Principle, utilization and limitations for secure electronic mail systems FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Segurança em Sistemas Informáticos.

Slides:

Advertisements

Similar presentations

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Advertisements

CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.

Principles of Information Security, 2nd edition1 Cryptography.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Lesson 7: Business, , & Personal Information Management

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Tony BrettOUCS Course Code ZAB 9 February Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.

Electronic mail security -- Pretty Good Privacy.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Security Jonathan Calazan December 12, 2005.

Deployment Models A. client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B. client using Native S/MIME »Internet.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

Anya Brookman. How to create a new message Unwanted messages Folders Messages you have sent to someone Logging out when you have finished sending.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Computer Concepts 2014 Chapter 7 The Web and .

OCR Nationals – Unit 1 AO2 (Part 2) – s. Overview of AO2 (Part 2) To select and use tools and facilities to download files/information and to send.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

S/MIME and CMS Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.

Masud Hasan Secue VS Hushmail Project 2.

Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Security+ All-In-One Edition Chapter 14 – and Instant Messaging Brian E. Brzezicki.

Electronic mail security. Outline Pretty good privacy S/MIME.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

What is and How Does it Work?  Electronic mail ( ) is the most popular use of the Internet. It is a fast and inexpensive way of sending messages.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Involving What is and how does it work? Difference between CC and Bcc Virus How to compress a large file? Advantages and Disadvantages.

EIDE Design Considerations 1 EIDE Design Considerations Brian Wright Portland General Electric.

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Chapter 15: Electronic Mail Security

NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,

Security PGP IT352 | Network Security |Najwa AlGhamdi 1.

The Internet 8th Edition Tutorial 3 Using Web-Based Services for Communication and Collaboration.

Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .

  is a system of electronic communication that allows the user to exchange messages over the internet  Everyone’s address is unique  Two.

Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Objective 4.01: Compose effective correspondence.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

PGP Key Management Basic Principals AfNOG 2007 April 26, 2007 Abuja, Nigeria Hervey Allen.

Network Security: Security. Objectives To learn to use security tools –PGP To learn the availability of security libraries –S/MIME.

V 0.1Slide 1  send – Send How to send in WebSAMS? Access Control Other Information Configuration Customization  manage.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

CIW LESSON 7 PART A. INTRODUCTION TO BUSINESS ELECTRONIC MAIL The use of has given rise to the term ______________________, which is a slang term.

第五章电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.

Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:

Key management issues in PGP

Internet Business Associate v2.0

Online Training Course

Security is one of the most widely used and regarded network services

How Works Ameera Al Ghamdi ID:

Unit 3 Section 6.4: Internet Security

CIW Lesson 7 Part A Name: _______________________________________

Microsoft Word 2003 Illustrated Complete

An Installation Guide of PGP on Windows 2000

Objective 4.01: Compose effective correspondence

How Works Ameera Al Ghamdi ID:

PGP Key Management Basic Principles

ONLINE SECURE DATA SERVICE

Objective: Compose effective e- mail correspondence

Presentation transcript:

Principle, utilization and limitations for secure electronic mail systems FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Segurança em Sistemas Informáticos 2009/2010 Lindomar Bandeira Rocha

 Inline Encoding ( clearsigning )  Older choice  Good for basic messages  PGP/MIME  More modern choice  Attachment-based 2OpenPGP : Principle, utilization and limitations for secure electronic mail systems

 Occurs directly within the body of the message.  OpenPGP signature at the end of the message.  Encrypted message replaces the original message body completely. 3OpenPGP : Principle, utilization and limitations for secure electronic mail systems

 Inline- encrypted message opened without using OpenPGP program: 4OpenPGP : Principle, utilization and limitations for secure electronic mail systems

DISADVANTAGES :  Non- English caracter sets;  Attachments;  Binary documents;  Mail servers can corrupt clearsigned messages.  Non- English caracter sets;  Attachments;  Binary documents;  Mail servers can corrupt clearsigned messages. ADVANTAGES:  Read by any mail client. 5OpenPGP : Principle, utilization and limitations for secure electronic mail systems

 Attachment-based:  Encrypted message send as attachment;  Signed message and signatures send as attachment;  Attachments are encrypted and attached. 6OpenPGP : Principle, utilization and limitations for secure electronic mail systems

DISADVANTAGES:  Not supported by all mail Clients ADVANTAGES:  Mail servers never modifies attachments;  Mail clients treat attachments as separated objects;  Simple to encrypt different character sets or binary files.  Mail servers never modifies attachments;  Mail clients treat attachments as separated objects;  Simple to encrypt different character sets or binary files. OpenPGP : Principle, utilization and limitations for secure electronic mail systems7

 Proxies  sits between your client and your mail server.  Plug – Ins  integrates with your client. 8OpenPGP : Principle, utilization and limitations for secure electronic mail systems

DISADVANTAGES:  Configure signing, encryption, and decryption in the proxy;  Won’t get an “encrypt and sign” button or menu option;  Have to open the proxy program and say “Encrypt all messages now” or “Encrypt messages to this address.”  Configure signing, encryption, and decryption in the proxy;  Won’t get an “encrypt and sign” button or menu option;  Have to open the proxy program and say “Encrypt all messages now” or “Encrypt messages to this address.” ADVANTAGES:  Works with any mail client; 9OpenPGP : Principle, utilization and limitations for secure electronic mail systems

DISADVANTAGES:  Each mail client plug-in is unique;  Each behaves slightly differently ;  Has a different interface.  Each mail client plug-in is unique;  Each behaves slightly differently ;  Has a different interface. ADVANTAGES:  Provides “sign” and “encrypt” buttons directly within the client;  Is written to look like it’s part of the mail client program.  Provides “sign” and “encrypt” buttons directly within the client;  Is written to look like it’s part of the mail client program. 10OpenPGP : Principle, utilization and limitations for secure electronic mail systems

 When you send someone encrypted , the reader must use the recipient’s private key to read it. However, because you don’t have the recipient’s private key, you can’t read the mail that you sent, even though you created it! 11OpenPGP : Principle, utilization and limitations for secure electronic mail systems

are not protected on your hard drive. Save all your on an encrypted disk partition. Another popular option is to also “Encrypt to self”. 12OpenPGP : Principle, utilization and limitations for secure electronic mail systems

 Expand my Web of Trust  Trace the Web of Trust to that person  Use the key but limit my trust of the sender 13OpenPGP : Principle, utilization and limitations for secure electronic mail systems

 PGP pathfinder  trace the path through the Web of Trust between any two OpenPGP keys  use the keyid for the two keys involved  Based on WOTSAP, Python program designed to trace relashionships between keys 14OpenPGP : Principle, utilization and limitations for secure electronic mail systems

 OpenPGP does not encrypt subject lines in .  messages sent with PGP should have innocuous subjects (or perhaps no subject at all)  Mail client might default to storing unencrypted versions of the OpenPGP s that you send. 15OpenPGP : Principle, utilization and limitations for secure electronic mail systems