Presentation is loading. Please wait.

Presentation is loading. Please wait.

Email Security Jonathan Calazan December 12, 2005.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Email Security Jonathan Calazan December 12, 2005."— Presentation transcript:

1 Email Security Jonathan Calazan December 12, 2005

2 Threats to Email Message interception Emails sent in clear text over the Internet. Message modification Anyone with system admin rights on the mail servers your message visits can not only read your message, but also delete or change the message before it reaches its destination (and the recipient won’t be able to tell if the message has been modified). False messages It is very easy to create an email with someone else’s name and address. SMTP servers don’t check for sender authenticity.

3 Threats to Email Message Replay Messages can be saved, modified, and re-sent later. Repudiation You can’t prove that someone sent you a message since email messages can be forged.

4 Solutions First, let’s review the requirements for secure email. Sender authenticity Nonrepudiation Message integrity Message confidentiality

5 Solutions What do we need to meet these requirements? Digital Signatures Solves integrity, authenticity, and nonrepudiation problems. Encryption Solves confidentiality problem.

6 Secure E-Mail Systems Both of these systems provide encryption and digital signatures for security. Secure Multipurpose Internet Mail Extensions (S/MIME) Pretty Good Privacy (PGP)

7 S/MIME Developed by RSA Data Security, Inc. The Internet standard for secure e-mail attachments. Integrated into many commercial email clients, such as Microsoft Outlook, Netscape Communicator, and Lotus Notes (making it likely to dominate the secure e-mail market). Encourages users to obtain a Digital Certificate from a reliable Certification Authority (CA) (you can get a free one from here: http://www.thawte.com/).http://www.thawte.com/

8 S/MIME S/MIME-aware email clients automatically detect the presence of the signature if the certificate was validated by a well-known CA.

9 PGP Invented by Phil Zimmerman in 1991. Originally free, became a commercial product after being bought by Network Associates in 1996 (freeware version is still available here: http://www.pgpi.org/); http://www.pgpi.org/ Available as a plug-in for popular email clients. Can also be used as a stand-alone software. There is no centralized authority.

10 PGP Addresses the key distribution problem with a trust model called “web of trust.” Users create their own self-signed certificates, which can be later signed by others. Users interpret trust level for themselves.

11 Problems with Secure Email Many people don’t use it because: They don’t know how. Difficulties of obtaining a Digital Certificate. S/MIME and PGP schemes do not protect the sender against a recipient claiming not to have received the message. It is still possible to create fake certificates (Class-1 and Class-2 certificates which can be obtained online) if you know enough information about a person. Key availability and migration

12 Other Useful Links Trace the source of the emails (using the email header). http://www.theinquirer.net/email_tracker.h tm http://www.theinquirer.net/email_tracker.h tm Check to see if the sender is a known spammer. http://www.senderbase.org/

13 Sources http://luxsci.com/extranet/articles/email- security.html http://luxsci.com/extranet/articles/email- security.html http://www.tim- richardson.net/misc/security.html http://www.tim- richardson.net/misc/security.html http://www.aamc.org/members/gir/audioc onferenceseries/gregackerman110403.pdf http://www.aamc.org/members/gir/audioc onferenceseries/gregackerman110403.pdf http://www.lasa.org.uk/knowledgebase/pa ges/Netadvicesecurity.shtml http://www.lasa.org.uk/knowledgebase/pa ges/Netadvicesecurity.shtml http://www.antiphishing.org/smim-dig- sig.htm http://www.antiphishing.org/smim-dig- sig.htm

Download ppt "Email Security Jonathan Calazan December 12, 2005."

Similar presentations

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Tools and Techniques of Encryption Jeremy Malcolm A presentation to WASCAL on 29 May 1996.

Tools and Techniques of Encryption Jeremy Malcolm A presentation to WASCAL on 29 May 1996.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Similar presentations

Ads by Google