Email Security By Meenal Mandalia. What is Email? Email stands for Electronic Mail. Email much the same as a letter, only that it is exchanged in a different.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure and Applications

Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.

Principles of Information Security, 2nd edition1 Cryptography.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Cryptographic Technologies

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Electronic mail security -- Pretty Good Privacy.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

Electronic Mail Security

Enhancing Security with S/MIME Chuck Connell,

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Cryptography. Introduction Encryption  The art (or science) of putting messages into a code, and the study of those coding techniques. Decryption  The.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Chapter 15: Electronic Mail Security

NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,

Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Pretty Good Privacy (PGP) Security for Electronic .

Welcome to the Introduction of Digital Signature Submitted By: Ankit Saxena.

Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .

Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Privacy and Security Topics From Greenlaw/Hepp, In-line/On-line: Fundamentals of the Internet and the World Wide Web 1 Introduction Known Information Software.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

M2 Encryption techniques Gladys Nzita-Mak. What is encryption? Encryption is the method of having information such as text being converted into a format.

2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.

第五章电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.

Unit 3 Section 6.4: Internet Security

Security is one of the most widely used and regarded network services

Unit 3 Section 6.4: Internet Security

e-Health Platform End 2 End encryption

Keys Campbell R. Harvey Duke University, NBER and

Campbell R. Harvey Duke University and NBER

Security at the Application Layer: PGP and S/MIME

Pooja programmer,cse department

ELECTRONIC MAIL SECURITY

Campbell R. Harvey Duke University and NBER

ELECTRONIC MAIL SECURITY

The Secure Sockets Layer (SSL) Protocol

Electronic Mail Security

Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,

Presentation transcript:

Security By Meenal Mandalia

What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different. A typical address format would be:- Or

Security Implications Phishing Spam Spoof s

Recognising a Spoof Spelling and grammatical errors Requires a complete form filling in. Verification of Log In details Advertisement of a competition informing of selection Non-site users may also receive an from a site they never use. E.g. A customer may receive an from Barclays bank regarding their online banking details when they don’t hold a Barclays Bank account. Again this would help to identify a spoofing .

What is PGP? Stands for Pretty Good Privacy A program that provides cryptographic privacy and authentication Used for signing, encrypting and decrypting s PGP was first designed by Zimmermann in the 1990s.

What is S/MIME? Stands for Secure Multi-Purpose Internet Mail Extensions MIME (Multipurpose Internet Mail Extension) was developed in the early 1990’s ‘to allow users to send pictures, sound, programs and general attachments’ S/MIME employs secure MIME

How does PGP work? PGP uses a public key cryptography method and includes a system which binds the public key to a username

Digital Signatures The sender can use PGP to create a digital signature with either the RSA or DSA signature algorithms. Creates a hash (message digest) from the text. Creates a digital signature from using the sender’s private key

Web Of Trust First mentioned by Zimmermann It is a protocol A certificate assists with the verification of making sure the public key in a certificate belongs to the user who is claiming it

How does S/MIME work? Requires knowledge of how cryptography works 3 examples –Secrecy –Authentication –Both

Secrecy Example User 1’s program creates a random key that will be used in the symmetric cipher. This key is known as the session key, since it is used just for this session. User 1’s program encrypts the message with the symmetric cipher, using the session key. User 1’s program encrypts the session key with public key cryptography, using User 2’s public key. User 1’s program creates a package of data that includes the encrypted message, the encrypted session key, my x.509 certificate, and identification of the encryption algorithms used. The package of data is sent to User 2. This is an S/MIME message. When User 2's program receives the message, it uses User 2's private key to decrypt the session key. Using the session key (and the information about the symmetric cipher) User 2's program decrypts the message.’

Authentication Example User 1’s program creates a digest of the message, using a hashing function. User 1’s program encrypts the message digest with public key cryptography, using User 1’s private key. User 1’s program creates a package of data that includes the original message, the encrypted message digest, my x.509 certificate, and identification of the encryption algorithms used. The package of data is sent to User 2. This is an S/MIME message. When User 2's program receives the message, it verifies that User 1’s X.509 certificate is valid and retrieves User 1’s public key from the certificate. User 2's program uses User 1’s public key to decrypt the message digest. User 2’s program uses the information about the hashing function to independently compute the message digest of the original message. User 2’s program compares the decrypted message digest (from User 1) with the message digest it computed. If the two digests match, User 2 can trust the message was not tampered with.’

Example of Both ‘To send a message that is both secret and authenticated, the S/MIME techniques shown above simply are nested. the message is authenticated then the authenticated package is made secret Then the secret package is sent to the recipient. The recipient of the message unwraps the package by using their private key to decrypt the session key then decrypts the rest of the package with the session key After decrypting, the remaining data is a signed S/MIME message, which is authenticated as outlined above.’

Summary Employing Security via software is not the only thing that is required. Users need to be more vigilant with s and not click or reply to any suspicious s.