1 Lecture 18: E-Mail Security issues specific to email security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.

Slides:



Advertisements
Similar presentations
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Public Key Management and X.509 Certificates
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
PGP Overview 2004/11/30 Information-Center meeting peterkim.
Secure Systems.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
1 Intro To Encryption Exercise Analyze the following scenario: Sender:  Cipher1= Encrypt message with symmetric key algorithm  RSA_Encrypt (SHA1(message)
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
Cryptography, Authentication and Digital Signatures
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Chapter 21 Distributed System Security Copyright © 2008.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
COEN 350 Security. Distribution List Simplest: Single recipient per message. Distribution List Send mail to a set of recipients. Remote.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Csci5233 computer security & integrity 1 Cryptography: an overview.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Computer and Network Security - Message Digests, Kerberos, PKI –
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.
Network Security Celia Li Computer Science and Engineering York University.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
Copyright 2004 MayneStay Consulting Group Ltd. - All Rights Reserved Jan-041 Security using Encryption Security Features Message Origin Authentication.
Lecture 22 Network Security (cont) CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger slides are modified from Jim Kurose,
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Key management issues in PGP
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Computer Communication & Networks
Secure Sockets Layer (SSL)
Security Services for
Protocol ap1.0: Alice says “I am Alice”
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Security: Integrity, Authentication, Non-repudiation
Chapter 8 roadmap 8.1 What is network security?
Presentation transcript:

1 Lecture 18: Security issues specific to security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability –proof of submission/deliver –others text formatting issues

2 Complexities of non-real-time text-based –with potential reformatting on the way distribution lists –local explosion – list maintainer sends back the users’ addresses to the sender –remote explosion – list maintainer forwards the message to everyone on the list store-and-forward –by multiple MTAs

3 Security Services for privacy – only intended recipient reads the message authentication – recipient confirms the identity of the sender integrity – message has not been altered in route non-repudiation (third-party authentication) – recipient can prove that the sender indeed sent the message proof of submission – verification to sender that mail system accepted message for transmission (how’s that similar/different from US Postal service?) proof of delivery – verification to sender that the recipient received the message message flow confidentiality – third party cannot know that the exchange between sender and recipient occurred anonymity – recipient does not know the identity of the sender others: audit (network records), (security levels) containment, accounting, self-destruction, message sequence integrity

4 Key Management the security services can be provided using either public or private keys a per-message symmetric key is used for message encryption, which is conveyed in the mail, encrypted under a long-term key (typically a public key) long-term keys can be established, –offline –online, with help from a trusted third party (PKI, KDC) –online, through a web, , etc

5 Privacy end-to-end Alice encrypts the message with her shared key with Bob or her public key –if public – better to a invent and encrypt a symmetric key and use the key to encrypt the message (why?) mailing lists local explosion (what’s wrong with local explosion and privacy?) –message key will be encrypted under each recipients long term key in the message header. Bob’s ID, K Bob {S} Carol’s ID, K Carol {S} Ted’s ID, K Ted {S} S{m} –E.g.: To: Bob, Carol, Ted From: Alice Key-info: Bob Key-info: Carol Key-info: Ted Msg-info: UHGuiy77t65fhj87oi..... remote explosion – use public key for the list

6 Integrity/Authentication why do we need integrity together with authentication? public key, how? secret key – use a MAC (what’s that?) –MAC can be CBC residue computed with shared key. message digest of the shared key appended to the message message digest encrypted with shared key –which method is most efficient if there are multiple recipients?

7 Non-repudiation/Plausible Deniability Public keys: nonrepudiation easy, PD hard (why?) Secret keys: vice versa PD with public keys, why does this scheme work? –Alice, to send message m to Bob, –chooses a random symmetric key S –computes [{S} Bob ] Alice –computes MAC S (m) –sends m, MAC S (m), [{S} Bob ] Alice Secret key NR: with notary –Alice negotiates with notary to add “seal” to msg, f(S N, msg, “Alice”); S N is secret local to notary –Bob can’t tell if seal OK, but could ask –Or Notary can add second seal for Bob: Note: Bob’s seal better cover Alice’s. Why? –does the notary need to know the message to add a seal?

8 Proof of Submission/Delivery submission –post office signs MD of message –proves it received it, not that it was delivered delivery –signed by recipient, when should recipient sign the message before delivery (what if lost after signature) after delivery (what if does not want to sign?)

9 Confirming Time of Message Transmission, Others why is confirming desirable? two attacks backdating – claiming something happened later than it did –prevention – notary dates and signs the message upon receipt postdating – claiming something happened earlier than it did –prevention – include in message something that could not be known until later, or signed timestamp of a notary for that date other services protecting message flow, anonymity – use intermediaries –not straightforward, why? containment – deploy security level aware mail system

10 Text Format Issues Mail gateways/forwarders may modify the format of the message (wrapping long lines, end-of-line character, high order bits, etc.), causing the integrity check to fail –Encode messages in a format supported by all mailers. 6-bit representation, no long lines, etc. (similar to uuencode) Non-supportive clients should be able to read authenticated (but not encrypted) messages, –MAC without encoding (subject to corruption by mail routers) –Encode & MAC/encrypt (may not be readable at the other end)