Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 465 Secure Email Last Updated: Nov 30, 2017.

Published byElfreda Hunter Modified over 6 years ago

Similar presentations

Presentation on theme: "CS 465 Secure Email Last Updated: Nov 30, 2017."— Presentation transcript:

1 CS 465 Secure Last Updated: Nov 30, 2017

2 Goals Be able to describe how secure works to provide confidentiality, integrity, and authentication Understand trust models PGP S/MIME Gain hands-on experience using secure

3 Is your secure? What is the threat model?

4 PGP (Pretty Good Privacy)
Designed by Phil Zimmerman Originally designed as a human rights tool Published for free on the Internet in 1991 Phil was the target of a three year criminal investigation Where to get PGP? pgp.com GnuPG (GPG) In the 1990’s, one way to skirt federal export controls was to publish the source code in book form (this was allowed), ship the books to Europe, scan the source code using OCR technology to create the code. Laborious, but legal. Trust model Web of trust Grass roots, bottom up Manual key management

5 S/MIME Secure Multipurpose Internet Mail Extension
Security extension to the MIME Internet format Trust model Hierarchical CAs that issue X.509 certificates Top-down Used by companies and government orgs

6 Key Management Recommended that you use a different public key for signing outgoing and decrypting incoming PGP Generate your own keys You are responsible to distribute In person or through key servers Key signing parties! S/MIME Have your public key signed by a CA Start sending signed Your public key is sent along with a signed message

7 How Secure Email is Sent
The following example is taken from a PGP description Sign-then-encrypt The way that both symmetric encryption and asymmetric encryption are used together is common to many secure messaging systems

8

9

10

11

12

13 How Secure is our ? Until the last decade, most was sent and received in the clear over the network FireSheep prompted webmail providers to use HTTPS to protect browser connections (2010) is usually stored in the clear Free supported by ad revenue Search, spam/malware protection Connections between providers is sometimes encrypted (STARTTLS)

14 Email Encrypted in Transit
HTTPS by default (2010) Mandated HTTPS from the browser (2014)

15 Email Authenticity DKIM (Domain Keys Identified Email)
Providers sign sent from their domain Public key published in DNS Clients validate the signature (problematic) SPF (Sender Policy Framework) Authorized hosts published in DNS Google visual indicators for sent in the clear and not authenticated

16 Why is Secure Email Not Used?
Users accept the risk Usability challenges of key management Chicken and egg problem PGP history of usability studies that failed Why Johnny Can’t Encrypt (1999) Why Johnny Still Can’t Encrypt (2006) Why Johnny Still, Still Can’t Encrypt (2015) – BYU Schneier reacts - Recent success with secure messaging apps supporting end-to-end encryption Signal, WhatsApp, Facebook Messenger, Google Allo Prevents passive attacks Key validation is not done, so active attack may be possible

Download ppt "CS 465 Secure Email Last Updated: Nov 30, 2017."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 8, 2012.

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 8, 2012.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
Masud Hasan 03-60-475 SecueEmail VS Hushmail Project 2.

Masud Hasan Secue VS Hushmail Project 2.

Similar presentations

Ads by Google