SlideShare a Scribd company logo

module 4_7th sem_ Electronic Mail Security.pptx

Download as PPTX, PDF
P
prateekPallav2

Electronic Mail Security_vtu_module4

Education
1 of 37
Electronic Mail Security
19-2 Overview 1. Pretty Good Privacy (PGP) 2. S/MIME 3. DomainKeys Identified Mail (DKIM)
Motivation for E-mail Security Electronic mail (E-mail) is one of the widely used and regarded network –based application in virtually all distributed environments. Currently, message contents are not secure. – May be inspected either in transit or by suitably privileged users on destination systems Requirements for E-mail Security • • • – – – – Confidentiality: protection from disclosure Authentication of sender of message Message integrity: protection from modification Non-repudiationof origin: protection from denial by sender • PGP (Pretty Good Privacy) and S/MIME (Secure Multi-purpose Internet Mail Extensions) are the two commonly used E-mail Security Standards. DKIM is a third e-mail security standard.
E-mail Security Standards PrettyGoodPrivacy(PGP), SecureMulti-purposeInternetMailExtensions • (S/MIME) and DomainKeysIdentifiedMail(DKIM) • Both PGP and S/MIME provide confidentiality and authentication services that can be used for E-mail and file storage applications. PGP was originally designed for plaintext messages; S/MIME handles all sorts of data files (for e.g., spreadsheets, graphics, presentations, movies, and sound) and is integrated into many commercial e-mail packages – hence S/MIME is likely to dominate the secure e-mail market. With PGP , each user is free to decide on the level of trust for a public key of a remote user (usually done based on a “web of trust” among the users) and not done through a centralized Certificate Authority (CA) to issue certificates for the public keys. S/MIME uses the standard public-key certificates issued by a CA. S/MIME also provides several options for the algorithms to be used for confidentiality and authentication services; whereas PGP is fixed with respect to the algorithms that can be used. Support for S/MIME is built-in to most of the standard browsers; while PGP typically requires a user to download and install one or more plug-ins. • • • • •
19-5 PGP Operation – Authentication 1. Sender creates message 2. Make SHA-1 160-bit hash of message 3. Attached RSA signed hash to message 4. Receiver decrypts & recovers hash code 5. Receiver verifies received message hash
PGP for Authentication Z-1 | | Z H M M PUS PRS Compare H EP DP H(M) Source Side Destination Side E(PRS, H(M)) Hashing Algorithm, H - SHA-1160 bit hash Encryption for digital signature (public-key encryption), EP – RSA Compression, Z – ZIP algorithm 5th Source (adapted from): Figure 18.1 (a), from William Stallings – Cryptography and Network Security, Edition H(M) ZIP [M || EPri-Sender(H(M)) ]
19-6 PGP Operation – Confidentiality 1. Sender forms 128-bit random session key 2. Encrypts message with session key 3. Attaches session key encrypted with RSA 4. Receiver decrypts & recovers session key 5. Session key is used to decrypt message
PGP for PUR Confidentiality Destination Side Source Side Z-1 KS EP DC M M Z EC | | KS DP Note that with PGP, the secret key is generated for each message E(PUR,KS) PRR || EPub-Receiver(Secret-key) Encryption for confidentiality, EC – IDEA (International Data Encryption Algorithm) 5th Source (adapted from): Figure 18.1 (b), from William Stallings – Cryptography and Network Security, Edition ESecret-key[ZIP (M)] KS
19-7 Confidentiality & Authentication  Can use both services on same message  Create signature & attach to message  Encrypt both message & signature  Attach RSA/ElGamal encrypted session key
PGP for Authentication PUR and Confidentiality KS Destination Side EP Source Side DC Z-1 EC | | M KS PUS Z DP DP | | M H Compare PR PR S R H EP || EPub-Receiver(Secret-key) Source (adapted from): Figure 18.1 (c), from William Stallings – Cryptography and Network Security, 5th Edition ESecret-key[ZIP (M || EPri-Sender(H(M)) )] H(M) H(M) KS
19-8 PGP Operation – Compression  By default PGP compresses message after signing but before encrypting  Uncompressed message & signature can be stored for later verification  Compression is non deterministic  Uses ZIP compression algorithm
