Presentation is loading. Please wait.

Presentation is loading. Please wait.

S/MIME T ANANDHAN.

Published byAileen Lawrence Modified over 5 years ago

Similar presentations

Presentation on theme: "S/MIME T ANANDHAN."— Presentation transcript:

1 S/MIME T ANANDHAN

2 S/MIME - Overview After the development of PEM industry working group led by RSA Security, Inc. started to develop another specification for conveying digitally signed and/or encrypted and digitally enveloped data in accordance to the MIME message formats. S/MIME (Secure/Multipurpose Internet Mail Extension) is a security enhancement to the MIME Internet format standard. S/MIME is not restricted to mail; it can be used with any transport mechanism that transports MIME data, such as HTTP. S/MIME is likely to emerge as the industry standard for commercial and organizational use, while PGP will remain the choice for personal security for many.

3 S/MIME - Overview There are three versions of S/MIME:
S/MIME provides the following cryptography security services: Authentication. Message Integrity By using digital signing Non-repudiation Privacy and data security By using encryption There are three versions of S/MIME: S/MIME version 1 (1995)- was specified and officially published in 1995 by RSA Security, Inc. S/MIME version 2 (1998)- was specified in a pair of informational RFC documents - RFC 2311 and RFC in March1998. The work was continued in the IETF S/MIME Mail Security (SMIME) WG and resulted in S/MIME version 3 (1999) specified in RFCs 2630 to in June 1999. Authentication. A signature serves to validate an identity. It verifies the answer to "who are you" by providing a means of differentiating that entity from all others and proving it’s from a mutually trusted source. Because there is no authentication in SMTP , there is no way to know who actually sent a message. Authentication in a digital signature helps solve this problem by enabling a recipient to know that a message was sent by the person or organization who claims to have sent the message. Non-repudiation. The uniqueness of a signature helps prevent the owner of the signature from disowning the signature. This capability is called non-repudiation. Thus, the authentication that a signature provides gives the means to enforce non-repudiation. The concept of non-repudiation is most familiar in the context of paper contracts: A signed contract is a legally binding document, and it is more difficult to disown an authenticated signature. Digital signatures provide the same function and, increasingly in some areas, are recognized as legally binding, similar to a signature on paper. Because SMTP does not provide a means of authentication, it cannot provide non-repudiation. It is easy for a sender to disavow ownership of an SMTP message. Data integrity. An additional security service that digital signatures provide is data integrity. Data integrity is a result of the specific operations that make digital signatures possible. With data integrity services, when the recipient of a digitally signed message validates the digital signature, the recipient helps to assure that the message that is received is, in fact, the same message that was signed and sent and has not been altered while in transit. Any alteration of the message while in transit after it has been signed invalidates the signature. In this way, digital signatures are able to help provide an assurance that signatures on paper cannot, because it is possible for a paper document to be altered after it has been signed.

4 S/MIME - Functions encrypted content ,encryption keys
S/MIME is based on the Cryptographic Message Syntax (CMS) specified in RFC 2630. Enveloped data: encrypted content ,encryption keys Signed data: A digital signature is formed by signing the message digest and then encrypting that with the signer private key. using base64 encoding. This consists of encrypted content of any type and encrypted content encryption keys for one or more users. This functions provides privacy and data security. A digital signature is formed by signing the message digest and then encrypting that with the signer private key. The content and the signature are then encoded using base64 encoding. This function provides authenticity, message integrity and non-repudiation of origin.

5 S/MIME - Cryptography Be liberal in what you receive and conservative in what you send.

6 S/MIME - Message MIME Algorithm Identifiers Certificates CMS
MIME bodies + CMS. CMS object MIME Encoding + Canonical form

7 S/MIME - Message M + Enveloped Data: Recipient’s public key
Encrypt the session key Diffie-Hellman / RSA Recipient’s public key Pseudorandom session key (3DES or RC2/40)ׁׁ Certificate RecipientInfo M enveloped-data +

8 S/MIME - Certificates S/MIME uses public-key certificates that conform to version 3 of X.509. A hybrid between a strict X.509 certification hierarchy and PGP's web of trust. A receiving agent MUST provide some certificate retrieval mechanism. Receiving and sending agents SHOULD also provide a mechanism to allow a user to "store and protect" certificates

9 S/MIME - Certificates to protect the authenticity and
Public key certificates are required to protect the authenticity and integrity of public keys, thus protecting against man-in-the-middle attack. A certificate chain must be verified until a root CA is reached

10 Use Certificate Services in Microsoft Windows Server™ 2003.
S/MIME Requirements Public Key Infrastructure (PKI) Use Certificate Services in Microsoft Windows Server™ 2003. Implement a PKI to support S/MIME Certificate Templates Administrator User Active Directory Exchange Server 2003

11 COMPARE with S/MIME PEM- Privacy Enhanced Mail PGP
Exchange keys on trust (web of trust) Smaller work group MOSS- Message Object Security Service

12 C:\Users\john\Desktop\smime.docx Reference

13 THANK U

Download ppt "S/MIME T ANANDHAN."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Cryptography 101 Frank Hecker

Cryptography 101 Frank Hecker
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
Masud Hasan 03-60-475 SecueEmail VS Hushmail Project 2.

Masud Hasan Secue VS Hushmail Project 2.

Similar presentations

Ads by Google