Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Published byJesse Chambers Modified over 7 years ago

Similar presentations

Presentation on theme: "Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1."— Presentation transcript:

1 Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1

2  Pretty Good Privacy  Notation  Operational Description  Cryptographic Keys  S/MIME  RFCs  S/MIME Functions

3  Pretty Good Privacy (PGP): data encryption/decryption computer program  privacy& authentication data communication  PGP signing, encrypting/decrypting texts, e-mails, files increase the security of e-mail communications  Created by Phil Zimmermann 1991 provides Used in Used for in

4 1. Available free worldwide (Windows, UNIX, Macintosh) 2. Based on algorithms considered extremely secure  RSA, DSS, and Diffie-Hellman for public-key encryption  CAST-128, IDEA, and 3DES for symmetric encryption  SHA-1 for hash coding 3. Wide range of applicability (encrypting files and messages to individuals who wish to communicate securely) 4. Not developed by, nor controlled by, any governmental or standards organization 5. PGP on an Internet standards track (RFC 3156; MIME Security)

5

6 Radix-64 is a group of binary- to- text encoding schemes that represent binary data in an ASCII code.

7 NotationDescription KsKs session key used in symmetric encryption scheme PR a private key of user A, used in public-key encryption scheme PU a public key of user A, used in public-key encryption scheme EPpublic-key encryption DPpublic-key decryption ECsymmetric encryption DCsymmetric decryption Hhash function Z Z -1 compression using ZIP algorithm decompression R64conversion to radix 64 ASCII format ││concatenation

8 PGP Cryptographic Functions

9 a: Digital signature service provided by PGP (Authentication) 1. The sender creates a message 2. SHA-1 is used to generate a 160-bit hash code of the message 3. The hash code is encrypted with RSA using the sender’s private key, and the result is prepended to the message 4.The receiver uses RSA with the sender’s public key to decrypt and recover the hash code 5. The receiver generates a new hash code for the message and compares it with the decrypted hash code. If the two match, the message is accepted as authentic

10 b: Confidentiality service provided by PGP 1. The sender generates a message and a random 128-bit number to be used as a session key for this message only 2. The message is encrypted using CAST-128 (or IDEA or 3DES) with the session key 3.The session key is encrypted with RSA using the recipient’s public key and is prepended to the message 4. The receiver uses RSA with its private key to decrypt and recover the session key 5. The session key is used to decrypt the message

11 1. The sender creates a message 2. The hash code is generated using SHA-1( 160-bit) for the message. 3. The sender signs the message with its own private key, then encrypts the message with a session key 4. The session key is encrypted with the recipient’s public key 5. The receiver uses RSA with the sender’s public key to decrypt and recover the hash code. 6. The receiver generates a new hash code for the message and compares it with the decrypted hash code. If the two match, the message is accepted as authentic. c: Authentication & Confidentiality service provided by PGP

12  PGP compresses the message save space both for e-mail transmission and file storage  PGP compresses the message after signature but before encryption store uncompressed message together with the signature future verification to for

13 1. Hashing (SHA-1) Authentication 2. Symmetric-Key cryptography (CAST-128, IDEA, and 3DES) Confidentiality 3. Public- key cryptography (RSA, DSS, and Diffie-Hellman ) Digital Signature 4. Data compression/ Data decompression

14 Transmission and Reception of PGP Messages

15  On transmission  Signature (If required) is generated using a hash code of uncompressed plaintext  Plaintext (plus signature if present) is compressed  The block (If confidentiality required), is encrypted and prepended with the public-key encrypted symmetric encryption key  The block is converted to radix-64 format  On reception  The incoming block is converted back from radix-64 format to binary  If the message is encrypted, the recipient recovers the session key and decrypts the message  The resulting block is then decompressed  If the message is signed, the recipient recovers the transmitted hash code and compares it to its own calculation of the hash code

16  S/MIME version of the MIME protocol  supports encryption of messages (RSA technology)  S/MIME is a standard used to include content of various types in a single message  S/MIME IETF standards (RFC 2821 and RFC 2822)  S/MIME RSA Data Security Inc. S/MIME: Secure/Multipurpose Internet Mail Extensions IETF: Internet Engineering Task Force RFC: Request for Comments follow Developed by

17  MIME SMTP format of mail  messages multiple content, both textual and non-textual (images, audio, or text in different character sets) SMTP: Simple Mail Transfer Protocol extends include

18  Internet e-mail messages follow the format standards that are defined in RFC 2821/RFC 2822  A message is made up of header fields and a body  A message can be sent without a body (body is optional), but not without a header

19

20  Enveloped data  Generate a session key for a symmetric encryption algorithm (RC2/40 or triple DES)  Encrypt the session key with the recipient’s public key (RSA)  Prepare a block known as Recipient Info contains 1. an identifier of the recipient’s public-key certificate 2. an identifier of the algorithm used to encrypt the session key  Encrypt the message content with the session key

21  Signed data  Select a message digest algorithm (SHA or MD5).  Compute the message digest (hash function) of the content to be signed.  Encrypt the message digest with the signer’s private key.  Prepare a block known as SignerInfo contains 1. Signer’s public key certificate 2. an identifier of the message digest algorithm 3. an identifier of the algorithm used to encrypt the message digest, and the encrypted message digest

22  Clear-signed data  Digital signature of the content is formed  Digital signature is encoded using base64  Recipients without S/MIME capability can view the message content and cannot verify the signature

23  Signed and enveloped data  Encrypted data may be signed  Signed data or clear-signed data may be encrypted

24

25 Thank you for your attention

Download ppt "Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1."

Similar presentations

Cryptography and Network Security Sixth Edition by William Stallings.

Cryptography and Network Security Sixth Edition by William Stallings.
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Data & Network Security

Data & Network Security
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Electronic Mail Security

Electronic Mail Security
Electronic mail security. Outline Pretty good privacy S/MIME.

Electronic mail security. Outline Pretty good privacy S/MIME.
Email Security.  email is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Network Security Essentials Chapter 7 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)

Network Security Essentials Chapter 7 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Similar presentations

Ads by Google