PGP Keys • • PGPSessionKey The session key is associated with a single message and is used only for the purpose of encrypting and decrypting that message. IDEA uses a 128-bit symmetric key. Session keys are generated using the ANSI X12.17 generator, based on keystroke input from the user, where both the keystroke timing and the actual keys struck are used to generate a randomized stream of numbers constituting the key. PGPPublicandPrivateKeys • • • • Since many public/private keys may be in use with PGP, there is a need to identify which key is actually used to encrypt the session key for any specific message. Since, it would be inefficient to send the full public-key with every message, PGP uses a key identifier based on the least significant 64-bits of the key, which will very likely be unique. Then only the much shorter key ID would need to be transmitted with any message. A key ID is also required for the PGP digital signature. • •
lowercase alphabets, 10 numbers, +, 19-9 PGP Operation – Email Compatibility  PGP segments messages if too big  PGP produces binary (encrypted) data & appends a CRC  Email was designed only for text  Need to encode binary into printable ASCII characters  Uses radix-64 or base-64 algorithm  Maps 3 bytes to 4 printable chars: 26 upper case alphabets, 26 Ref: http://en.wikipedia.org/wiki/Base64
19-10 PGP Operation – Summary Washington University in St. Louis CSE571S ©2014 Raj Jain
19-11 PGP Session Keys  Need a session key of varying sizes for each message:  56-bit DES,  168-bit Triple-DES  128-bit CAST (Carlisle Adams and Stafford Tavares)  IDEA (International Data Encryption Algorithm)  Generated with CAST-128 using random inputs taken from previous uses and from keystroke timing of user Ref: http://en.wikipedia.org/wiki/CAST-128 , http://en.wikipedia.org/wiki/Idea_encryption
19-12 PGP Public & Private Keys  Users are allowed to have multiple public/private keys ⇒ Need to identify which key has been used  Use a key identifier = Least significant 64-bits of the key  Signature keys are different from encryption keys (Encryption keys may need to be disclosed for legal reasons)
19-13 PGP Message Format Confirms correct key was used Includes Signature, timestamp of signature, data Does not include filename, timestamp of file
19-14 PGP Key Rings  Private keys encrypted by a passphrase  Public keys of all correspondents
19-15 PGP Message Generation
19-16 PGP Message Reception
19-17 Web of Trust  There is no need to buy certificates from companies  A user can sign other user’s certificates  If you trust someone, you can trust users that they sign for.  You can assign a level of trust to each user and hence to the certificate they sign for  For example,  A certificate that is signed by a fully trusted user is fully trusted  A certificate signed by two half trusted users is fully trusted  A certificate signed by one half trusted user is half trusted  Some certificates are untrusted. Ref: http://en.wikipedia.org/wiki/Web_of_trust
19-18 PGP Trust Model Example DEFL are trusted AB re half trusted S is untrusted
19-19 Certificate Revocation  Owners can revoke public key by issuing a “revocation” certificate signed with the revoked private key  New Web-of-trust certificates have expiry dates
19-20 S/MIME  Secure/Multipurpose Internet Mail Extensions  Original Internet RFC822 email was text only  MIME for varying content types and multi-part messages  With encoding of binary data to textual form  S/MIME added security enhancements  Enveloped data: Encrypted content and associated keys  Signed data: Encoded message + signed digest  Clear-signed data: Clear text message + encoded signed digest  Signed & enveloped data: Nesting of signed & encrypted entities  Have S/MIME support in many mail agents  E.g., MS Outlook, Mozilla, Mac Mail etc
S/MIME Algorithm Symmetric Key Encryption Encrypt with the Recipient’s Public Key EPub-Rcvr Encrypt with the Sender’s Private Key EPri-Send Message Transmitted Certificate Encrypted with KSession Plaintext Encrypted with EPub-Rcvr KSession Encrypted with EPri-Send Hash (Plaintext) Encrypted with EPub-Rcvr Sender’s Public-Key Encrypted with EPri-Send Hash (Plaintext) Encrypted with EPub-Rcvr KSession Encrypted with KSession Plaintext Hash (Plaintext) Hashing Session Key, KSession Create a Random Plaintext
Ref: http://en.wikipedia.org/wiki/MIME, http://en.wikipedia.org/wiki/Quoted-printable 19-21 MIME Functions  Types: Text/Plain, Text/Enriched, Multipart/Mixed, Image/jpeg, Image/gif, Video/mpeg, audio/basic, …  Encodings: 7bit, 8bit, binary, quoted-printable, base64  Quoted-Printable: non-alphanumerics by =2 hex-digits, e.g., “=09” for tab, “=20” for space, “=3D” for = http://en.wikipedia.org/wiki/Base64
