Secure Damascus University Faculty of Information Technology Networks specialization Secure
presentation scheme What is our project? Project goals Encryption Algorithms and Digital Signature Existed similar products Server and Client Functions Security implementation Developing horizons Conclusion
what is our project? Secure Secure Encrypted exchange of messages between communication sides using mixture of symmetric and asymmetric encryption LAN with many services
Project goals Security goals Communication goals Information security Data integrity Server and Client authentication Identity spoofing Non repudiation Building an application to perform: Exchanging messages and attached files
Developing Model client side evaluation design risk analysis planning calling the clientanalysis Implementation
Encryption Algorithms Hi Mahmoud *&^1 Hi Mahmoud ManarMahmoud Same Key Symmetric
Encryption Algorithms Hi Mahmoud *&^1 Hi Mahmoud ManarMahmoud Asymmetric Mahmoud’s Public Key Mahmoud’s Private Key
Hash Function X Using of Hash Function Encryption Algorithms Message digest
Encryption Algorithms Message digest + sender private key digital signature Goals of digital signature: Data integrity Authentication Identity spoofing Non repudiation
Encryption Algorithms Hash MM ’M ’’H ‘HH ‘’M ’MM ’’HM ’ Client Private Key Session Key Server Public Key Server Private Key Client Public Key H ‘’H = ? If true True message ClientServer M ’’H ‘
existed similar products PEM: Privacy Enhanced Mail, 1987 Attempted to add security to SMTP Attempted o build a CA hierarchy along X500 lines Solved the data formatting problem with base 64 encoding It has failed because: Message format was ugly The required X500 support infrastructure PGP: Pretty Good Privacy, 1991 MD4 + RSA signatures & key s exchange.. IDEA for encryption Ports for UNIX, VMS, … Compression speedup encryption & signing, reduce msg Requires no support infrastructure
Data Base Server’s User # address * Password * firstName * lastName * question * answer Keys # address * privateExp * privateMod * publicExp * publicMod Messages # id * To * fromUser * dataSend О subject О Body О State О Cc О Important О Attachment О is Encrypted attachment # Id * File name
Client’s Data Base Mymessage # Id * To * fromUser * subject ס dataSend ס Body ס State ס Cc ס Bcc ס Deleted ס important ס Attachment attachment # Id * File name addressBook # address ס f_name ס l_name ס tel_nb ס mobile_nb ס address Client keys # address * privateExp * privateMod * publicExp * publicMod
Server and Client Functions Server’s Daemon: Works all the time Receives requests Forewords it to threads Thread: Receives request from server Call suitable procedure according to request parameters What procedures we have: log in new account register receiving message from client and forwarding it to its destination sending directed messages to client services as: changing password, remembering password generating private and public keys
Server and Client Functions Client’s Client available services: log in new account register sending message to server with/without attachment import client messages from server services as: changing password, remembering password sending more than one message in the same time (Outbox) sending: replay, replay all, forward address book
Security Implementation Client Server
Security Implementation ClientServer new account X Y Server Private Key K’ Server Public Key K’’ If (K = = K’’) client and server have same key new account:
Security Implementation If (K = = K’’) client and server have same key address passwordfirst namelast namequestionanswer Secret Key (K) encrypted Client
Server encrypted Secret Key (K) address password first name last name question answer Security Implementation
ClientServer If existed address existed else New account added ! h Client private + public key
Security Implementation log in: If (K = = K’’) client and server have same key address password Session Key encrypted Client Client Private Key Server Public Key encrypted Digital Signature Encryption & Digital Signature
Security Implementation ClientServer log in: log in encrypted Digital Signature
encrypted Digital Signature server Security Implementation Client Public Key Server Private Key encrypted Secret Key address password Decryption & Verification
Security Implementation ClientServer If (existed address & matched password) Existed& matched else Invalid username or password ! h
Security Implementation Sending message with attachment : msg body attachment *&^1 DS To: Cc: Bcc: Server Public Key Encryption & Digital Signature Client
*&^1 DS attachment To: Cc: Bcc: * ^1 ’ ’h’ *&^1 ’ ’h’ *&^1 To public key Cc public key Bcc public key(s) To: Cc: Encryption Security Implementation Server Private Key server
Security Implementation If right destination put msg in destination inbox else error msg in source inbox
Applying Range & Developing Horizons Applying Range: In all LANs Developing Horizons: Using this System to send/receive messages across Internet
Conclusion لخصت مجموعة الأخبار alt.security في قائمة الأسئلة الأكثر طرحاً FAQ ، عموميةَ مشكلة الأمن في الأنظمة بالإجابة على السؤال المشهور : س : ما الذي يجعل النظام غير آمن؟ ج : " إن أكثر ما يجعل نظاماً غير آمنٍ هو تشغيله ! ، حيث يكون النظام آمناً بشكل حقيقيّ إذا كان : مطفأ، مفصولاً عن كل شيء، مقفلاً عليه في حافظة من التيتانيوم، مدفوناً في مستودع تحت الأرض، ومحاطاً بغاز سام للأعصاب وبمجموعة من الحراس المدججين ذوي الرواتب العالية، وحتى مع كل هذا فأنا لا أراهن بحياتي عليه !” * [CONA-99] * يجيب على قائمة الأسئلة هذه Alec Muffett ، وذلك بمساعدة العديد من الآخرين.
Developed by: Manar Wassouf Somar Saeda Mahmoud Mahfoud Supervised by: Dr. Moutasem Shafa Amri Eng. Muhammad Juneidi Special thanks to : Administration and learning Group in Faculty of Information Technology. Thanks everybody for listening Developing Team Secure All rights reserved for developing team SMM ©