CS 465 Secure Email Last Updated: Nov 30, 2017.

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 8, 2012.
Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Principles of Information Security, 2nd edition1 Cryptography.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Security Jonathan Calazan December 12, 2005.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Wireless and Security CSCI 5857: Encoding and Encryption.
Masud Hasan Secue VS Hushmail Project 2.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Module 9: Fundamentals of Securing Network Communication.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
Security fundamentals Topic 5 Using a Public Key Infrastructure.
7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.
2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
July 19, Secure Messaging Models Co-existence and Interoperability Russell W. Chung New York, NY July 19, 2005.
第五章 电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.
Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Usable Cryptography (End-to-End) Marcus Brinkmann LSM
and File Security With GnuPG Matt Brodeur
Why Does The Site Need an SSL Certification?. Security should always be a high concern for your website, but do you need an SSL certificate? A secure.
Key management issues in PGP
Web Applications Security Cryptography 1
Internet Business Associate v2.0
Security is one of the most widely used and regarded network services
Security Outline Encryption Algorithms Authentication Protocols
Secure Sockets Layer (SSL)
CSE565: Computer Security Lectures 19, 20 Electronic Mail Security
Security Services for
Misc. Security Items.
CIW Lesson 7 Part A Name: _______________________________________
S/MIME T ANANDHAN.
IS3230 Access Security Unit 9 PKI and Encryption
By Ian Foster, Jon Larson, Max Masich, Alex C
Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure
Message Digest Cryptographic checksum One-way function Relevance
Security at the Application Layer: PGP and S/MIME
Pooja programmer,cse department
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
Electronic Mail Security
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Unit 8 Network Security.
Electronic Payment Security Technologies
Module 4 System and Application Security
Slides Credit: Sogand Sadrhaghighi
Presentation transcript:

CS 465 Secure Email Last Updated: Nov 30, 2017

Goals Be able to describe how secure email works to provide confidentiality, integrity, and authentication Understand trust models PGP S/MIME Gain hands-on experience using secure email

Email Is your email secure? What is the threat model?

PGP (Pretty Good Privacy) Designed by Phil Zimmerman Originally designed as a human rights tool Published for free on the Internet in 1991 Phil was the target of a three year criminal investigation Where to get PGP? http://www.philzimmermann.com/EN/findpgp/index.html pgp.com GnuPG (GPG) In the 1990’s, one way to skirt federal export controls was to publish the source code in book form (this was allowed), ship the books to Europe, scan the source code using OCR technology to create the code. Laborious, but legal. Trust model Web of trust Grass roots, bottom up Manual key management

S/MIME Secure Multipurpose Internet Mail Extension Security extension to the MIME Internet email format Trust model Hierarchical CAs that issue X.509 certificates Top-down Used by companies and government orgs

Key Management Recommended that you use a different public key for signing outgoing and decrypting incoming email PGP Generate your own keys You are responsible to distribute In person or through key servers Key signing parties! S/MIME Have your public key signed by a CA Start sending signed email Your public key is sent along with a signed message

How Secure Email is Sent The following example is taken from a PGP description Sign-then-encrypt The way that both symmetric encryption and asymmetric encryption are used together is common to many secure messaging systems

How Secure is our Email? Until the last decade, most email was sent and received in the clear over the network FireSheep prompted webmail providers to use HTTPS to protect browser connections (2010) Email is usually stored in the clear Free email supported by ad revenue Search, spam/malware protection Connections between providers is sometimes encrypted (STARTTLS)

Email Encrypted in Transit HTTPS by default (2010) https://gmail.googleblog.com/2010/01/default-https-access-for-gmail.html Mandated HTTPS from the browser (2014) https://googleblog.blogspot.com/2014/03/staying-at-forefront-of-email-security.html

Email Authenticity DKIM (Domain Keys Identified Email) Providers sign email sent from their domain Public key published in DNS Clients validate the signature (problematic) SPF (Sender Policy Framework) Authorized email hosts published in DNS Google visual indicators for email sent in the clear and not authenticated https://blog.google/products/gmail/making-email-safer-for-you-posted-by/

Why is Secure Email Not Used? Users accept the risk Usability challenges of key management Chicken and egg problem PGP history of usability studies that failed Why Johnny Can’t Encrypt (1999) Why Johnny Still Can’t Encrypt (2006) Why Johnny Still, Still Can’t Encrypt (2015) – BYU Schneier reacts - https://www.schneier.com/blog/archives/2015/11/testing_the_usa.html Recent success with secure messaging apps supporting end-to-end encryption Signal, WhatsApp, Facebook Messenger, Google Allo Prevents passive attacks Key validation is not done, so active attack may be possible

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.