19-22 S/MIME Cryptographic Algorithms  Digital signatures: DSS & RSA  Hash functions: SHA-1 & MD5  Session key encryption: ElGamal & RSA  Message encryption: AES, Triple-DES, RC2/40 and others  MAC: HMAC with SHA-1  Have process to decide which algorithms to use
19-23 S/MIME Messages  S/MIME secures a MIME entity with a signature, encryption, or both  Forming a MIME wrapped PKCS object (Public Key Cryptography Standard originally by RSA Inc Now by IETF) Type Subtype Smime parameter Meaning Multipart Signed clear msg w signature Application Pkcs7-mime signedData Signed entity Application Pkcs7-mime envelopedData Encrypted entity Application Pkcs7-mime Degenerate signedData Certificate only Application Pkcs7-mime CompressedData Compressed entity Application Pkcs7-signature signedData Signature Content-Type: application/pklcs7-mime; smime-type=signedData; name=smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m Ref: http://en.wikipedia.org/wiki/PKCS
19-24 S/MIME Certificate Processing  S/MIME uses X.509 v3 certificates  Managed using a hybrid of a strict X.509 CA hierarchy and enterprise’s CAs  Each client has a list of trusted CA’s certificates and his own public/private key pairs & certificates  Several types of certificates with different levels of checks:  Class 1: Email and web browsing  Class 2: Inter-company email  Class 3: Banking, …
19-25 S/MIME Enhanced Security Services  RFC2634 (1999) describes enhanced security services:  Signed receipts: Request a signed receipt  Security labels: Priority, which users (role) can access  Secure mailing lists: Request a list processor to encrypt
19-26 Domain Keys Identified Mail  Emails signed by the enterprise, e.g. WUSTL rather than the sender  Company’s mail system signs the message  So spammers cannot fake that companies email addresses Ref: http://en.wikipedia.org/wiki/DKIM
Domain Keys Identified Mail (DKIM) With DKIM, an e-mail message is signed using the private key of the administrative domain from which the e-mail originates (not signed with the private key of the individual user, as in PGP and S/MIME). DKIM is transparent to the end-users as the e-mail is signed by the Mail Submission Agent (MSA) of the sender’s domain and validated by the Mail Delivery Agent (MDA) of the recipient’s domain. At the receiving end, the MDA can access the public key of the sender’s administrative domain (through DNS query) and verify the authenticity of the message. E-mails that claim to originate from a particular domain – but, not signed with the private key of the administrative domain – are rejected. The default signing algorithm is RSA with SHA-256. • • • • •
19-27 DKIM Functional Flow
DKIM (to send and propagate e-mail messages) SMTP – Simple Mail Transfer Protocol (to retrieve e-mail message from the MDA to the MUA) POP – Post Office Protocol IMAP – Internet Message Access Protocol http://www.youtube.com/watch?v=GcvdhjLVYfY Source: Figure 18.10 from William Stallings – Cryptography and Network Security, 5th Edition
19-28 Summary 1. Email can be signed, encrypted or both 2. PGP is a commonly used system that provides integrity, authentication, privacy, compression, segmentation, and MIME compatibility 3. PGP allows Web of trust in addition to CA certificates 4. S/MIME extends MIME for secure email and provides authentication and privacy 5. DKIM allows originating companies to sign all emails from their users
19-30 Acronyms  AES Advanced Encryption Standard  ASCII American Standard Code for Information Exchange  CA Certificate Authority  CAST Carlisle Adams and Stafford Tavares  CRC Cyclic Redundancy Check  DCIM Domain Key Indentified Mail  DES Digital Encyrption Standard  DSS Digital Signature Scheme  ECC Elliptic Curve Cryptography  ECDSA Elliptic Curve Cryptography Digital Signature Algorithm  HMAC Hybrid Message Authentication Code  IDEA International Data Encryption Algorithm  IETF Internet Engineering Task Force  MAC Message Authentication Code  MD5 Message Digest 5  MIME Multipurpose Internet Mail Extension Washington University in St. Louis CSE571S ©2014 Raj Jain
19-31 Acronyms (Cont)  MIT Massachusetts Institute of Technology  MS Microsoft  OCR Optical Character Recognition  PC Personal Computer  PGP Pretty Good Privacy  PKCS Public Key Cryptography Standard  RC2 Ron's Code 2  RFC Request for Comments  RSA Rivest, Shamir, Adleman  S/MIME Secure Multipurpose Internet Mail Extension  SHA Secure Hash Algorithm  Triple-DES Triple Digital Encryption Standard  WUSTL Washington University in Saint Louis Washington University in St. Louis CSE571S ©2014 Raj Jain

