Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Lecture 18: E-Mail Security issues specific to email security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.

Published byEmery Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Lecture 18: E-Mail Security issues specific to email security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability."— Presentation transcript:

1 1 Lecture 18: E-Mail Security issues specific to email security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability –proof of submission/deliver –others text formatting issues

2 2 Complexities of E-Mail non-real-time text-based –with potential reformatting on the way distribution lists –local explosion – list maintainer sends back the users’ addresses to the sender –remote explosion – list maintainer forwards the message to everyone on the list store-and-forward –by multiple MTAs

3 3 Security Services for E-mail privacy – only intended recipient reads the message authentication – recipient confirms the identity of the sender integrity – message has not been altered in route non-repudiation (third-party authentication) – recipient can prove that the sender indeed sent the message proof of submission – verification to sender that mail system accepted message for transmission (how’s that similar/different from US Postal service?) proof of delivery – verification to sender that the recipient received the message message flow confidentiality – third party cannot know that the exchange between sender and recipient occurred anonymity – recipient does not know the identity of the sender others: audit (network records), (security levels) containment, accounting, self-destruction, message sequence integrity

4 4 Key Management the security services can be provided using either public or private keys a per-message symmetric key is used for message encryption, which is conveyed in the mail, encrypted under a long-term key (typically a public key) long-term keys can be established, –offline –online, with help from a trusted third party (PKI, KDC) –online, through a web, email, etc

5 5 Privacy end-to-end Alice encrypts the message with her shared key with Bob or her public key –if public – better to a invent and encrypt a symmetric key and use the key to encrypt the message (why?) mailing lists local explosion (what’s wrong with local explosion and privacy?) –message key will be encrypted under each recipients long term key in the message header. Bob’s ID, K Bob {S} Carol’s ID, K Carol {S} Ted’s ID, K Ted {S} S{m} –E.g.: To: Bob, Carol, Ted From: Alice Key-info: Bob-4276724736874376 Key-info: Carol-78657438676783457 Key-info: Ted-12873486743009 Msg-info: UHGuiy77t65fhj87oi..... remote explosion – use public key for the list

6 6 Integrity/Authentication why do we need integrity together with authentication? public key, how? secret key – use a MAC (what’s that?) –MAC can be CBC residue computed with shared key. message digest of the shared key appended to the message message digest encrypted with shared key –which method is most efficient if there are multiple recipients?

7 7 Non-repudiation/Plausible Deniability Public keys: nonrepudiation easy, PD hard (why?) Secret keys: vice versa PD with public keys, why does this scheme work? –Alice, to send message m to Bob, –chooses a random symmetric key S –computes [{S} Bob ] Alice –computes MAC S (m) –sends m, MAC S (m), [{S} Bob ] Alice Secret key NR: with notary –Alice negotiates with notary to add “seal” to msg, f(S N, msg, “Alice”); S N is secret local to notary –Bob can’t tell if seal OK, but could ask –Or Notary can add second seal for Bob: Note: Bob’s seal better cover Alice’s. Why? –does the notary need to know the message to add a seal?

8 8 Proof of Submission/Delivery submission –post office signs MD of message –proves it received it, not that it was delivered delivery –signed by recipient, when should recipient sign the message before delivery (what if lost after signature) after delivery (what if does not want to sign?)

9 9 Confirming Time of Message Transmission, Others why is confirming desirable? two attacks backdating – claiming something happened later than it did –prevention – notary dates and signs the message upon receipt postdating – claiming something happened earlier than it did –prevention – include in message something that could not be known until later, or signed timestamp of a notary for that date other services protecting message flow, anonymity – use intermediaries –not straightforward, why? containment – deploy security level aware mail system

10 10 Text Format Issues Mail gateways/forwarders may modify the format of the message (wrapping long lines, end-of-line character, high order bits, etc.), causing the integrity check to fail –Encode messages in a format supported by all mailers. 6-bit representation, no long lines, etc. (similar to uuencode) Non-supportive clients should be able to read authenticated (but not encrypted) messages, –MAC without encoding (subject to corruption by mail routers) –Encode & MAC/encrypt (may not be readable at the other end)

Download ppt "1 Lecture 18: E-Mail Security issues specific to email security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability."

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Secure E-mail Systems.

Secure Systems.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
CS470, A.SelcukE-mail Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
1 Intro To Encryption Exercise 10. 2 Analyze the following scenario: Sender:  Cipher1= Encrypt message with symmetric key algorithm  RSA_Encrypt (SHA1(message)

1 Intro To Encryption Exercise Analyze the following scenario: Sender:  Cipher1= Encrypt message with symmetric key algorithm  RSA_Encrypt (SHA1(message)
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Similar presentations

Ads by Google