Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Analysis of IMAP Security CMPE 209 Presented By Divya Panchal Bepsy Paul Menachery.

Published byMelanie Hamilton Modified over 8 years ago

Similar presentations

Presentation on theme: "An Analysis of IMAP Security CMPE 209 Presented By Divya Panchal Bepsy Paul Menachery."— Presentation transcript:

1 An Analysis of IMAP Security CMPE 209 Presented By Divya Panchal Bepsy Paul Menachery

2 Agenda What is IMAP State Flow Diagram Advantages of IMAP over POP3 Analysis of IMAP Security Future of IMAP Security Conclusion

3 What is IMAP IMAP – Internet Message Access Protocol It is the most popular Internet Standard Protocol to retrieve email The other protocol is POP3 It will allow a client to access and manipulate electronic mail messages on server IMAP4version1 assumes a reliable data stream such as that provided by TCP When TCP is used IMAP4version 1 will listen on port 143

4 State Flow Diagram Not Authenticated Logout Both sides close the connection 1 2 3 4 5 6 7 Connection Establishment Server Greeting Selected Authenticated Client Client Command [tag] [string line] Server Command [tag] [+] or [*] [string] Server

5 Advantages of IMAP over POP3 FeaturesIMAPPOP Where is INBOX being stored?  Email Server Where are Mail Folders being stored?  Email Server  Mainly on User's own local desktop Can Mail Folders be created on Mail Server?  Yes  No, only on User's own local desktop Can Mail Folders be created on local desktop?  Yes Can Mail Folders be accessed from different computers, like the PC at home, in office, or from oversea?  Yes  No, only on the local desktop the mail being saved Typical Email Clients Netscape Messenger Outlook Express Outlook 2000 Outlook 98 PINE MailDrop, etc Eudora Outlook 97, etc

6 Analysis of IMAP Security The basic IMAP sends username and pass word in clear To secure IMAP, the use of Kerberos was recommended as part of SASL proposal Another method is to use SSH for securing the IMAP messages. A perfect solution is to use SSL or SSL wrapper to encrypt both login information and data in the messages.

7 Analysis of IMAP Security (contd.) The restriction of LOGIN command usage Recommended use of STARTTLS Must used cipher suite - TLS_RSA_WITH_RC4_128_MD5 [TLS] Recommended cipher suite - TLS_DHE_DSS_WITH_3DES_EDE_CBC_ SHA [TLS]

8 Future of IMAP Security With the demand for universal multi-device connectivity, IMAP is best suited for accessing email from different devices simultaneously The importance of IMAP for both back-end and front-end user interfaces are increasingly popular IMAP for use with client devices such as PDAs, Palm OS, Win CE and cell phones are becoming popular Use of IMAP in messaging products are an essential requirement in the market

9 Conclusion IMAP when used by itself is not secure IMAP used with secure mechanisms such as SSH, SSL or Kerberos is secure With the demand for universal multi- device connectivity, the future of IMAP is very promising

10 Refrences http://tools.ietf.org/html/rfc3501 http://en.wikipedia.org/wiki/Internet_Message_Acces s_Protocol http://en.wikipedia.org/wiki/Internet_Message_Acces s_Protocol http://www.ust.hk/itsc/email/tips/imap-or-pop.html http://www.coruscant.demon.co.uk/mike/imap/securi ty.html http://www.coruscant.demon.co.uk/mike/imap/securi ty.html http://security.fi.infn.it/tools/stunnel/index-en.html Managing IMAP, 1st Editionby Dianna Mullet; Kevin MulletDianna MulletKevin Mullet

11 Q &A

Download ppt "An Analysis of IMAP Security CMPE 209 Presented By Divya Panchal Bepsy Paul Menachery."

Similar presentations

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.
HEPNT/HEPiX meeting Oct 6, 1999 1 Securing mail access with Kerberos and SSL Wolfgang Friebel DESY.

HEPNT/HEPiX meeting Oct 6, Securing mail access with Kerberos and SSL Wolfgang Friebel DESY.
CPSC 441: FTP & SMTP1 Application Layer: FTP & Instructor: Carey Williamson Office: ICT 740 Class.

CPSC 441: FTP & SMTP1 Application Layer: FTP & Instructor: Carey Williamson Office: ICT Class.
Chapter 2: Application layer  2.1 Web and HTTP  2.2 FTP 2-1 Lecture 5 Application Layer.

Chapter 2: Application layer  2.1 Web and HTTP  2.2 FTP 2-1 Lecture 5 Application Layer.
Electronic Mail and SMTP

Electronic Mail and SMTP
Chapter 2: Application layer  2.1 Web, HTTP and HTML (We will continue…)  2.2 FTP  2.3 SMTP 9/22/2009 Lecture 7, MAT 279, Fall 2009 1.

Chapter 2: Application layer  2.1 Web, HTTP and HTML (We will continue…)  2.2 FTP  2.3 SMTP 9/22/2009 Lecture 7, MAT 279, Fall
POP3 Post Office Protocol v.3. Intro The Post Office Protocol (POP) is currently the most popular TCP/IP e-mail access and retrieval protocol. It implements.

POP3 Post Office Protocol v.3. Intro The Post Office Protocol (POP) is currently the most popular TCP/IP access and retrieval protocol. It implements.
Esimerkki: Sähköposti. Lappeenranta University of Technology / JP, PH, AH Electronic Mail Three major components: user agents mail servers simple mail.

Esimerkki: Sähköposti. Lappeenranta University of Technology / JP, PH, AH Electronic Mail Three major components: user agents mail servers simple mail.
26.1 Chapter 26 Remote Logging, Electronic Mail, and File Transfer Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.

26.1 Chapter 26 Remote Logging, Electronic Mail, and File Transfer Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.
POP Email Configuration Microsoft Outlook Express 6.x.

POP Configuration Microsoft Outlook Express 6.x.
Introduction 1 Lecture 7 Application Layer (FTP, e-mail) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.
College Collaboration System User Office Desktop USC Mail Server College Mail Server User Home Desktop Net USC College.

College Collaboration System User Office Desktop USC Mail Server College Mail Server User Home Desktop Net USC College.
Mail Server Fitri Setyorini. Content SMTP POP3 How mail server works IMAP.

Mail Server Fitri Setyorini. Content SMTP POP3 How mail server works IMAP.
E-mail-I CS-3505 Wb_e-mail-I.ppt. Email 4 The most useful feature of the internet 4 Lots of different email programs, but most of them can talk to each.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.
POP Email Configuration Microsoft Outlook 2002. What is POP? Short for Post Office Protocol, a protocol used to retrieve e-mail from a mail server. Most.

POP Configuration Microsoft Outlook What is POP? Short for Post Office Protocol, a protocol used to retrieve from a mail server. Most.
2: Application Layer1 Chapter 2 Application Layer These slides derived from Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross.

2: Application Layer1 Chapter 2 Application Layer These slides derived from Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross.
Electronic Mail (SMTP, POP, IMAP, MIME)

Electronic Mail (SMTP, POP, IMAP, MIME)
Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.

Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.
SMTP, POP3, IMAP.

SMTP, POP3, IMAP.

Similar presentations

Ads by Google