,
A Novel Approach For Intranet Mailing For ProvidingUser Authentication
ASN Chakravarthy
†
A.S.S.D.Toyaza
††
Associate Professor,Dept.of CSE Final Year M.Tech,Dept.of CSE,Sri Sai Aditya Institute of Science & Technology Sri Sai Aditya Institute of Science & Technology,Suram Palem,E.G.Dist , Andhra Pradesh, India Suram Palem,E.G.Dist , Andhra Pradesh, India
Summary
With the explosion of the public Internet and e-commerce,private computers, and computer networks, if not adequatelysecured, are increasingly vulnerable to damaging attacks.Hackers, viruses, vindictive employees and even human error allrepresent clear and present dangers to networks. Variousantidotes that are in fact inextricable with security issues are –Cryptography, Authentication, Integrity and Non Repudiation,Key Distribution and certification, Access control byimplementing Firewalls etc.The main idea of this paper is toovercome the PGP’s(Pretty Good Privacy) main limitation of incomplete non-repudiation Service, which increases the degreeof security and efficiency of an email message communicationthrough NRR(
Non-Repudiation of Receipt)
and includingPGPs original feature of NRO(
Non-Repudiation of Origin)
,and there it assures new security service of Mutual Non-Repudiation (MNR).
Key words:
PGP, EPGP, Non-Repudiation, NRO, NRR, MNR, Security.
1. Introduction
N
o
n-repudiation service can be viewed as an extension tothe identification and authentication service. In general,non-repudiation applies when data is transmittedelectronically; for example, an order to a stock broker tobuy or sell stock, or an order to a bank to transfer fundsfrom one account to another. The overall goal is to be ableto prove that a particular message is associated with aparticular individual. Non-repudiation is the assurance thatsomeone cannot deny something. Typically, non-repudiation refers to the ability to ensure that a party to acontract or a communication cannot deny the authenticityof their signature on a document or the sending of amessage that they originated.
R
epudiation of deliver occurs when the sender claims tohave sent the message, but the recipient denies receivingit; the sender claims to have received; or the sender and therecipient claim different date or time of receiving themessage. The repudiation of delivery could be triggered bythe same events as the repudiation of origin;misinformation, lying. Communication error , or a third-party intervention.Authentication is the act of confirming the truthof an attribute of a datum or entity. This might involveconfirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what it’s packagingand labeling claims to be, or assuring that a computerprogram is a trusted one. The authentication of informationcan pose special problems (especially man-in-the-middleattacks), and is often wrapped up with authenticatingidentity. Literary can involve imitating the style of afamous author. If an original manuscript, typewritten text,or recording is available, then the medium itself (or itspackaging - anything from a box to e-mail headers) canhelp prove or disprove the authenticity of the document.With the growing use of the Internet as a medium fordoing business, purchasing products, and exchangingpersonal and private information, the need for a secure andverifiable mechanism for information transfer andexchange is becoming critical. One of the biggestdifficulties since the inception of the e-mail messagecommunication over an open network is providing securityto email communication. Many protocols have beendeveloped to provide security and authentication for the e-mail message. Some of the protocols are Simple MailTransfer Protocol (SMTP), Multipurpose Internet MailExtension (MIME), and its enhancement, known as SecureMIME (S/MIME). Other protocols are: Certified Exchangeof Electronic Mail (CEEM), Secure E-mail Protocol(SEP), Privacy Enhanced Mail (PEM) and Pretty GoodPrivacy (PGP).Among these protocols PGP is one of thesecured and enhanced protocol.
1.1
Existing System
Pretty Good Privacy (PGP) is a popular program used toencrypt and decrypt email over the Internet. It can also be
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 6, June 2011158http://sites.google.com/site/ijcsis/ISSN 1947-5500
used to send an encrypted digital signature that lets thereceiver verify the sender's identity and know that themessage was not changed in the transmission. PGP isavailable both as freeware and in a low-cost commercialversion, is the most widely used privacy-ensuring programby individuals and is also used by many corporations.Developed by Philip R. Zimmermann in 1991, PGP hasbecome a standard for e-mail security. PGP can also beused to encrypt files being stored so that they areunreadable by other users or intruders, PGP can be usedbasically for 4 things [1]:• Encrypting a message or file so that only the recipientcan decrypt and read it. The sender, by digitally signingwith PGP, can also guarantee to the recipient, that themessage or file must have come from the sender and notan impostor.• Clear signing a plain text message guarantees that it canonly have come from the sender and not an impostor.• Encrypting computer files so that they can't be decryptedby anyone other than the person who encrypted them.• Really deleting files (i.e. overwriting the content so thatit can't be recovered and read by anyone else) rather than just removing the file name from a directory/folder.PGP provides two services: encryption and digitalsignatures
1.2
Proposed System
Enhanced Pretty Good Privacy (EPGP) is a newcryptosystem based on Pretty Good Privacy (PGP), usedfor the purpose of secure e-mail message communicationover an open network. The idea of EPGP, in this paper isto overcome PGP’s main drawback of incomplete non-repudiation service, and therefore, attempts to increase thedegree of security and efficiency of e-mail messagecommunication through the concept of NRR, plus PGP'soriginal feature of NRO, and therefore, assuring the newsecurity service of
Mutual
Non-Repudiation (MNR) for ane-mail message communication
.
