Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 1 IPSI 2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn,

Published byTiffany Brown Modified over 8 years ago

Similar presentations

Presentation on theme: "©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 1 IPSI 2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn,"— Presentation transcript:

1 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 1 IPSI 2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Dr. Nick Cercone Faculty of Computer Science Dalhousie University

2 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 2 IPSI 2003 OverviewOverview Introduction Current email security Secure Mail Transfer Protocol DiscussionConclusion Future work

3 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 3 IPSI 2003 IntroductionIntroduction Email is everyday used in electronic world Simple Mail Transfer Protocol (SMTP) is trivial and anonymous Security is need for transferring email over internet

4 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 4 IPSI 2003 SMTPSMTP

5 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 5 IPSI 2003 Current email security Confidentiality and Integrity AuthenticationNon-repudiation User Applications Web Applications

6 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 6 IPSI 2003 Secure Mail Transfer Protocol (SecMTP) Overview Assumption and Limitation ArchitectureSpecificationExample

7 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 7 IPSI 2003 SecMTP: Overview Incorporate security procedure into SMTP Maintain the simplicity and compatibility that SMTP provides Achieve the five security goals: confidentiality, integrity, authentication, non- repudiation, and certification

8 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 8 IPSI 2003 Assumption and Limitation All SecMTP compliant servers must be properly certified Non-repudiation has to be implemented SecMTP user trusts the integrity of the end servers but not the intermediate connection We designed SecMTP’s architecture, protocol specifications, and SecMTP Extension Service to SMTP

9 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 9 IPSI 2003 The SecMTP Architecture SecMTP architecture with the extension of security services

10 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 10 IPSI 2003 The SecMTP Specification Default specification User requested options

11 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 11 IPSI 2003 The SecMTP Default Specification TLS channels Authentication headers Digital signature TTP (if receiver non-repudiation is required)

12 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 12 IPSI 2003 The SecMTP User Requested Options Receiver public key encryption Sender private key digital signature Restrict option Seamless interfaces Users private/public keys are stored at the server machine

13 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 13 IPSI 2003 The Timing Diagram of SecMTP (1)

14 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 14 IPSI 2003 The Timing Diagram of SecMTP (2)

15 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 15 IPSI 2003 The State Diagram of Starting a SecMTP Connection

16 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 16 IPSI 2003 SMTP Extension Service for Secure Mail Transfer Protocol (SecMTP) 1.The name of the SMTP service extension is “Secure Mail Transfer Protocol” 2.The EHLO keyword value associated with the extension is SECMTP 3.No parameters are allowed with this EHLO keyword value

17 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 17 IPSI 2003 SMTP Extension Service for Secure Mail Transfer Protocol (SecMTP) 4.Three option parameters are added to the RCPT command: SIGN: digitally sign message header consisting of a message digest and sender identity ENCR: encrypt the message with receiver public key STRICT: only transfer the message through properly authenticated and certified SecMTP servers 5.No additional SMTP verbs are defined by this extension

18 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 18 IPSI 2003 ExampleExample S: S: C: C: S: 220 foo.com SMTP service ready C: EHLO bar.com... C: STARTTLS C \& S: C \& S: C: EHLO S: 250... AUTH CRAM-MD5 DIGEST-MD5... C: AUTH CRAM-MD5 S: 334...

19 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 19 IPSI 2003 Example (cont.) C & S: C & S: S: 235 authentication successful C: EHLO S: 250... SECMTP... C: SECMTP S: 220 welcome SecMTP service ready C: MAIL FROM: C: MAIL FROM: S: 250 OK C: RCPT TO: C: RCPT TO: S: 250 OK C: RCPT SIGN S: 250 OK Digital Signature for Jones@foo.com

20 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 20 IPSI 2003 Example (cont.) C: DATA S: 354 Start mail input; end with. S: 354 Start mail input; end with. C: Data data data... C:...etc. etc. etc. C:. S: 250 OK C: QUIT S: 221 foo.com Service closing transmission channel

21 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 21 IPSI 2003 Discussion (1) Advantages Seamlessly integrate with existing email systems Compatible with SMTP and current service extension Does not require specific action from the users Provide user-to-user level of security Provide both best-effort and guaranteed security services

22 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 22 IPSI 2003 Discussion (2) Shortcomings Non-SecMTP clients need to examine the security information manually Encryption and decryption are done at the server Users must trust the end servers to provide security services The SecMTP servers may become bottleneck SecMTP compliant clients and servers are required to achieve full benefit of SecMTP

23 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 23 IPSI 2003 ConclusionConclusion Secure communication -> TLS channels Authentication and certification at servers -> AUTH and header Confidentiality users -> Public key encryption Authentication and integrity at users -> Digital signatures Sender non-repudiation -> Digital signatures Both sender and receiver Non-repudiation -> TTP Guarantee security service -> STRICT option

24 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 24 IPSI 2003 Thank you !!! hathai@cs.dal.ca or hathai@acm.org

Download ppt "©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone 1 IPSI 2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn,"

Similar presentations

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
By: E. Susheel Chandar M. Guna Sekaran Intranet Mail Server.

By: E. Susheel Chandar M. Guna Sekaran Intranet Mail Server.
INTRANET MAIL SERVER (DESIGN OF SMTP and POP3)

INTRANET MAIL SERVER (DESIGN OF SMTP and POP3)
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 30 Electronic Mail Representation & Transfer

Chapter 30 Electronic Mail Representation & Transfer
Simple Mail Transfer Protocol (SMTP) Team: Zealous Team: Zealous Presented By: Vishal Parikh (003749955) Vishal Parikh (003749955) Ribhu Pathria(004698318)

Simple Mail Transfer Protocol (SMTP) Team: Zealous Team: Zealous Presented By: Vishal Parikh ( ) Vishal Parikh ( ) Ribhu Pathria( )
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.

SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Similar presentations

Ads by Google