Secure Damascus University Faculty of Information Technology Networks specialization Secure

presentation scheme What is our project? Project goals Encryption Algorithms and Digital Signature Existed similar products Server and Client Functions Security implementation Developing horizons Conclusion

what is our project? Secure Secure Encrypted exchange of messages between communication sides using mixture of symmetric and asymmetric encryption LAN with many services

Project goals Security goals Communication goals Information security Data integrity Server and Client authentication Identity spoofing Non repudiation Building an application to perform: Exchanging messages and attached files

Developing Model client side evaluation design risk analysis planning calling the clientanalysis Implementation

Encryption Algorithms Hi Mahmoud *&^1 Hi Mahmoud ManarMahmoud Same Key Symmetric

Encryption Algorithms Hi Mahmoud *&^1 Hi Mahmoud ManarMahmoud Asymmetric Mahmoud’s Public Key Mahmoud’s Private Key

Hash Function X Using of Hash Function Encryption Algorithms Message digest

Encryption Algorithms Message digest + sender private key digital signature Goals of digital signature: Data integrity Authentication Identity spoofing Non repudiation

Encryption Algorithms Hash MM ’M ’’H ‘HH ‘’M ’MM ’’HM ’ Client Private Key Session Key Server Public Key Server Private Key Client Public Key H ‘’H = ? If true True message ClientServer M ’’H ‘

existed similar products PEM: Privacy Enhanced Mail, 1987 Attempted to add security to SMTP Attempted o build a CA hierarchy along X500 lines Solved the data formatting problem with base 64 encoding It has failed because: Message format was ugly The required X500 support infrastructure PGP: Pretty Good Privacy, 1991 MD4 + RSA signatures & key s exchange.. IDEA for encryption Ports for UNIX, VMS, … Compression speedup encryption & signing, reduce msg Requires no support infrastructure

Data Base Server’s User # address * Password * firstName * lastName * question * answer Keys # address * privateExp * privateMod * publicExp * publicMod Messages # id * To * fromUser * dataSend О subject О Body О State О Cc О Important О Attachment О is Encrypted attachment # Id * File name

Client’s Data Base Mymessage # Id * To * fromUser * subject ס dataSend ס Body ס State ס Cc ס Bcc ס Deleted ס important ס Attachment attachment # Id * File name addressBook # address ס f_name ס l_name ס tel_nb ס mobile_nb ס address Client keys # address * privateExp * privateMod * publicExp * publicMod

Server and Client Functions Server’s Daemon: Works all the time Receives requests Forewords it to threads Thread: Receives request from server Call suitable procedure according to request parameters What procedures we have: log in new account register receiving message from client and forwarding it to its destination sending directed messages to client services as: changing password, remembering password generating private and public keys

Server and Client Functions Client’s Client available services: log in new account register sending message to server with/without attachment import client messages from server services as: changing password, remembering password sending more than one message in the same time (Outbox) sending: replay, replay all, forward address book

Security Implementation Client Server

Security Implementation ClientServer new account X Y Server Private Key K’ Server Public Key K’’ If (K = = K’’) client and server have same key new account:

Security Implementation If (K = = K’’) client and server have same key address passwordfirst namelast namequestionanswer Secret Key (K) encrypted Client

Server encrypted Secret Key (K) address password first name last name question answer Security Implementation

ClientServer If existed address existed else New account added ! h Client private + public key

Security Implementation log in: If (K = = K’’) client and server have same key address password Session Key encrypted Client Client Private Key Server Public Key encrypted Digital Signature Encryption & Digital Signature

Security Implementation ClientServer log in: log in encrypted Digital Signature

encrypted Digital Signature server Security Implementation Client Public Key Server Private Key encrypted Secret Key address password Decryption & Verification

Security Implementation ClientServer If (existed address & matched password) Existed& matched else Invalid username or password ! h

Security Implementation Sending message with attachment : msg body attachment *&^1 DS To: Cc: Bcc: Server Public Key Encryption & Digital Signature Client

*&^1 DS attachment To: Cc: Bcc: *  ^1 ’  ’h’ *&^1 ’  ’h’ *&^1 To public key Cc public key Bcc public key(s) To: Cc: Encryption Security Implementation Server Private Key server

Security Implementation If right destination put msg in destination inbox else error msg in source inbox

Applying Range & Developing Horizons Applying Range: In all LANs Developing Horizons: Using this System to send/receive messages across Internet

Conclusion لخصت مجموعة الأخبار alt.security في قائمة الأسئلة الأكثر طرحاً FAQ ، عموميةَ مشكلة الأمن في الأنظمة بالإجابة على السؤال المشهور : س : ما الذي يجعل النظام غير آمن؟ ج : " إن أكثر ما يجعل نظاماً غير آمنٍ هو تشغيله ! ، حيث يكون النظام آمناً بشكل حقيقيّ إذا كان : مطفأ، مفصولاً عن كل شيء، مقفلاً عليه في حافظة من التيتانيوم، مدفوناً في مستودع تحت الأرض، ومحاطاً بغاز سام للأعصاب وبمجموعة من الحراس المدججين ذوي الرواتب العالية، وحتى مع كل هذا فأنا لا أراهن بحياتي عليه !” * [CONA-99] * يجيب على قائمة الأسئلة هذه Alec Muffett ، وذلك بمساعدة العديد من الآخرين.

Developed by: Manar Wassouf Somar Saeda Mahmoud Mahfoud Supervised by: Dr. Moutasem Shafa Amri Eng. Muhammad Juneidi Special thanks to : Administration and learning Group in Faculty of Information Technology. Thanks everybody for listening Developing Team Secure All rights reserved for developing team SMM ©