT K1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBALYUps9N0AUN2Moj0G+qtCmSY44s+G+W1y6ddksRsTaNV8nD/RzGuv4e CLozypXqvuNbzQaot3kdRCrtc/KxUoNoEHBkkdc+a/n3XZ0UQ5tul0WYgUfRLcvdu3LXTD9xquJA 8lQ5vBbuz3zsuts/bCqzFrGGEp2ukzTVuNXQ9z6pAgMBAAGjMzAxMA8GA1UdEwQIMAYBAf8CAQEw CwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjANBgkqhkiG9w0BAQIFAAOBgQDB+vcC51fK EXXGnAz6K3dPh0UXO+PSwdoPWDmOrpWZA6GooTj+eZqTFwuXhjnHymg0ZrvHiEX2yAwF7r6XJe/g 1G7kf512XM59uhSirguf+2dbSKVnJa8ZZIj2ctgpJ6o3EmqxKK8ngxhlbI3tQJ5NxHiohuzpLFC/ pvkN27CmSjCCAjEwggGaAgUCpAAAATANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNOTkxMjMxMjM1OTU5WjBfMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF 4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEAUnO6mlXc3D+CfbCQ mGIqgkx2AG4lPdXCCXBXAQwPdx8YofscYA6gdTtJIUH+p1wtTEJJ0/8o2Izqnf7JB+J3glMj3lXz zkST+vpMvco281tmsp7I8gxeXtShtCEJM8o7WfySwjj8rdmWJOAt+qMp9TNoeE60vJ9pNeKomJRz O8QxggGPMIIBiwIBATB2MGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwg SW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJl cgIQUEEUfWvg19BR130DlR0ITzAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwIwYJKoZIhvcNAQkEMRYEFE5W9YE9GtbjlD5A52LLaEi96zCKMBwGCSqGSIb3DQEJBTEPFw05 NzA4MDcxODQwMTBaMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABEDI 3mvHr3SAJkdoMqxZnSjJ+5gfZABJGQVOfyEfcKncY/RYFvWuHBAEBySImIQZjMgMNrQLL7QXJ/eI xIwDet+c --simple boundary--
  45. 45. References
  46. 46. References <ul><li>Overview of cryptography: </li></ul><ul><ul><li>www.rsalabs.com/faq/ </li></ul></ul><ul><ul><li>http://www.faqs.org/faqs/cryptography-faq/part06/ </li></ul></ul><ul><li>Implementation of SSL and TSL: </li></ul><ul><ul><li>www.openssl.org </li></ul></ul><ul><li>S/MIME Internet task force: </li></ul><ul><ul><li>www.imc.org/ietf-smime/index.html </li></ul></ul><ul><li>Relationship between S/MIME and PGP/MIME: </li></ul><ul><ul><li>www.imc.org/smime-pgpmime.html </li></ul></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×