Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 201 Email Security Fall 2010. CSCE 201 - Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across.

Published bySherman Oliver Modified over 8 years ago

Similar presentations

Presentation on theme: "CSCE 201 Email Security Fall 2010. CSCE 201 - Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across."— Presentation transcript:

1 CSCE 201 Email Security Fall 2010

2 CSCE 201 - Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across different architectures and platforms Send e-mail to others connected directly or indirectly to the Internet regardless of host operating systems and protocols NEED: – Authentication – Confidentiality

3 CSCE 201 - Farkas3 Why Email Security? Message confidentiality Message integrity Sender authentication Nonrepudiation

4 How email works? TCP sub-protocols: – Simple Mail Transfer Protocol (SMTP): outgoing mail, port 25 – Post Office Protocol (POP): incoming mail, port 110 CSCE 201 - Farkas4 SMTP POP3 Sender Receiver Internet

5 Internet Mail Access Protocol POP3: email is downloaded to the client’s computer and deleted from the server IMAP4: email remains on the server – Can be organized into folders – Can be accessed remotely – Can be used offline CSCE 201 - Farkas5

6 Email attacks Spam: unsolicited email – Costly: time spent on looking at and deleting email – Text, image spam Protection: spam filters – Set level of spam email protection – Block specific senders (black list) – Allow only specific senders (white list) – Block top level domains CSCE 201 - Farkas6

7 Email Attacks Malicious attachments and embedded hyperlink – Virus, spyware, adware, etc. Protection: – Malware detection tool – Read messages using a reading pane – Block external content – Preview attachments – Use email postmark CSCE 201 - Farkas7

8 8 Secure E-mail Approaches PEM: Privacy-Enhanced Mail S/MIME PGP: Pretty good Privacy

9 CSCE 201 - Farkas9 Pretty Good Privacy Phil Zimmermann (early 90’) Confidentiality and authentication for – Electronic mail and – Storage applications

10 CSCE 201 - Farkas10 PGP – Evolution 1.Best available cryptographic algorithms (90’) 2.Integrate these algorithms such that 1.Independent of operating system and processor 2.Based on a small set of commands 3.Make the application and the documentation available through the Internet 4.Agreement with a company to provide compatible, low-cost commercial version of PGP

11 CSCE 201 - Farkas11 PGP - Usage PGP became widely used within a few years – Available worldwide for different platforms – Based on proven secure algorithms such as RSA, IDEA, MD5 – Wide range of applicability – Was not developed or controlled by government standards

12 CSCE 201 - Farkas12 PGP Services  Digital Signature: RSA, MD5  Hash code of message is created using MD5, encrypted using RSA, with sender’s private key, and attached to the message  Confidentiality: RSA, IDEA  Message is encrypted using IDEA, with one-time session key generated by the sender, session key is encrypted, using RSA and the recipient’s public key, and attached to the message

13 CSCE 201 - Farkas13 PGP Services  Compression: ZIP  Message may be compressed for storage or transmission  E-mail compatibility  Encrypted message is converted to ACSII string  Segmentation  To accommodate maximum message size, PGP performs segmentation and reassembly

Download ppt "CSCE 201 Email Security Fall 2010. CSCE 201 - Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across."

Similar presentations

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Lesson 7: Business, , & Personal Information Management

Lesson 7: Business, , & Personal Information Management
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

Similar presentations

Ads by Google