Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITA, 3.11.2011, 7-SecureEmail.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA)

Published byBarbra Gray Modified over 9 years ago

Similar presentations

Presentation on theme: "ITA, 3.11.2011, 7-SecureEmail.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA)"— Presentation transcript:

1 ITA, 3.11.2011, 7-SecureEmail.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 7 Secure Email

2 ITA, 3.11.2011, 7-SecureEmail.pptx 2 Security Protocols for the OSI Stack Application layerssh, S/MIME, PGP, Kerberos, WSSTransport layerSSL, TLSNetwork layerIPsecData Link layer[PPTP, L2TP], IEEE 802.1X, IEEE 802.1AE, IEEE 802.11i (WPA2) Physical layerQuantum CryptographyCommunication layersSecurity protocols

3 ITA, 3.11.2011, 7-SecureEmail.pptx 3 Internet Security 1 (IntSi1) 7.1 S/MIME

4 ITA, 3.11.2011, 7-SecureEmail.pptx 4 MIME – Multipurpose Internet Mail Extension RFC 1521 / RFC 1522 --boundary1 Content–Type: text/plain; charset=us-ascii Dear Neo, please study the attached Word document. --boundary1 Content–Type: application/msword; name="Matrix.doc" Content–Transfer–Encoding: base64 ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfH 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbTrfv= --boundary1-- From: trinity@matrix.org To: neo@matrix.org MIME–Version: 1.0 Content–Type: multipart/mixed; boundary=boundary1

5 ITA, 3.11.2011, 7-SecureEmail.pptx 5 S/MIME – Signed Message Format I RFC 1847 / RFC 2311 / PKCS #7 Content–Type: multipart/signed; protocol="application/pkcs7–signature"; micalg=sha1; boundary=boundary1 --boundary1 Content–Type: text/plain This is a clear-signed message. --boundary1 Content–Type: application/pkcs7–signature; name=smime.p7s Content–Transfer-Encoding: base64 Content–Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfH 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbTrfv= --boundary1-- MIME entity to be signed

6 ITA, 3.11.2011, 7-SecureEmail.pptx 6 S/MIME – Signed Message comprising Multiple Attachments Content–Type: multipart/signed; protocol="application/pkcs7–signature"; micalg=sha1; boundary=boundary1 --boundary1 Content–Type: multipart/mixed; boundary=boundary2... multipart message with various MIME-types... --boundary1 Content–Type: application/pkcs7–signature; name=smime.p7s Content–Transfer-Encoding: base64 Content–Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfH 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbTrfv= --boundary1--

7 ITA, 3.11.2011, 7-SecureEmail.pptx 7 PKCS #7 – Public Key Cryptography Standard Cryptographic Message Syntax Standard version digestAlgorithms contentInfo certificates (OPTIONAL) crls (OPTIONAL) signerInfos (SET OF) ASN.1 structure for the SignedData content type ASN.1 structure for the SignerInfo type version issuerAndSerialNumber digestAlgorithm authenticatedAttributes digestEncryptionAlgorithm encryptedDigest unauthenticatedAttributes several signers possible empty field (content carried in separate MIME entity) signature

8 ITA, 3.11.2011, 7-SecureEmail.pptx 8 Signed Message with Multiple Signatures MIME Entity (single-part or multi-part) Digest Algorithm #1 Signature #1 Private Key #1 Digest Algorithm #2 Signature #2 Private Key #2 Digest Algorithm #n Signature #n Private Key #n

9 ITA, 3.11.2011, 7-SecureEmail.pptx 9 Signed Email Message Microsoft Outlook 2007

10 ITA, 3.11.2011, 7-SecureEmail.pptx 10 S/MIME – Signed Message Format II RFC 2311 / PKCS #7 Content–Type: application/pkcs7–mime; smime–type=signed–data; name=smime.p7m Content–Transfer-Encoding: base64 Content–Disposition: attachment; filename=smime.p7m ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfH 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbTrfv= MIME content carried within PKCS#7 Signed Data Object This alternative signing format is optionally used by MS Outlook Pro: MIME content is not prone to changes of the transfer encoding enforced by intermediate mail transfer agents. Contra: In order to read the emedded MIME message, the receiver‘s mail client must support S/MIME.

