Presentation is loading. Please wait.

Presentation is loading. Please wait.

Email Security By Meenal Mandalia. What is Email? Email stands for Electronic Mail. Email much the same as a letter, only that it is exchanged in a different.

Published byJesse Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "Email Security By Meenal Mandalia. What is Email? Email stands for Electronic Mail. Email much the same as a letter, only that it is exchanged in a different."— Presentation transcript:

1 Email Security By Meenal Mandalia

2 What is Email? Email stands for Electronic Mail. Email much the same as a letter, only that it is exchanged in a different. A typical email address format would be:- yourname@yourinternetprovider.com Or yourname@yourinternetprovider.co.uk

3 Security Implications Phishing Spam Spoof Emails

4 Recognising a Spoof Email Spelling and grammatical errors Requires a complete form filling in. Verification of Log In details Advertisement of a competition informing of selection Non-site users may also receive an email from a site they never use. E.g. A customer may receive an email from Barclays bank regarding their online banking details when they don’t hold a Barclays Bank account. Again this would help to identify a spoofing email.

5 What is PGP? Stands for Pretty Good Privacy A program that provides cryptographic privacy and authentication Used for signing, encrypting and decrypting emails PGP was first designed by Zimmermann in the 1990s.

6 What is S/MIME? Stands for Secure Multi-Purpose Internet Mail Extensions MIME (Multipurpose Internet Mail Extension) was developed in the early 1990’s ‘to allow users to send pictures, sound, programs and general attachments’ S/MIME employs secure MIME

7 How does PGP work? PGP uses a public key cryptography method and includes a system which binds the public key to a username

8 Digital Signatures The sender can use PGP to create a digital signature with either the RSA or DSA signature algorithms. Creates a hash (message digest) from the text. Creates a digital signature from using the sender’s private key

9 Web Of Trust First mentioned by Zimmermann It is a protocol A certificate assists with the verification of making sure the public key in a certificate belongs to the user who is claiming it

10 How does S/MIME work? Requires knowledge of how cryptography works 3 examples –Secrecy –Authentication –Both

11 Secrecy Example User 1’s e-mail program creates a random key that will be used in the symmetric cipher. This key is known as the session key, since it is used just for this e-mail session. User 1’s e-mail program encrypts the message with the symmetric cipher, using the session key. User 1’s e-mail program encrypts the session key with public key cryptography, using User 2’s public key. User 1’s e-mail program creates a package of data that includes the encrypted message, the encrypted session key, my x.509 certificate, and identification of the encryption algorithms used. The package of data is sent to User 2. This is an S/MIME e-mail message. When User 2's e-mail program receives the message, it uses User 2's private key to decrypt the session key. Using the session key (and the information about the symmetric cipher) User 2's e-mail program decrypts the message.’

12 Authentication Example User 1’s e-mail program creates a digest of the message, using a hashing function. User 1’s e-mail program encrypts the message digest with public key cryptography, using User 1’s private key. User 1’s e-mail program creates a package of data that includes the original message, the encrypted message digest, my x.509 certificate, and identification of the encryption algorithms used. The package of data is sent to User 2. This is an S/MIME e-mail message. When User 2's e-mail program receives the message, it verifies that User 1’s X.509 certificate is valid and retrieves User 1’s public key from the certificate. User 2's e-mail program uses User 1’s public key to decrypt the message digest. User 2’s e-mail program uses the information about the hashing function to independently compute the message digest of the original message. User 2’s e-mail program compares the decrypted message digest (from User 1) with the message digest it computed. If the two digests match, User 2 can trust the message was not tampered with.’

13 Example of Both ‘To send a message that is both secret and authenticated, the S/MIME techniques shown above simply are nested. the message is authenticated then the authenticated package is made secret Then the secret package is sent to the recipient. The recipient of the message unwraps the package by using their private key to decrypt the session key then decrypts the rest of the package with the session key After decrypting, the remaining data is a signed S/MIME message, which is authenticated as outlined above.’

14 Summary Employing Email Security via software is not the only thing that is required. Users need to be more vigilant with emails and not click or reply to any suspicious emails.

Download ppt "Email Security By Meenal Mandalia. What is Email? Email stands for Electronic Mail. Email much the same as a letter, only that it is exchanged in a different."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Cryptographic Technologies

Cryptographic Technologies
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Electronic Mail Security

Electronic Mail Security
Enhancing Email Security with S/MIME Chuck Connell, www.chc-3.comwww.chc-3.com www.DominoAdministration.comwww.DominoAdministration.com, www.DominoSecurity.org.

Enhancing Security with S/MIME Chuck Connell,
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
AQA Computing A2 © Nelson Thornes 2009 Section 6.4 1 Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Similar presentations

Ads by Google