Definition. Email security is a term for describing different procedures and techniques for protecting email accounts, content, and communication against unauthorized access, loss or compromise. Email is often used to spread malware, spam and phishing attacks.
2. E-MAIL
Email is also a common entry point for attackers looking to gain
a foothold in an enterprise network and obtain valuable company
data.
Email encryption involves encrypting, or disguising, the
content of email messages to protect potentially sensitive
information from being read by anyone other than intended
recipients.
3. W H AT I S EMA I L SECU RI TY I N N ETW O RK
SECU RI TY ?
Email security is the process of ensuring the availability,
integrity and authenticity of email communications by
protecting against the risk of email threats.
4. FEATURES
Spam Filters. A significant proportion of emails that you receive
daily are marketing emails
Anti-virus Protection. Spam filters play the role of separating
the spam emails from the regular ones
Image & Content Control
Data Encryption.
5. W H AT I S T H E N E E D O F E M A I L S E C U R I T Y I N
C RY P TO G R A P H Y ?
Email security in cryptography is the ideal security measure
because it denies any access to the hacker at any stage right
from the source to the recipient.
One should install such email security features in information
systems today to tackle the menace of cybercriminals.
6. ELEC TR ON IC M A IL SEC U R ITY
• Pretty Good Privacy
(PGP)
• S/MIME
(Secure/Multipurpose
Internet Mail Extension)
8. 1. AUTHENTICATION
Authentication basically means something that
is used to validate something as true or real. To
login into some sites sometimes we give our
account name and password, that is an
authentication verification procedure.
9. AUTHENTICATION
In the email world, checking the authenticity of an
email is nothing but to check whether it actually
came from the person it says. In emails,
authentication has to be checked as there are some
people who spoof the emails or some spams and
sometimes it can cause a lot of inconvenience.
10. T H E AU T H E N T I C A T I O N S E RV I C E I N P G P
11. SERVICE IN PGP
As shown in the above figure, the Hash Function (H) calculates the
Hash Value of the message. For the hashing purpose, SHA-1 is used
and it produces a 160 bit output hash value. Then, using the sender’s
private key (KPa), it is encrypted and it’s called as Digital Signature.
The Message is then appended to the signature. All the process
happened till now, is sometimes described as signing the message .
Then the message is compressed to reduce the transmission overhead
and is sent over to the receiver.
12. SERVICE IN PGP
At the receiver’s end, the data is decompressed and the message,
signature are obtained. The signature is then decrypted using the sender’s
public key(P Ua) and the hash value is obtained. The message is again
passed to hash function and it’s hash value is calculated and obtained.
Both the values, one from signature and another from the recent output
of hash function are compared and if both are same, it means that the email
is actually sent from a known one and is legit, else it means that it’s not a
legit one.
13. 2. CONFIDENTIALITY
Sometimes we see some packages labelled as ‘Confidential’,
which means that those packages are not meant for all the
people and only selected persons can see them. The same
applies to the email confidentiality as well. Here, in the email
service, only the sender and the receiver should be able to read
the message, that means the contents have to be kept secret from
every other person, except for those two.
15. S/MIME
S/MIME, or Secure/Multipurpose Internet Mail
Extensions, is a technology that allows you to
encrypt your emails.
S/MIME is based on asymmetric cryptography
to protect your emails from unwanted access.
16. WHAT IS S MIME IN CRYPTOGRAPHY?
S/MIME (Secure/Multipurpose internet Mail
Extensions) is a widely accepted protocol for
sending digitally signed and encrypted
messages.
17. W H AT I S T H E R O L E O F S M I M E I N
S E C U R I T Y ?
S/MIME is based on asymmetric cryptography to
protect your emails from unwanted access.
It also allows you to digitally sign your emails to verify
you as the legitimate sender of the message, making it an
effective weapon against many phishing attacks out there.
18. K EY A LG O RI TH M U SED I N S MI ME
Messages are encrypted using symmetric
cryptography, with asymmetric cryptography used to
protect the secret key.
Advanced Encryption Standard (AES) is a
symmetric algorithm commonly used with S/MIME.
19. WHAT IS PGP AND S/MIME?
The PGP (Pretty Good Privacy) and S/MIME (Secure
Multipurpose Internet Mail Extensions) are the security
protocols designed to serve for securing the electronic
mail facility.
The prior difference between these protocols lies within
their security mechanism type of algorithms used.
21. D IFFER EN C E BETWEEN PGP A N D
S/M IM E
1. Pretty Good Privacy (PGP)
PGP is an open source software package that is designed for
the purpose of email security. Phil Zimmerman developed it.
It provides the basic or fundamental needs of cryptography.
In this multiple steps such are taken to secure the email,
these are,
23. S/MIME
2. Secure/Multipurpose Internet Mail Extension
(S/MIME) : S/MIME is a security-enhanced version
of Multipurpose Internet Mail Extension (MIME). In
this, public key cryptography is used for digital sign, encrypt
or decrypt the email. User acquires a public-private key pair
with a trusted authority and then makes appropriate use of
those keys with email applications.
24. D I F F E R E N C E B E T W E E N P G P A N D S / M I M E
S.NO PGP S/MIME
1.
It is designed for
processing the plain
texts
While it is designed to
process email as well
as many multimedia
files.
2.
PGP is less costly as
compared to S/MIME.
While S/MIME is
comparatively
expensive.
3.
PGP is good for
personal as well as
office use.
While it is good for
industrial use.
25. D I F F E R E N C E B E T W E E N P G P A N D S / M I M E
4.
PGP is less efficient
than S/MIME.
While it is more
efficient than PGP.
5.
It depends on user key
exchange.
Whereas it relies on a
hierarchically valid
certificate for key
exchange.
6.
PGP is comparatively
less convenient.
While it is more
convenient than PGP
due to the secure
transformation of all the
applications.
26. D I F F E R E N C E B E T W E E N P G P A N D S / M I M E
7.
PGP contains 4096 public
keys.
While it contains only
1024 public keys.
8.
PGP is the standard for
strong encryption.
While it is also the
standard for strong
encryption but has some
drawbacks.
9.
PGP is also be used in
VPNs.
While it is not used in
VPNs, it is only used in
email services.
10.
PGP uses Diffier hellman
digital signature.
While it uses Elgamal
digital signature.