Recommended

Ch15
Ch15Ch15
Ch15Joe Christensen
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email securityMazin Alwaaly
 
Pgp
PgpPgp
PgpAbhishek Kesharwani
 
Pgp
PgpPgp
PgpAbhishek Kesharwani
 
ch15 (1).ppt
ch15 (1).pptch15 (1).ppt
ch15 (1).pptSunilKatkar5
 
ch15.ppt
ch15.pptch15.ppt
ch15.pptssuserec53e73
 
ch15.ppt
ch15.pptch15.ppt
ch15.pptwitscollege
 
ch15.ppt
ch15.pptch15.ppt
ch15.pptssuser6602e0
 

Recommended

Ch15
Ch15Ch15
Ch15Joe Christensen
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email securityMazin Alwaaly
 
Pgp
PgpPgp
PgpAbhishek Kesharwani
 
Pgp
PgpPgp
PgpAbhishek Kesharwani
 
ch15 (1).ppt
ch15 (1).pptch15 (1).ppt
ch15 (1).pptSunilKatkar5
 
ch15.ppt
ch15.pptch15.ppt
ch15.pptssuserec53e73
 
ch15.ppt
ch15.pptch15.ppt
ch15.pptwitscollege
 
ch15.ppt
ch15.pptch15.ppt
ch15.pptssuser6602e0
 
S-MIMEemail-security.ppt
S-MIMEemail-security.pptS-MIMEemail-security.ppt
S-MIMEemail-security.pptwitscollege
 
Email sec11
Email sec11Email sec11
Email sec11Athira Asakumar
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Unit 4
Unit 4Unit 4
Unit 4Vinod Kumar Gorrepati
 
computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptjayaprasanna10
 
Network security
Network securityNetwork security
Network securitySVijaylakshmi
 
CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS Kathirvel Ayyaswamy
 
1682302951397_PGP.pdf
1682302951397_PGP.pdf1682302951397_PGP.pdf
1682302951397_PGP.pdfgeorgejustymirobi1
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Tania Agni
 
