SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

Slides:

Advertisements

Similar presentations

ITEC559 Secure Internet Protocols

Advertisements

Public Key Infrastructure and Applications

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Cryptographic Technologies

Prepared by:Hussain Awad Supervised by: Dr. Lo’ai Tawalbeh

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Security Jonathan Calazan December 12, 2005.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Cryptography 101 Frank Hecker

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Electronic Mail Security

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Masud Hasan Secue VS Hushmail Project 2.

Cryptography and Network Security Chapter 18

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Electronic mail security. Outline Pretty good privacy S/MIME.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

SEC835 Practical aspects of security implementation Part 1.

Network Security Essentials Chapter 7 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Chapter 15: Electronic Mail Security

CSCE 815 Network Security Lecture 11 Security PGP February 25, 2003.

SECURITY – Chapter 15 SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General.

NETWORK SECURITY.

Security PGP IT352 | Network Security |Najwa AlGhamdi 1.

CSCE 201 Security Fall CSCE Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across.

Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.

Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .

Security fundamentals Topic 9 Securing internet messaging.

Authentication Applications 1. Kerberos 2. Key Management and Distribution 3. X.509 Directory Authentication service 4. Public Key Infrastructure 5. Electronic.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.

CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Prof. Wenguo Wang Network Information Security Prof. Wenguo Wang Tel College of Computer Science QUFU NORMAL UNIVERSITY.

1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME.

Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.

第五章电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.

Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:

Security is one of the most widely used and regarded network services

ELECTRONIC MAIL SECURITY

ELECTRONIC MAIL SECURITY

….for authentication and confidentiality PGP

Presentation transcript:

SMUCSE 5349/49 Security

SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over open networks s stored on potentially insecure clients and mail servers –Loss of integrity No integrity protection on s; body can be altered in transit or on mail server –Lack of data origin authentication –Lack of non-repudiation –Lack of notification of receipt

SMUCSE 5349/7349 Threats Enabled by Disclosure of sensitive information Exposure of systems to malicious code Denial-of-Service (DoS) Unauthorized accesses etc.

SMUCSE 5349/7349 What are the Options Secure the server to client connections (easy thing first) –POP, IMAP over ssh, SSL –https access to webmail –Very easy to configure –Protection against insecure wireless access Secure the end-to-end delivery –The PGPs of the world –Still need to get the other party to be PGP aware –Practical in an enterprise intra-network environment

SMUCSE 5349/7349 based Attacks Active content attack –Clean up at the server (AV, Defang) Buffer over-flow attack –Fix the code Shell script attack –Scan before send to the shell Trojan Horse Attack –Use “do not automatically use the macro” option Web bugs (for tracking) –Mangle the image at the mail server

SMUCSE 5349/7349 SPAM Cost to exceed $10 billion SPAM filtering –Content based – required hits –White list –Black list –Defang MIME

SMUCSE 5349/7349 PGP PGP=“Pretty Good Privacy” First released in 1991, developed by Phil Zimmerman Freeware: OpenPGP and variants: OpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group. – Available as plug-in for popular clients, can also be used as stand-alone software.

SMUCSE 5349/7349 PGP Functionality –Encryption for confidentiality. –Signature for non-repudiation/authenticity. Sign before encrypt, so signatures on unencrypted data - can be detached and stored separately. PGP-processed data is base64 encoded

SMUCSE 5349/7349 PGP Algorithms Broad range of algorithms supported: Symmetric encryption: –DES, 3DES, AES and others. Public key encryption of session keys: –RSA or ElGamal. Hashing: –SHA-1, MD-5 and others. Signature: –RSA, DSS, ECDSA and others.

SMUCSE 5349/7349 PGP Services

SMUCSE 5349/7349 PGP Message

SMUCSE 5349/7349 PGP Key Rings PGP supports multiple public/private keys pairs per sender/recipient. Keys stored locally in a PGP Key Ring – essentially a database of keys. Private keys stored in encrypted form; decryption key determined by user- entered pass-phrase.

SMUCSE 5349/7349 Key Management for PGP Public keys for encrypting session keys / verifying signatures. Private keys for decrypting session keys / creating signatures. Where do these keys come from and on what basis can they be trusted?

SMUCSE 5349/7349 PGP Key Management PGP adopts a trust model called the web of trust. No centralised authority Individuals sign one another’s public keys, these “certificates” are stored along with keys in key rings. PGP computes a trust level for each public key in key ring. Users interpret trust level for themselves.

SMUCSE 5349/7349 PGP Trust Levels Trust levels for public keys dependent on: – Number of signatures on the key; –Trust level assigned to each of those signatures. Trust levels recomputed from time to time.

SMUCSE 5349/7349 PGP Key Mgmt Issues Original intention was that all users would contribute to web of trust. Reality is that this web is sparsely populated. How should security-unaware users assign and interpret trust levels? Later versions of PGP support X.509 certs.

SMUCSE 5349/7349 PGP Message Generation

SMUCSE 5349/7349 PGP Message Generation (cont’d) The sending PGP entity performs the following steps: –Signs the message: PGP gets sender’s private key from key ring using its user id as an index. PGP prompts user for passphrase to decrypt private key. PGP constructs the signature component of the message. –Encrypts the message: PGP generates a session key and encrypts the message. PGP retrieves the receiver public key from the key ring using its user id as an index. PGP constructs session component of message

SMUCSE 5349/7349 PGP Message Reception

SMUCSE 5349/7349 PGP Message Reception The receiving PGP entity performs the following steps: –Decrypting the message: PGP get private key from private-key ring using Key ID field in session key component of message as an index. PGP prompts user for passphrase to decrypt private key. PGP recovers the session key and decrypts the message. –Authenticating the message: PGP retrieves the sender’s public key from the public-key ring using the Key ID field in the signature key component as index. PGP recovers the transmitted message digest. PGP computes the message for the received message and compares it to the transmitted version for authentication.