11 ITA, 3.11.2011, 7-SecureEmail.pptx 11 S/MIME – Configuration Options Microsoft Outlook 2007

12 ITA, 3.11.2011, 7-SecureEmail.pptx 12 S/MIME – Encrypted Message Format RFC 2311 / PKCS #7 Content–Type: application/pkcs7–mime; smime–type=enveloped–data; name=smime.p7m Content–Transfer-Encoding: base64 Content–Disposition: attachment; filename=smime.p7m ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfH 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbTrfv= version recipientInfos encryptedContentInfo ASN.1 structure for the EnvelopedData content type several recipients possible (encrypted symmetric key ) contentType contentEncryptionAlgorithm encryptedContent encrypted MIME entity (single-part or multi-part)

13 ITA, 3.11.2011, 7-SecureEmail.pptx 13 Encrypted Message with Multiple Recipients Envelope using Symmetric Encryption MIME Entity (single-part or multi-part) Random Key Symmetric Encryption Algorithm Encrypted MIME Entity Encrypted Key #n Public Key #n Encrypted Key #2 Public Key #2 Encrypted Key #1 Public Key #1

14 ITA, 3.11.2011, 7-SecureEmail.pptx 14 Encrypted Email Message Microsoft Outlook 2007

15 ITA, 3.11.2011, 7-SecureEmail.pptx 15 Signed and Encrypted Email Messages Mozilla Thunderbird

16 ITA, 3.11.2011, 7-SecureEmail.pptx 16 S/MIME – Signed and Encrypted Messages I Signing before Encryption MIME entity to be encrypted Signature(s) not visible before decryption (Anonymity) Content–Type: application/pkcs7–mime; smime–type=signed–data;... signedData SignedData ::= {... contentInfo } MIME entity to be signed Content–Type: application/pkcs7–mime; smime–type=enveloped–data;... envelopedData EnvelopedData ::= {... encryptedContentInfo } encrypted MIME entity

17 ITA, 3.11.2011, 7-SecureEmail.pptx 17 S/MIME – Signed and Encrypted Messages II Encryption before Signing MIME entity to be signed Signature(s) can be checked before decryption (Trust) Content–Type: application/pkcs7–mime; smime–type=signed–data;... signedData SignedData ::= {... contentInfo } Content – Type: application/pkcs7–mime; smime–type=enveloped–data;... envelopedData EnvelopedData ::= {... encryptedContentInfo } encrypted MIME entity MIME entity to be signed

18 ITA, 3.11.2011, 7-SecureEmail.pptx 18 Signing before Encryption Microsoft Outlook 2007

19 ITA, 3.11.2011, 7-SecureEmail.pptx 19 S/MIME – Managing Certificates Mozilla Thunderbird

20 ITA, 3.11.2011, 7-SecureEmail.pptx 20 S/MIME – Certificates (own and other people‘s) Mozilla Thunderbird

21 ITA, 3.11.2011, 7-SecureEmail.pptx 21 S/MIME – Certification Authorities Mozilla Thunderbird

22 ITA, 3.11.2011, 7-SecureEmail.pptx 22 S/MIME – Account Settings Mozilla Thunderbird

23 ITA, 3.11.2011, 7-SecureEmail.pptx 23 S/MIME Summary Antje Kool CA #2 AntjeBodo Sign Dear Bodo, … Antje Sign with private key Verify with public key Kool CA #0 AntjeBodo Encrypt Antje Kool CA #2 Dear Antje, … Bodo Decrypt with private key Encrypt with public key Bob Kool CA #3

Download ppt "ITA, 3.11.2011, 7-SecureEmail.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA)"

Similar presentations

Kommunikationssysteme (KSy) - Block 8

Kommunikationssysteme (KSy) - Block 8
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Cryptography and Network Security Sixth Edition by William Stallings.

Cryptography and Network Security Sixth Edition by William Stallings.
E-mail Security: PGP and S/MIME. 2 Outline  PGP – services – message format – key management – trust management  S/MIME – services – message formats.

Security: PGP and S/MIME. 2 Outline  PGP – services – message format – key management – trust management  S/MIME – services – message formats.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
S/MIME.

S/MIME.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
CSc 8222 Network Security Email Security WenZhan Song Cryptography and Network Security1.

CSc 8222 Network Security Security WenZhan Song Cryptography and Network Security1.

Similar presentations

Ads by Google