Email Security Jonathan Calazan December 12, 2005.

Slides:

Advertisements

Similar presentations

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Advertisements

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

PGP Overview 2004/11/30 Information-Center meeting peterkim.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Tools and Techniques of Encryption Jeremy Malcolm A presentation to WASCAL on 29 May 1996.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Guide to Operating System Security Chapter 10 Security.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Security+ All-In-One Edition Chapter 14 – and Instant Messaging Brian E. Brzezicki.

1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.

Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.

Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.

1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.

NETWORK SECURITY.

Security PGP IT352 | Network Security |Najwa AlGhamdi 1.

Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.

Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .

Security fundamentals Topic 9 Securing internet messaging.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Secure  Message interception (confidentiality)  Message interception (blocked delivery)  Message interception and subsequent replay  Message.

7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

第五章电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.

Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:

Chapter 5a - Pretty Good Privacy (PGP)

Key management issues in PGP

Security is one of the most widely used and regarded network services

Unit 3 Section 6.4: Internet Security

Security Pretty Good Privacy (PGP)

Misc. Security Items.

CS 465 Secure Last Updated: Nov 30, 2017.

S/MIME T ANANDHAN.

Module 4 System and Application Security

Electronic Mail Security

Cryptography and Network Security

Presentation transcript:

Security Jonathan Calazan December 12, 2005

Threats to Message interception s sent in clear text over the Internet. Message modification Anyone with system admin rights on the mail servers your message visits can not only read your message, but also delete or change the message before it reaches its destination (and the recipient won’t be able to tell if the message has been modified). False messages It is very easy to create an with someone else’s name and address. SMTP servers don’t check for sender authenticity.

Threats to Message Replay Messages can be saved, modified, and re-sent later. Repudiation You can’t prove that someone sent you a message since messages can be forged.

Solutions First, let’s review the requirements for secure . Sender authenticity Nonrepudiation Message integrity Message confidentiality

Solutions What do we need to meet these requirements? Digital Signatures Solves integrity, authenticity, and nonrepudiation problems. Encryption Solves confidentiality problem.

Secure Systems Both of these systems provide encryption and digital signatures for security. Secure Multipurpose Internet Mail Extensions (S/MIME) Pretty Good Privacy (PGP)

S/MIME Developed by RSA Data Security, Inc. The Internet standard for secure attachments. Integrated into many commercial clients, such as Microsoft Outlook, Netscape Communicator, and Lotus Notes (making it likely to dominate the secure market). Encourages users to obtain a Digital Certificate from a reliable Certification Authority (CA) (you can get a free one from here:

S/MIME S/MIME-aware clients automatically detect the presence of the signature if the certificate was validated by a well-known CA.

PGP Invented by Phil Zimmerman in Originally free, became a commercial product after being bought by Network Associates in 1996 (freeware version is still available here: Available as a plug-in for popular clients. Can also be used as a stand-alone software. There is no centralized authority.

PGP Addresses the key distribution problem with a trust model called “web of trust.” Users create their own self-signed certificates, which can be later signed by others. Users interpret trust level for themselves.

Problems with Secure Many people don’t use it because: They don’t know how. Difficulties of obtaining a Digital Certificate. S/MIME and PGP schemes do not protect the sender against a recipient claiming not to have received the message. It is still possible to create fake certificates (Class-1 and Class-2 certificates which can be obtained online) if you know enough information about a person. Key availability and migration

Other Useful Links Trace the source of the s (using the header). tm tm Check to see if the sender is a known spammer.

Sources security.html security.html richardson.net/misc/security.html richardson.net/misc/security.html onferenceseries/gregackerman pdf onferenceseries/gregackerman pdf ges/Netadvicesecurity.shtml ges/Netadvicesecurity.shtml sig.htm sig.htm