Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Services for

Published byBritney Moody Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Services for"— Presentation transcript:

1 E-mail Security policy

2 Security Services for E-mail
privacy authentication integrity non-repudiation anonymity proof of submission proof of delivery message flow confidentiality, etc. Security CS470, A.Selcuk

3 Key Management A per-message symmetric key is used for message encryption, which is conveyed in the mail, encrypted under a long-term key (typically a public key) Long-term keys can be established, offline online, with help from a trusted third party online, through a webpage (for public keys) Security CS470, A.Selcuk

4 Multiple Recipients Message key will be encrypted under each recipients long term key in the message header. Bob’s ID, KBob{S} Carol’s ID, KCarol{S} Ted’s ID, KTed{S} S{m} E.g.: To: Bob, Carol, Ted From: Alice Key-info: Bob Key-info: Carol Key-info: Ted Msg-info: UHGuiy77t65fhj87oi..... Security CS470, A.Selcuk

5 Text Format Issues Mail gateways/forwarders may modify the format of the message (wrapping long lines, end-of-line character, high order bits, etc.), causing the integrity check to fail Encode messages in a format supported by all mailers. 6-bit representation, no long lines, etc. (similar to uuencode) Security CS470, A.Selcuk

6 Text Format Issues (cont’d)
Problem: Non-supportive clients should be able to read authenticated (but not encrypted) messages, which they no longer can. Two options: MAC without encoding (subject to corruption by mail routers) Encode & MAC/encrypt (may not be readable at the other end) Security CS470, A.Selcuk

7 Providing Different Services
confidentiality: by encryption auth./integrity: by signature or MAC non-repudiation: by signature some eccentric services, anonymity message flow confidentiality non-repudiation with secret keys can be provided by TTP support. Security CS470, A.Selcuk

8 PEM & S/MIME Privacy Enhanced Mail (PEM) Secure/MIME (S/MIME)
Developed by IETF, to add encryption, source authentication & integrity protection to Allows both public & secret long-term keys Message key is always symmetric Specifies a detailed certification hierarchy Secure/MIME (S/MIME) PEM never took off; CA hierarchy difficult to realize S/MIME: PEM design incorporated into MIME Security CS470, A.Selcuk

9 PEM Key Exchange & Encryption
“Interchange keys”: Users’ long-term PEM keys public (a detailed PKI is defined) secret (pre-shared symmetric keys) Encryption A symmetric per-message key is sent encrypted under the interchange key. The message is encrypted under the per-message key (typically with DES in CBC mode) Authentication Message is authenticated by a “MIC” (Q: Any authentication for the per-message key?) Security CS470, A.Selcuk

10 PEM Certificate Hierarchy
The root CA: “Internet Policy Registration Authority” (IPRA) “Policy Certification Authorities”: Second-level, CA- certifying CAs, each with a different policy: High Assurance (HA): super-secure implemented on secure platforms regulates that the child CAs (also HACAs) enforce the same rules Discretionary Assurance (DA): secure requires that the child CAs own their names No Assurance (NA): no constraints can be used to certify Internet personas (pseudonyms) Lower-level CAs, certifying individuals or other CAs Security CS470, A.Selcuk

11 S/MIME vs. PEM Incorporated into MIME; no other encoding
Any sequence of sign & encrypt is supported (each as a recursive MIME encapsulation) Has more options than PEM ASN.1 header encoding No prescribed certification hierarchy Has a good prospect of deployment for commercial & organizational usage Security CS470, A.Selcuk

12 Pretty Good Privacy (PGP)
Popular mail & file encryption tool Developed by Phil Zimmermann, 1991 Based on RSA, IDEA, MD5 (later DSS, ElGamal (DH), 3DES, SHA1) Many different versions have emerged (from PGP, from GNU (GPG), from IETF (Open PGP)) Security CS470, A.Selcuk

13 Publishing and Notification Security Policy
It is a commonly used pattern for inter- object communication. Notification: may have specifications that define a standard web services approach to notification using a topic based publish /subscribe pattern. 9/6/2018

Download ppt "Security Services for"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Introduction to Cryptography

Introduction to Cryptography
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CS470, A.SelcukE-mail Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
1 Lecture 18: E-Mail Security issues specific to email security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.

1 Lecture 18: Security issues specific to security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.

1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.

Similar presentations

Ads by Google