This document discusses email security. It begins by outlining some key issues with email such as a single message being sent to multiple parties. It then compares PGP and S/MIME encryption methods. Store and forward email protocols are explained along with the roles of user agents and message transfer agents. Various email security enhancements are identified like confidentiality, authentication, and integrity. Protocols like SMTP, IMAP, and POP are defined. The use of cryptographic keys in email security is outlined. Finally, S/MIME is described as a security enhancement for MIME that provides functions like encrypted, signed, and signed/encrypted emails through use of algorithms like AES and RSA.

2. S.Kiruthika-P15274354
II M.Sc.,(Computer Science)

3. SUBMITTED TO
A.VISHNUPRIYA M.E
Assistant professor
Department of computer science.

4. ELECTRONIC MAIL SECURITY
Email Security:
 Issues
 Comparison
 Store and Forward
 Email Security Enhancements
 Protocols
 Security Services over Email
 Cryptographic Keys
 S/MIME
 Conclusion

5. ISSUSES:
 A single message can be sent to many parties
 A single message can be sent to one or more distribution lists
 Duplicate copies can be sent to same individual
 Recipient or intermediate node may not be ready to receive mail
Comparison:
 PGP compresses the message after applying the signature but before encryption
 The placement of the compression algorithm is critical.
 The compression algorithm used is ZIP (described in appendix 5A )

6. Local exploder method has some advantages:
 Easier to prevent mail forwarding loops caused by the sender
 Sender may be able to prevent duplicate copies to same recipient
 Sender knows in advance what traffic will be generated(may be important if billing
is based on traffic)
Remote exploder method has some advantages:
 You can send to a list of people you are not allowed to know
 Lots of traffic may be generated away from sender's network
 If distribution list is huge it is economical to have mail
 sent by a list maintainers
 Distribution lists may explode to other lists – the number of
 recipients would be too hard for a sender to keep up with.
Store and Forward:
 users are not always ready to receive email
User Agent
Message Transfer Agent
Network of MTAs is needed

7. Message Transfer Agent:
 Node whereby mail is forwarded to another node
User Agent:
 the email client
 Node where mail is processed
Network of MTAs is needed:
 One path from source to destination might be intermittent
 MTAs may need to authenticate over MTAs (find trusted chain)
 Company desires "security gateway" (only email allowed at node)
 Different parts of network may use different protocols (TCP/OSI)
Email Security Enhancements:
Confidentiality:
 protection from disclosure
Authentication:
 of sender of message
Message integrity:
 protection from modification
Non-repudiation of origin:
 protection from denial by sender

8. Protocols:
Three types of protocol
Simple Mail Transfer Protocol (SMTP):
Internet Message Access Protocol (IMAP)
Post Office Protocol
Simple Mail Transfer Protocol (SMTP):
Text based commands for forwarding email between UAMSA(mail
Submission agent)MSAMTA,MTAMTA,(MTAMDAmail delivery agent)
Internet Message Access Protocol (IMAP):
Allows UA to access mail stored by MDA. Supports
Several clients can be connected to the same mailbox Separate retrieval of
MIME parts of a message (e.g. attachment)IMAP over SSL (IMAPS)

9. Post Office Protocol:
 Another popular mail retrieval protocol.
 Client connects, gets email, deletes messages on server
 One client can connect at a time
 POP3 over SSL (POP3S)

10. Security Services over Email:
Privacy:
 No one should read message except recipient
Authentication:
 Recipient should know exactly who the sender is
Integrity:
 Recipient should be able to tell whether message was altered in transit
No repudiation:
 Recipient can prove that the sender really sent it
 Proof of submission:
 Verification to the sender that the mailer got it
 Proof of delivery:
 Verification to sender that the recipient got it

11. Cryptographic Keys
 A cryptographic key is a string of bits used by a cryptographic algorithm to
transform plain text into cipher text or vice versa. This key remains private
and ensures secure communication. A cryptographic key is the core part
of cryptographic operations.

12. Cryptographic key types:
 Private signature key
 Public signature verification key
 Symmetric authentication key
 Private authentication key
 Public authentication key
 Symmetric master key
Private signature key:
 Private signature keys are the private keys of asymmetric public key pairs
that are used by public key algorithms to generate digital signatures with
long-term implications. When properly handled, private signature keys can be
used to provide authentication, integrity and non-repudiation
public signature verification key
 The public key of an asymmetric key pair that is used by a public
key algorithm to verify digital signatures, either to authenticate a user‘
identity, to determine the integrity of the data, for non-repudiation, or a
combination.
Symmetric authentication key
 Symmetric authentication keys are used with symmetric key algorithms to
provide assurance of the integrity and source of messages, communication
sessions, or stored data. Private authentication key

13. Private authentication key:
 A private authentication key is the private key of an asymmetric
Key pair that is used with a public key algorithm to provide assuranceas
to the integrity of information, and the identity of the originating entity
or the source of messages, communication sessions, or stored data
Public authentication key:
 A public authentication key is the public key of an asymmetric key
Pair that is used with a public key algorithm to determine The integrity
of information and to authenticate the identity of entities, or The source
of messages communication sessions, or stored data.
S/MIME(Secure/Multipurpose Internet Mail Extensions):
 Security enhancement to MIME email
 Original Internet RFC822 email was text only
 MIME provided support for varying content with encoding of binary data to
textual form

14.  Types and multi-part messages have S/MIME support in various modern
 S/MIME added security enhancements
mail agents: MS Outlook etc

15. S/MIME Functions
Enveloped data
 Encrypted content and associated keys
Signed data
 Encoded message + encoded signed message digest
Clear-signed data
 clear text message + encoded signed message digest
Signed and enveloped data
 Nested signed and encrypted entities
S/MIME Cryptographic Algorithms:
 digital signatures: DSS & RSA
 hash functions: SHA-1 & MD5
 session key encryption: Megamall & RSA
 message encryption: AES, Triple-DES, RC2/40 and others
 MAC: HMAC with SHA-1
 have process to decide which algs to use

16. S/MIME Content Types

17. S/MIME Messages:
 S/MIME secures a MIME entity with a signature, encryption, or both
 forming a MIME wrapped PKCS object
 have a range of content-types:
 enveloped data
 signed data
 clear-signed data
 registration request
 certificate only message
S/MIME Enhanced Security Services
Three proposed enhanced security services:
 signed receipts
 security labels
 secure mailing lists

18. Conclusion:
 Always sign out, especially if you are using a public computer!
 Never send your SIN or bank account number by email.
 Beware of messages that:
 Ask for your bank account information, even if they say they want to put
money into your account (e.g. The Nigerian Scam)
 Ask you to click on a link, login and verify personal information (e.g.
Phishing bank scams)
 inform you that you have won a prize/money and ask for personal
information in order to give you your prize

19. THANKS TO
P. MEERABAI M.C.A.,M.Phil.,
HEAD OF THE DEPARTMENT,
COMPUTER SCIENCE.