Shouting from the Rooftops: Improving Email Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

Slides:



Advertisements
Similar presentations
CIS 105 Concepts and Terminology Unit 11 CIS 105 Survey of Computer Information Systems Essential Concepts and Terminology Study Unit 11.
Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
PGP Overview 2004/11/30 Information-Center meeting peterkim.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
CS 105 – Introduction to the World Wide Web  HTTP Request*  Domain Name Translation  Routing  HTTP Response*  Privacy and Cryptography  Adapted.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
CSCI 6962: Server-side Design and Programming
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Electronic Mail Security
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Types of Electronic Infection
Cryptography. Introduction Encryption  The art (or science) of putting messages into a code, and the study of those coding techniques. Decryption  The.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.
Application Security: (April 10, 2013) © Abdou Illia – Spring 2013.
TCP/IP (Transmission Control Protocol / Internet Protocol)
CSCE 201 Security Fall CSCE Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across.
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Digital Signatures and Digital Certificates Monil Adhikari.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
Supports the development & implementation of a IPPC Global ePhyto Hub to: Utilize modern Cloud technology. Ensure there is a secure folder for each countries’
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
M2 Encryption techniques Gladys Nzita-Mak. What is encryption? Encryption is the method of having information such as text being converted into a format.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Chapter 5a - Pretty Good Privacy (PGP)
Key management issues in PGP
Unit 3 Section 6.4: Internet Security
e-Health Platform End 2 End encryption
CIW Lesson 7 Part A Name: _______________________________________
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
The Secure Sockets Layer (SSL) Protocol
Unit 8 Network Security.
Electronic Payment Security Technologies
Presentation transcript:

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology

Dr. V Uses to correspond with patients Answers questions Gives test results Changes medications All s are signed with disclaimer for confidentiality Patient A asks how secure her medical information is

How secure is ? Depends : Where it is being sent What you choose to use it for How it is being sent

- the basics Your program is a “mail user agent” Produces a text file Sends the file through the internet using a set of instructions that allow commuters to communicate – a “Protocol” E.g.: SMTP or simple message transfer protocol

- the basics SMTP guides the to final recipients server Can route through several servers if necessary Once it reaches its final destination server, it is stored to disk The recipient accesses the using a Post office protocol (POP)

So what are the security issues Sending an is like sending a postcard Any server through which it passes is an opportunity for eyes to read For the keen individual, it represents an opportunity to alter the contents of the as well.

So what factors alter the security of the ?

Where is it being sent? Data that stays on a server is less likely to fall into the wrong hands More so for dedicated service providers (e.g.: intrauniversity, intrahospital) Less so for data that leaves a server (e.g.: interhospital or interuniversity)

How is it being sent? Data that is sent unprocessed is vulnerable to breach of confidentiality or integrity What do I mean by processed? Encryption Digital signatures

Encryption Key a large number used by encryption algorithm to generate cipher code Public key owner can send you encrypted securely, but cannot decrypt it Private keyowner can decrypt the . The two keys are related, but through very complex algorithms that are difficult to crack

Encryption Keys are stored, encrypted, on your computer, and used by your software Keys can be distributed by owner on disk, by or via access to repository (key server)

PGP encryption: an extra layer of security for encryption

PGP – decryption – the same in reverse

Encryption, but for whom? Encryption: keeps on-looking eyes away from sensitive data, but doesn’t verify the source Authentication and integrity is verified by a digital signature

Digital Signature

Digital signatures

But how do you know the key is from the right person? Key “forgery” is possible, hence the need for security certificates Security certificate = digital signature + authentication from another user + public encryption key + user identification

What is being sent? The best means of preserving data integrity and confidentiality is to decide if it is absolutely necessary to send it the data by .

Return to Dr. V Patients informed: Patient information continues to be transferred over the internet, but patients sign a consent allowing this to happen Information kept confidential: Public keys are issued to patients via key server Patients encouraged to obtain own personal key and distribute public key to Dr. V

Integrity of information confirmed: Security certificates issued with public key All correspondence with digital signature.

Further resources Encryption and digital signature freeware Pretty Good Privacy (PGP) Guidelines for Patient Privacy HIPAA Privacy regulations