Email Security

Published on May 2016 | Categories: Types, Research | Downloads: 55 | Comments: 0 | Views: 240
of 23
Download PDF   Embed   Report

power point presentation about email security using PGP method

Comments

Content

EMAIL SECURITY

1

Email Security
Student: Ashraf Gamal Ahmed El-Bialy CS634 – data Security Fall 2012-2013

Supervisor: DR. Hisham ElZoka
College of Computing and Information Technology Arab Academy For Science, Technology And Maritime Transport's

EMAIL SECURITY
• email is one of the most widely used and regarded network services • The protection of email from unauthorized access and inspection is known as electronic privacy.

CRYPTOGRAPHY AND NETWORK SECURITY

3

RISKS TO USER
• Email is vulnerable to both passive and active attacks.



Passive threats include Release of message contents, and Traffic analysis .

• Active threats include Modification of message contents, Masquerade, Replay, and Denial of Service (DoS). • Actually, all the mentioned threats are applicable to the traditional email protocols

Email Pathway

EMAIL SECURITY ENHANCEMENTS
 Confidentiality

• protection from disclosure
 Authentication • of sender of message  Message integrity • protection from modification  Non-repudiation of origin • protection from denial by sender

CRYPTOGRAPHY AND NETWORK SECURITY

6

METHODS/ALGORITHMS
• Pretty Good Privacy (PGP)

• Secure/Multipurpose Internet Mail Extensions (S/MIME)
• Transport Layer Security (TLS) • Domain Keys Identified Mail (DKIM) • . • .

PRETTY GOOD PRIVACY (PGP)
• Essentially the product of one single person – Phil Zimmermann

• Released in 1991 Complete email security package providing privacy, authentication, digital signatures, and compression.
• Available on Unix, Linux, Windows, Mac OS • It is based on algorithms that have survived extensive public review and are considered extremely secure. Specifically, the package includes RSA, DSS, and Diffie-Hellman for public-key encryption(Key Management); CAST-128, IDEA, and 3DES for symmetric encryption; and SHA-1 for hash coding.

CRYPTOGRAPHY AND NETWORK SECURITY

8

PGP
• Five services • Authentication, confidentiality, compression, email compatibility. • Functions • Digital signature • Message encryption • Compression • Email compatibility

CRYPTOGRAPHY AND NETWORK SECURITY

9

PGP OPERATION – AUTHENTICATION
1. sender creates a message 2. SHA-1 used to generate 160-bit hash code of message 3. hash code is encrypted with RSA using the sender's private key, and result is attached to message 4. receiver uses RSA or DSS with sender's public key to decrypt and recover hash code 5. receiver generates new hash code for message and compares with decrypted hash code, if match, message is accepted as authentic

CRYPTOGRAPHY AND NETWORK SECURITY

10

PGP OPERATION – AUTHENTICATION

PGP CRYPTOGRAPHIC FUNCTIONS

11

PGP OPERATION – CONFIDENTIALITY
1. sender generates message and random 128-bit number to be used as session key for this message only 2. message is encrypted, using CAST-128 / IDEA/3DES with session key

3. session key is encrypted using RSA with recipient's public key, then attached to message
4. receiver uses RSA with its private key to decrypt and recover session key 5. session key is used to decrypt message

CRYPTOGRAPHY AND NETWORK SECURITY

12

PGP OPERATION – CONFIDENTIALITY

PGP OPERATION – CONFIDENTIALITY & AUTHENTICATION
• uses both services on same message • create signature & attach to message • encrypt both message & signature

• attach RSA encrypted session key

CRYPTOGRAPHY AND NETWORK SECURITY

14

PGP OPERATION – CONFIDENTIALITY & AUTHENTICATION

PGP OPERATION – COMPRESSION
• by default PGP compresses message after signing but before encrypting • so can store uncompressed message & signature for later verification • & because compression is non deterministic • uses ZIP compression algorithm

CRYPTOGRAPHY AND NETWORK SECURITY

16

PGP OPERATION – EMAIL COMPATIBILITY
• when using PGP will have binary data to send (encrypted message etc)

• however email was designed only for text
• hence PGP must encode raw binary data into printable ASCII characters • uses radix-64 algorithm • maps 3 bytes to 4 printable chars • also appends a CRC • PGP also segments messages if too big

CRYPTOGRAPHY AND NETWORK SECURITY

17

PGP OPERATION – SUMMARY

CRYPTOGRAPHY AND NETWORK SECURITY

18

KEY MANAGEMENT
• Generating unpredictable session keys

• Identifying keys
• Multiple public, private key pairs for a user • Maintain keys • Its own public, private keys of a PGP entity • Public keys of correspondents

CRYPTOGRAPHY AND NETWORK SECURITY

19

SESSION KEY GENERATION
• Algorithm used: CAST-128 • Input to CAST-128 • A 128-bit key • Two 64 bits plaintexts to be encrypted • Output using cipher feedback mode • Generates 2 64-bits ciphers form session key • Plaintexts are from 128-bits randomized number • Based on key stroke of user (timing and actual keys) • Then combined with previous session key

CRYPTOGRAPHY AND NETWORK SECURITY

20

S/MIME (SECURE/MULTIPURPOSE INTERNET MAIL EXTENSIONS)
• security enhancement to MIME email

• original Internet RFC822 email was text only
• MIME provided support for varying content types and multipart messages

• with encoding of binary data to textual form
• S/MIME added security enhancements • have S/MIME support in various modern mail agents: MS Outlook, Netscape etc

CRYPTOGRAPHY AND NETWORK SECURITY

21

S/MIME CRYPTOGRAPHIC ALGORITHMS
• hash functions: SHA-1 & MD5 • digital signatures: DSS & RSA • session key encryption: ElGamal & RSA

• message encryption: Triple-DES, RC2/40 and others
• have a procedure to decide which algorithms to use

CRYPTOGRAPHY AND NETWORK SECURITY

22

Thank you

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close