CS470, A.SelcukE-mail Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Slides:



Advertisements
Similar presentations
Chapter 14 – Authentication Applications
Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
PGP Overview 2004/11/30 Information-Center meeting peterkim.
Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Introduction to Cryptography
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Key Distribution CS 470 Introduction to Applied Cryptography
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Security Jonathan Calazan December 12, 2005.
Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
1 Lecture 18: Security issues specific to security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.
Electronic Mail Security
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
Electronic mail security. Outline Pretty good privacy S/MIME.
Network Security Essentials Chapter 7 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Chapter 15: Electronic Mail Security
1 Electronic Mail Security Outline Pretty good privacy S/MIME Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.
1 Lecture 19: PEM and S/MIME history PEM –establishing keys –public key hierarchy –message structure –message headers –encryption and integrity protection.
SECURITY – Chapter 15 SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General.
NETWORK SECURITY.
Security PGP IT352 | Network Security |Najwa AlGhamdi 1.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
S/MIME (Secure/Multipurpose Internet Mail Extensions) security enhancement to MIME – original Internet RFC822 was text only – MIME provided.
Digital Signatures and Digital Certificates Monil Adhikari.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.
2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Prof. Wenguo Wang Network Information Security Prof. Wenguo Wang Tel College of Computer Science QUFU NORMAL UNIVERSITY.
1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME.
Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.
第五章 电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.
Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Key management issues in PGP
Electronic mail security
Security is one of the most widely used and regarded network services
Security Pretty Good Privacy (PGP)
CSE565: Computer Security Lectures 19, 20 Electronic Mail Security
Security Services for
S/MIME T ANANDHAN.
NET 536 Network Security Networks and Communication Department
Security at the Application Layer: PGP and S/MIME
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Cryptography and Network Security
….for authentication and confidentiality PGP
Presentation transcript:

CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk

CS470, A.Selcuk Security2 Security Services for privacy authentication integrity non-repudiation anonymity proof of submission proof of delivery message flow confidentiality, etc.

CS470, A.Selcuk Security3 Key Management A per-message symmetric key is used for message encryption, which is conveyed in the mail, encrypted under a long-term key (typically a public key) Long-term keys can be established, –offline –online, with help from a trusted third party –online, through a webpage (for public keys)

CS470, A.Selcuk Security4 Multiple Recipients Message key will be encrypted under each recipients long term key in the message header. –Bob’s ID, K Bob {S} –Carol’s ID, K Carol {S} –Ted’s ID, K Ted {S} –S{m} E.g.: To: Bob, Carol, Ted From: Alice Key-info: Bob Key-info: Carol Key-info: Ted Msg-info: UHGuiy77t65fhj87oi.....

CS470, A.Selcuk Security5 Text Format Issues Mail gateways/forwarders may modify the format of the message (wrapping long lines, end-of-line character, high order bits, etc.), causing the integrity check to fail Encode messages in a format supported by all mailers. 6-bit representation, no long lines, etc. (similar to uuencode)

CS470, A.Selcuk Security6 Text Format Issues (cont’d) Problem: Non-supportive clients should be able to read authenticated (but not encrypted) messages, which they no longer can. Two options: –MAC without encoding (subject to corruption by mail routers) –Encode & MAC/encrypt (may not be readable at the other end)

CS470, A.Selcuk Security7 Providing Different Services confidentiality: by encryption auth./integrity: by signature or MAC non-repudiation: by signature some eccentric services, –anonymity –message flow confidentiality –non-repudiation with secret keys can be provided by TTP support.

CS470, A.Selcuk Security8 PEM & S/MIME Privacy Enhanced Mail (PEM) –Developed by IETF, to add encryption, source authentication & integrity protection to –Allows both public & secret long-term keys Message key is always symmetric –Specifies a detailed certification hierarchy Secure/MIME (S/MIME) –PEM never took off; CA hierarchy difficult to realize –S/MIME: PEM design incorporated into MIME

CS470, A.Selcuk Security9 PEM Key Exchange & Encryption “Interchange keys”: Users’ long-term PEM keys –public (a detailed PKI is defined) –secret (pre-shared symmetric keys) Encryption –A symmetric per-message key is sent encrypted under the interchange key. –The message is encrypted under the per-message key (typically with DES in CBC mode) Authentication –Message is authenticated by a “MIC” (Q: Any authentication for the per-message key?)

CS470, A.Selcuk Security10 PEM Certificate Hierarchy The root CA: “Internet Policy Registration Authority” (IPRA) “Policy Certification Authorities”: Second-level, CA- certifying CAs, each with a different policy: –High Assurance (HA): super-secure implemented on secure platforms regulates that the child CAs (also HACAs) enforce the same rules –Discretionary Assurance (DA): secure requires that the child CAs own their names –No Assurance (NA): no constraints can be used to certify Internet personas (pseudonyms) Lower-level CAs, certifying individuals or other CAs

CS470, A.Selcuk Security11 S/MIME vs. PEM Incorporated into MIME; no other encoding Any sequence of sign & encrypt is supported (each as a recursive MIME encapsulation) Has more options than PEM ASN.1 header encoding No prescribed certification hierarchy Has a good prospect of deployment for commercial & organizational usage

CS470, A.Selcuk Security12 Pretty Good Privacy (PGP) Popular mail & file encryption tool Developed by Phil Zimmermann, 1991 Based on RSA, IDEA, MD5 (later DSS, ElGamal (DH), 3DES, SHA1) Many different versions have emerged (from PGP, from GNU (GPG), from IETF (Open PGP))

CS470, A.Selcuk Security13 PGP Operation All long-term user keys are public Signature: Message & timestamp are hashed (MD5 or SHA1) and signed (RSA or DSS) Compression (ZIP) Encryption: –Message is encrypted with a per-message symmetric key (typically with IDEA in CFB mode) –which is encrypted with the recipient’s public key (RSA or DH (ElGamal)) Radix-64 (6-bit) encoding

CS470, A.Selcuk Security14 Trust Model & Key Management Any user can certify any other (anarchy model) Each user decides whom to trust and how much “Key Ring”: Data structure to store public keys held by a user, with their levels of trust Public keys can be obtained, –offline (in person, over the phone, etc.) –through personal webpages –through a trusted friend (“web of trust”) –through a trusted CA

CS470, A.Selcuk Security15 DKIM – Domain Keys Identified Mail An effort to stop spam with forged domain addresses (e.g. phishing attacks). Standardized by RFC 4871; supported by Yahoo, Gmail, FastMail etc. Each domain has an signature key. Public keys will be retrieved over DNS. If signature verification fails, mail will be dropped.

CS470, A.Selcuk Security16 DKIM Once deployed, it will significantly limit phishing attacks with forged domain addresses. Deployment is increasing rapidly. Example: Gmail’s collaboration with PayPal & eBay

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.