Pgp1
Pgp1Pgp1
Pgp1Sanjeevsharma620
 
E mail security
E mail securityE mail security
E mail securitySoumya Vijoy
 
PGP.ppt
PGP.pptPGP.ppt
PGP.pptqwerrew1
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber securityShruthi Reddy
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
unit6.ppt
unit6.pptunit6.ppt
unit6.pptSrinivas Devulapalli
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxabhijeetpadhi001
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 

More Related Content

Similar to module 4_7th sem_ Electronic Mail Security.pptx

S-MIMEemail-security.ppt
S-MIMEemail-security.pptS-MIMEemail-security.ppt
S-MIMEemail-security.pptwitscollege
 
computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptjayaprasanna10
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Tania Agni
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber securityShruthi Reddy
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 

Similar to module 4_7th sem_ Electronic Mail Security.pptx (20)

S-MIMEemail-security.ppt
S-MIMEemail-security.pptS-MIMEemail-security.ppt
S-MIMEemail-security.ppt
 
Email sec11
Email sec11Email sec11
Email sec11
 
Email security
Email securityEmail security
Email security
 
Unit 4
Unit 4Unit 4
Unit 4
 
computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.ppt
 
Network security
Network securityNetwork security
Network security
 
CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS
 
1682302951397_PGP.pdf
1682302951397_PGP.pdf1682302951397_PGP.pdf
1682302951397_PGP.pdf
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/
 
Pgp1
Pgp1Pgp1
Pgp1
 
E mail security
E mail securityE mail security
E mail security
 
PGP.ppt
PGP.pptPGP.ppt
PGP.ppt
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
Pgp
PgpPgp
Pgp
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber security
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
unit6.ppt
unit6.pptunit6.ppt
unit6.ppt
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 

Recently uploaded

MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxabhijeetpadhi001
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 

Recently uploaded (20)

MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 

module 4_7th sem_ Electronic Mail Security.pptx

  • 2. 19-2 Overview 1. Pretty Good Privacy (PGP) 2. S/MIME 3. DomainKeys Identified Mail (DKIM)
  • 3. Motivation for E-mail Security Electronic mail (E-mail) is one of the widely used and regarded network –based application in virtually all distributed environments. Currently, message contents are not secure. – May be inspected either in transit or by suitably privileged users on destination systems Requirements for E-mail Security • • • – – – – Confidentiality: protection from disclosure Authentication of sender of message Message integrity: protection from modification Non-repudiationof origin: protection from denial by sender • PGP (Pretty Good Privacy) and S/MIME (Secure Multi-purpose Internet Mail Extensions) are the two commonly used E-mail Security Standards. DKIM is a third e-mail security standard.
  • 4. E-mail Security Standards PrettyGoodPrivacy(PGP), SecureMulti-purposeInternetMailExtensions • (S/MIME) and DomainKeysIdentifiedMail(DKIM) • Both PGP and S/MIME provide confidentiality and authentication services that can be used for E-mail and file storage applications. PGP was originally designed for plaintext messages; S/MIME handles all sorts of data files (for e.g., spreadsheets, graphics, presentations, movies, and sound) and is integrated into many commercial e-mail packages – hence S/MIME is likely to dominate the secure e-mail market. With PGP , each user is free to decide on the level of trust for a public key of a remote user (usually done based on a “web of trust” among the users) and not done through a centralized Certificate Authority (CA) to issue certificates for the public keys. S/MIME uses the standard public-key certificates issued by a CA. S/MIME also provides several options for the algorithms to be used for confidentiality and authentication services; whereas PGP is fixed with respect to the algorithms that can be used. Support for S/MIME is built-in to most of the standard browsers; while PGP typically requires a user to download and install one or more plug-ins. • • • • •
  • 5. 19-5 PGP Operation – Authentication 1. Sender creates message 2. Make SHA-1 160-bit hash of message 3. Attached RSA signed hash to message 4. Receiver decrypts & recovers hash code 5. Receiver verifies received message hash
  • 6. PGP for Authentication Z-1 | | Z H M M PUS PRS Compare H EP DP H(M) Source Side Destination Side E(PRS, H(M)) Hashing Algorithm, H - SHA-1160 bit hash Encryption for digital signature (public-key encryption), EP – RSA Compression, Z – ZIP algorithm 5th Source (adapted from): Figure 18.1 (a), from William Stallings – Cryptography and Network Security, Edition H(M) ZIP [M || EPri-Sender(H(M)) ]
  • 7. 19-6 PGP Operation – Confidentiality 1. Sender forms 128-bit random session key 2. Encrypts message with session key 3. Attaches session key encrypted with RSA 4. Receiver decrypts & recovers session key 5. Session key is used to decrypt message
  • 8. PGP for PUR Confidentiality Destination Side Source Side Z-1 KS EP DC M M Z EC | | KS DP Note that with PGP, the secret key is generated for each message E(PUR,KS) PRR || EPub-Receiver(Secret-key) Encryption for confidentiality, EC – IDEA (International Data Encryption Algorithm) 5th Source (adapted from): Figure 18.1 (b), from William Stallings – Cryptography and Network Security, Edition ESecret-key[ZIP (M)] KS
  • 9. 19-7 Confidentiality & Authentication  Can use both services on same message  Create signature & attach to message  Encrypt both message & signature  Attach RSA/ElGamal encrypted session key
  • 10. PGP for Authentication PUR and Confidentiality KS Destination Side EP Source Side DC Z-1 EC | | M KS PUS Z DP DP | | M H Compare PR PR S R H EP || EPub-Receiver(Secret-key) Source (adapted from): Figure 18.1 (c), from William Stallings – Cryptography and Network Security, 5th Edition ESecret-key[ZIP (M || EPri-Sender(H(M)) )] H(M) H(M) KS
  • 11. 19-8 PGP Operation – Compression  By default PGP compresses message after signing but before encrypting  Uncompressed message & signature can be stored for later verification  Compression is non deterministic  Uses ZIP compression algorithm
