Presentation is loading. Please wait.

Presentation is loading. Please wait.

Email Security By Meenal Mandalia. What is Email? Email stands for Electronic Mail. Email much the same as a letter, only that it is exchanged in a different.

Similar presentations


Presentation on theme: "Email Security By Meenal Mandalia. What is Email? Email stands for Electronic Mail. Email much the same as a letter, only that it is exchanged in a different."— Presentation transcript:

1 Email Security By Meenal Mandalia

2 What is Email? Email stands for Electronic Mail. Email much the same as a letter, only that it is exchanged in a different. A typical email address format would be:- yourname@yourinternetprovider.com Or yourname@yourinternetprovider.co.uk

3 Security Implications Phishing Spam Spoof Emails

4 Recognising a Spoof Email Spelling and grammatical errors Requires a complete form filling in. Verification of Log In details Advertisement of a competition informing of selection Non-site users may also receive an email from a site they never use. E.g. A customer may receive an email from Barclays bank regarding their online banking details when they don’t hold a Barclays Bank account. Again this would help to identify a spoofing email.

5 What is PGP? Stands for Pretty Good Privacy A program that provides cryptographic privacy and authentication Used for signing, encrypting and decrypting emails PGP was first designed by Zimmermann in the 1990s.

6 What is S/MIME? Stands for Secure Multi-Purpose Internet Mail Extensions MIME (Multipurpose Internet Mail Extension) was developed in the early 1990’s ‘to allow users to send pictures, sound, programs and general attachments’ S/MIME employs secure MIME

7 How does PGP work? PGP uses a public key cryptography method and includes a system which binds the public key to a username

8 Digital Signatures The sender can use PGP to create a digital signature with either the RSA or DSA signature algorithms. Creates a hash (message digest) from the text. Creates a digital signature from using the sender’s private key

9 Web Of Trust First mentioned by Zimmermann It is a protocol A certificate assists with the verification of making sure the public key in a certificate belongs to the user who is claiming it

10 How does S/MIME work? Requires knowledge of how cryptography works 3 examples –Secrecy –Authentication –Both

11 Secrecy Example User 1’s e-mail program creates a random key that will be used in the symmetric cipher. This key is known as the session key, since it is used just for this e-mail session. User 1’s e-mail program encrypts the message with the symmetric cipher, using the session key. User 1’s e-mail program encrypts the session key with public key cryptography, using User 2’s public key. User 1’s e-mail program creates a package of data that includes the encrypted message, the encrypted session key, my x.509 certificate, and identification of the encryption algorithms used. The package of data is sent to User 2. This is an S/MIME e-mail message. When User 2's e-mail program receives the message, it uses User 2's private key to decrypt the session key. Using the session key (and the information about the symmetric cipher) User 2's e-mail program decrypts the message.’

12 Authentication Example User 1’s e-mail program creates a digest of the message, using a hashing function. User 1’s e-mail program encrypts the message digest with public key cryptography, using User 1’s private key. User 1’s e-mail program creates a package of data that includes the original message, the encrypted message digest, my x.509 certificate, and identification of the encryption algorithms used. The package of data is sent to User 2. This is an S/MIME e-mail message. When User 2's e-mail program receives the message, it verifies that User 1’s X.509 certificate is valid and retrieves User 1’s public key from the certificate. User 2's e-mail program uses User 1’s public key to decrypt the message digest. User 2’s e-mail program uses the information about the hashing function to independently compute the message digest of the original message. User 2’s e-mail program compares the decrypted message digest (from User 1) with the message digest it computed. If the two digests match, User 2 can trust the message was not tampered with.’

13 Example of Both ‘To send a message that is both secret and authenticated, the S/MIME techniques shown above simply are nested. the message is authenticated then the authenticated package is made secret Then the secret package is sent to the recipient. The recipient of the message unwraps the package by using their private key to decrypt the session key then decrypts the rest of the package with the session key After decrypting, the remaining data is a signed S/MIME message, which is authenticated as outlined above.’

14 Summary Employing Email Security via software is not the only thing that is required. Users need to be more vigilant with emails and not click or reply to any suspicious emails.


Download ppt "Email Security By Meenal Mandalia. What is Email? Email stands for Electronic Mail. Email much the same as a letter, only that it is exchanged in a different."

Similar presentations


Ads by Google