Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principle, utilization and limitations for secure electronic mail systems FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Segurança em Sistemas Informáticos.

Published byLoreen Washington Modified over 9 years ago

Similar presentations

Presentation on theme: "Principle, utilization and limitations for secure electronic mail systems FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Segurança em Sistemas Informáticos."— Presentation transcript:

1 Principle, utilization and limitations for secure electronic mail systems FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Segurança em Sistemas Informáticos 2009/2010 Lindomar Bandeira Rocha

2  Inline Encoding ( clearsigning )  Older choice  Good for basic email messages  PGP/MIME  More modern choice  Attachment-based 2OpenPGP : Principle, utilization and limitations for secure electronic mail systems

3  Occurs directly within the body of the email message.  OpenPGP signature at the end of the message.  Encrypted message replaces the original message body completely. 3OpenPGP : Principle, utilization and limitations for secure electronic mail systems

4  Inline- encrypted message opened without using OpenPGP program: 4OpenPGP : Principle, utilization and limitations for secure electronic mail systems

5 DISADVANTAGES :  Non- English caracter sets;  Attachments;  Binary documents;  Mail servers can corrupt clearsigned messages.  Non- English caracter sets;  Attachments;  Binary documents;  Mail servers can corrupt clearsigned messages. ADVANTAGES:  Read by any mail client. 5OpenPGP : Principle, utilization and limitations for secure electronic mail systems

6  Attachment-based:  Encrypted message send as attachment;  Signed message and signatures send as attachment;  Attachments are encrypted and attached. 6OpenPGP : Principle, utilization and limitations for secure electronic mail systems

7 DISADVANTAGES:  Not supported by all mail Clients ADVANTAGES:  Mail servers never modifies attachments;  Mail clients treat attachments as separated objects;  Simple to encrypt different character sets or binary files.  Mail servers never modifies attachments;  Mail clients treat attachments as separated objects;  Simple to encrypt different character sets or binary files. OpenPGP : Principle, utilization and limitations for secure electronic mail systems7

8  Proxies  sits between your email client and your mail server.  Plug – Ins  integrates with your email client. 8OpenPGP : Principle, utilization and limitations for secure electronic mail systems

9 DISADVANTAGES:  Configure signing, encryption, and decryption in the proxy;  Won’t get an “encrypt and sign” button or menu option;  Have to open the proxy program and say “Encrypt all messages now” or “Encrypt messages to this email address.”  Configure signing, encryption, and decryption in the proxy;  Won’t get an “encrypt and sign” button or menu option;  Have to open the proxy program and say “Encrypt all messages now” or “Encrypt messages to this email address.” ADVANTAGES:  Works with any mail client; 9OpenPGP : Principle, utilization and limitations for secure electronic mail systems

10 DISADVANTAGES:  Each mail client plug-in is unique;  Each behaves slightly differently ;  Has a different interface.  Each mail client plug-in is unique;  Each behaves slightly differently ;  Has a different interface. ADVANTAGES:  Provides “sign” and “encrypt” buttons directly within the client;  Is written to look like it’s part of the mail client program.  Provides “sign” and “encrypt” buttons directly within the client;  Is written to look like it’s part of the mail client program. 10OpenPGP : Principle, utilization and limitations for secure electronic mail systems

11  When you send someone encrypted email, the reader must use the recipient’s private key to read it. However, because you don’t have the recipient’s private key, you can’t read the mail that you sent, even though you created it! 11OpenPGP : Principle, utilization and limitations for secure electronic mail systems

12 Email are not protected on your hard drive. Save all your Email on an encrypted disk partition. Another popular option is to also “Encrypt to self”. 12OpenPGP : Principle, utilization and limitations for secure electronic mail systems

13  Expand my Web of Trust  Trace the Web of Trust to that person  Use the key but limit my trust of the sender 13OpenPGP : Principle, utilization and limitations for secure electronic mail systems

14  PGP pathfinder  trace the path through the Web of Trust between any two OpenPGP keys  use the keyid for the two keys involved  Based on WOTSAP, Python program designed to trace relashionships between keys 14OpenPGP : Principle, utilization and limitations for secure electronic mail systems

15  OpenPGP does not encrypt subject lines in email.  Email messages sent with PGP should have innocuous subjects (or perhaps no subject at all)  Mail client might default to storing unencrypted versions of the OpenPGP emails that you send. 15OpenPGP : Principle, utilization and limitations for secure electronic mail systems

Download ppt "Principle, utilization and limitations for secure electronic mail systems FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Segurança em Sistemas Informáticos."

Similar presentations

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,

CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Lesson 7: Business, , & Personal Information Management

Lesson 7: Business, , & Personal Information Management
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Tony BrettOUCS Course Code ZAB 9 February 2004 E-Mail Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.

Tony BrettOUCS Course Code ZAB 9 February Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
Deployment Models A.e-Mail client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B.e-Mail client using Native S/MIME »Internet.

Deployment Models A. client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B. client using Native S/MIME »Internet.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Email Anya Brookman. How to create a new message Unwanted messages Folders Messages you have sent to someone Logging out when you have finished sending.

Anya Brookman. How to create a new message Unwanted messages Folders Messages you have sent to someone Logging out when you have finished sending.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Similar presentations

Ads by Google