  • 12. PGP Keys • • PGPSessionKey The session key is associated with a single message and is used only for the purpose of encrypting and decrypting that message. IDEA uses a 128-bit symmetric key. Session keys are generated using the ANSI X12.17 generator, based on keystroke input from the user, where both the keystroke timing and the actual keys struck are used to generate a randomized stream of numbers constituting the key. PGPPublicandPrivateKeys • • • • Since many public/private keys may be in use with PGP, there is a need to identify which key is actually used to encrypt the session key for any specific message. Since, it would be inefficient to send the full public-key with every message, PGP uses a key identifier based on the least significant 64-bits of the key, which will very likely be unique. Then only the much shorter key ID would need to be transmitted with any message. A key ID is also required for the PGP digital signature. • •
  • 13. lowercase alphabets, 10 numbers, +, 19-9 PGP Operation – Email Compatibility  PGP segments messages if too big  PGP produces binary (encrypted) data & appends a CRC  Email was designed only for text  Need to encode binary into printable ASCII characters  Uses radix-64 or base-64 algorithm  Maps 3 bytes to 4 printable chars: 26 upper case alphabets, 26 Ref: http://en.wikipedia.org/wiki/Base64
  • 14. 19-10 PGP Operation – Summary Washington University in St. Louis CSE571S ©2014 Raj Jain
  • 15. 19-11 PGP Session Keys  Need a session key of varying sizes for each message:  56-bit DES,  168-bit Triple-DES  128-bit CAST (Carlisle Adams and Stafford Tavares)  IDEA (International Data Encryption Algorithm)  Generated with CAST-128 using random inputs taken from previous uses and from keystroke timing of user Ref: http://en.wikipedia.org/wiki/CAST-128 , http://en.wikipedia.org/wiki/Idea_encryption
  • 16. 19-12 PGP Public & Private Keys  Users are allowed to have multiple public/private keys ⇒ Need to identify which key has been used  Use a key identifier = Least significant 64-bits of the key  Signature keys are different from encryption keys (Encryption keys may need to be disclosed for legal reasons)
  • 17. 19-13 PGP Message Format Confirms correct key was used Includes Signature, timestamp of signature, data Does not include filename, timestamp of file
  • 18. 19-14 PGP Key Rings  Private keys encrypted by a passphrase  Public keys of all correspondents
  • 21. 19-17 Web of Trust  There is no need to buy certificates from companies  A user can sign other user’s certificates  If you trust someone, you can trust users that they sign for.  You can assign a level of trust to each user and hence to the certificate they sign for  For example,  A certificate that is signed by a fully trusted user is fully trusted  A certificate signed by two half trusted users is fully trusted  A certificate signed by one half trusted user is half trusted  Some certificates are untrusted. Ref: http://en.wikipedia.org/wiki/Web_of_trust
  • 22. 19-18 PGP Trust Model Example DEFL are trusted AB re half trusted S is untrusted
  • 23. 19-19 Certificate Revocation  Owners can revoke public key by issuing a “revocation” certificate signed with the revoked private key  New Web-of-trust certificates have expiry dates
  • 24. 19-20 S/MIME  Secure/Multipurpose Internet Mail Extensions  Original Internet RFC822 email was text only  MIME for varying content types and multi-part messages  With encoding of binary data to textual form  S/MIME added security enhancements  Enveloped data: Encrypted content and associated keys  Signed data: Encoded message + signed digest  Clear-signed data: Clear text message + encoded signed digest  Signed & enveloped data: Nesting of signed & encrypted entities  Have S/MIME support in many mail agents  E.g., MS Outlook, Mozilla, Mac Mail etc
  • 25. S/MIME Algorithm Symmetric Key Encryption Encrypt with the Recipient’s Public Key EPub-Rcvr Encrypt with the Sender’s Private Key EPri-Send Message Transmitted Certificate Encrypted with KSession Plaintext Encrypted with EPub-Rcvr KSession Encrypted with EPri-Send Hash (Plaintext) Encrypted with EPub-Rcvr Sender’s Public-Key Encrypted with EPri-Send Hash (Plaintext) Encrypted with EPub-Rcvr KSession Encrypted with KSession Plaintext Hash (Plaintext) Hashing Session Key, KSession Create a Random Plaintext
  • 26. Ref: http://en.wikipedia.org/wiki/MIME, http://en.wikipedia.org/wiki/Quoted-printable 19-21 MIME Functions  Types: Text/Plain, Text/Enriched, Multipart/Mixed, Image/jpeg, Image/gif, Video/mpeg, audio/basic, …  Encodings: 7bit, 8bit, binary, quoted-printable, base64  Quoted-Printable: non-alphanumerics by =2 hex-digits, e.g., “=09” for tab, “=20” for space, “=3D” for = http://en.wikipedia.org/wiki/Base64
  • 27. 19-22 S/MIME Cryptographic Algorithms  Digital signatures: DSS & RSA  Hash functions: SHA-1 & MD5  Session key encryption: ElGamal & RSA  Message encryption: AES, Triple-DES, RC2/40 and others  MAC: HMAC with SHA-1  Have process to decide which algorithms to use
  • 28. 19-23 S/MIME Messages  S/MIME secures a MIME entity with a signature, encryption, or both  Forming a MIME wrapped PKCS object (Public Key Cryptography Standard originally by RSA Inc Now by IETF) Type Subtype Smime parameter Meaning Multipart Signed clear msg w signature Application Pkcs7-mime signedData Signed entity Application Pkcs7-mime envelopedData Encrypted entity Application Pkcs7-mime Degenerate signedData Certificate only Application Pkcs7-mime CompressedData Compressed entity Application Pkcs7-signature signedData Signature Content-Type: application/pklcs7-mime; smime-type=signedData; name=smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m Ref: http://en.wikipedia.org/wiki/PKCS
  • 29. 19-24 S/MIME Certificate Processing  S/MIME uses X.509 v3 certificates  Managed using a hybrid of a strict X.509 CA hierarchy and enterprise’s CAs  Each client has a list of trusted CA’s certificates and his own public/private key pairs & certificates  Several types of certificates with different levels of checks:  Class 1: Email and web browsing  Class 2: Inter-company email  Class 3: Banking, …
  • 30. 19-25 S/MIME Enhanced Security Services  RFC2634 (1999) describes enhanced security services:  Signed receipts: Request a signed receipt  Security labels: Priority, which users (role) can access  Secure mailing lists: Request a list processor to encrypt
  • 31. 19-26 Domain Keys Identified Mail  Emails signed by the enterprise, e.g. WUSTL rather than the sender  Company’s mail system signs the message  So spammers cannot fake that companies email addresses Ref: http://en.wikipedia.org/wiki/DKIM
  • 32. Domain Keys Identified Mail (DKIM) With DKIM, an e-mail message is signed using the private key of the administrative domain from which the e-mail originates (not signed with the private key of the individual user, as in PGP and S/MIME). DKIM is transparent to the end-users as the e-mail is signed by the Mail Submission Agent (MSA) of the sender’s domain and validated by the Mail Delivery Agent (MDA) of the recipient’s domain. At the receiving end, the MDA can access the public key of the sender’s administrative domain (through DNS query) and verify the authenticity of the message. E-mails that claim to originate from a particular domain – but, not signed with the private key of the administrative domain – are rejected. The default signing algorithm is RSA with SHA-256. • • • • •
  • 34. DKIM (to send and propagate e-mail messages) SMTP – Simple Mail Transfer Protocol (to retrieve e-mail message from the MDA to the MUA) POP – Post Office Protocol IMAP – Internet Message Access Protocol http://www.youtube.com/watch?v=GcvdhjLVYfY Source: Figure 18.10 from William Stallings – Cryptography and Network Security, 5th Edition
  • 35. 19-28 Summary 1. Email can be signed, encrypted or both 2. PGP is a commonly used system that provides integrity, authentication, privacy, compression, segmentation, and MIME compatibility 3. PGP allows Web of trust in addition to CA certificates 4. S/MIME extends MIME for secure email and provides authentication and privacy 5. DKIM allows originating companies to sign all emails from their users
  • 36. 19-30 Acronyms  AES Advanced Encryption Standard  ASCII American Standard Code for Information Exchange  CA Certificate Authority  CAST Carlisle Adams and Stafford Tavares  CRC Cyclic Redundancy Check  DCIM Domain Key Indentified Mail  DES Digital Encyrption Standard  DSS Digital Signature Scheme  ECC Elliptic Curve Cryptography  ECDSA Elliptic Curve Cryptography Digital Signature Algorithm  HMAC Hybrid Message Authentication Code  IDEA International Data Encryption Algorithm  IETF Internet Engineering Task Force  MAC Message Authentication Code  MD5 Message Digest 5  MIME Multipurpose Internet Mail Extension Washington University in St. Louis CSE571S ©2014 Raj Jain
  • 37. 19-31 Acronyms (Cont)  MIT Massachusetts Institute of Technology  MS Microsoft  OCR Optical Character Recognition  PC Personal Computer  PGP Pretty Good Privacy  PKCS Public Key Cryptography Standard  RC2 Ron's Code 2  RFC Request for Comments  RSA Rivest, Shamir, Adleman  S/MIME Secure Multipurpose Internet Mail Extension  SHA Secure Hash Algorithm  Triple-DES Triple Digital Encryption Standard  WUSTL Washington University in Saint Louis Washington University in St. Louis CSE571S ©2014 Raj Jain