"Non-Repudiation of Receipt"(NRR), is a cryptographicmethod that makes sure that the sender of information isprotected against the denial of the receiver, who may saythe sender never sent the information, or that he didn'tsend it on time. With NRR, the sender saves the digitallysigned message he sent and when receiving the message,the receiving party must extract the message, digitally signit and then send it back to the sender. NRR provides legalevidence that the denying party did receive the informationby using digital signatures for proof.NRR can also be defined as a service that provides proof of the integrity and origin of data, both in an unforgivablerelationship, which can be verified by any third party atany time; or, an authentication that with high assurancecan be asserted to be genuine, and that cannotsubsequently be reputed.
"Non-Repudiation of Origin"(NRO), is a cryptographicmethod that makes sure that the original sender of information cannot successfully deny that he sent theinformation because it can be verified that he had sent it.NRO provides legal evidence that the denying party sentthe information by using digital signatures for proof.
Non-repudiation of origin defines requirements to provideevidence to users/subjects about the identity of theoriginator of some information. The originator cannotsuccessfully deny having sent the information becauseevidence of origin (e.g. digital signature) providesevidence of the binding between the originator and theinformation sent. The recipient or a third party can verifythe evidence of origin. This evidence should not beforgeable
.
We have replaced the
LZ77
algorithm withdeflator and enflaltor algorithm for compressing anddecompressing these algorithms are combination of
LZW+ Huffman coding
. Then in 4th phase we have replacedthe
DES_CBC
symmetric encryption algorithm with the
tripleDES
algorithm
2. EPGP Algorithm
EPGP has solved the problem of providing the securityand authentication and provides complete fair and non-repudiation service for the email message.E-mail communication process is a connectionless-oriented type of communication in which it is necessaryfor both sides of communication to be in direct contactwith each other simultaneously during the transmissionand reception phases.Instead, an e-mail message M
5
that sender A sends isuploaded to a 24-hour-available trusted e-mail softwareserver D. Then whenever receiver B opens its e-mailinbox, message M
5
is downloaded from e-mail server D toB's machine, where B's email software performs thereverse PGP process to retain back the original text of e-mail message M.It is not necessary for B to be online when A sends themessage, neither is it necessary for A to be online when Breceives the message, since the email server D is online allthe time. Server D is
not
a Trusted Third Party (TTP) fromoutside the communication link, but it is an embedded partin the whole process that takes on the role of messagedelivery.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 6, June 2011159http://sites.google.com/site/ijcsis/ISSN 1947-5500
Figure (1): Fair MNR of EPGPThe entire EPGP process consists of three main phases,described as follows:1. Transmission Phase2. NNR Phase3. Reception Phase
3. Implementation
Phase I:
This is “transmission phase”, where similar stepslike PGP will be taken place. User A’s e-mail softwarecomputes a message M
1
, by hashing message M, using theSHA-1 hashing algorithm as follows:
A: M
1
= H(M)
Then, user A's e-mail software computes M
2
as a digitalsignature of message M
1
, using the DSS digital signaturescheme. The attached digital signature of sender A,DS
KRA
[M
1
], on to the message will assure the feature of NRO, which is already achieved by PGP as well, asfollows:
A: M
2
= DS
KRA
[M
1
]
║
M
Then user A’s email software compresses message M
2
asmessage M
3
, using the LZW + Huffman coding algorithmof deflator zipping as follows,
A: M
3
= Z(M
2
)
Then, user A's e-mail software computes M
4
, byencrypting message M
3
, by the secret key K
S
, using aDES-CBC symmetric encryption algorithm.
A:M
4
=EKs[M
3
]
Finally, user A's e-mail software computes M
5
byapplying Radix-64 conversion to ASCII on message M4,and sends the final message to e-mail server D, as follows:
A
→
D: M
5
= R64(M
4
)
Now, the message has been sent to receiver B via server Dover the open network. It is clear now that receiver B tillnow is still not able to decrypt the message since it has notgotten yet the secret key K
S
, nor server D's private key,K
RD
. The enhancement of NNR is applied here as shownin the next phase of the EPGP process. The entire"transmission phase" of EPGP is illustrated in figure (2).
Phase II:
This is called "NNR phase", which is the majorenhancement of EPGP. Once receiver B, opens its e-mailinbox, downloads message M
5
from server D, and attemptsto open message M, user B's e-mail software will establisha communication session with server D to get the secretkey, K
S
, to decrypt the message. First of all, server Dforwards message M
5
to B, as follows:
D
→
B: M
5
Server D will not grant receiver B the secret key, K
S
,unless receiver B handles its digital signature on theunopened message, M5, to server D first. This will serveas evidence of message reception, and therefore, the MNRof the whole process. Receiver B submits server D itsdigital signature on the received message, M5, encryptedby RSA, using user A's public key, KUA, as follows:
B
→
D: M
6
= E
KUA
[DS
KRB
[M
5
]]
Figure (2): The EPGP Transmission PhaseThen, server D may send the secret key, KS, toreceiver B. Now, server D performs its last task by simplyforwarding user B's digital signature on message M
5
touser A, as follows:
D
→
A: M
6
= E
KUA
[DS
KRB
[M
5
]]
Now, the main objective of Mutual Non-Repudiation(MNR) of the whole e-mail communication service isfinally achieved, and receiver B can no more denyreceiving M, since A can prove such reception, as follows:
A: DS
KRB
[M
5
] = D
KRA
[M
6
]= D
KRA
[E
KUA
[DS
KRB
[M5]]
Now, receiver B can finally get the needed secret key, KS,to decrypt the e-mail message and obtain the original textof the transmitted e-mail message M, sent by sender A, asfollows:
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 6, June 2011160http://sites.google.com/site/ijcsis/ISSN 1947-5500
Search History:
Result 00 of 00
00 results for result for
p.
A Novel Approach for Intranet Mailing For Providing User Authentication
With the explosion of the public Internet and e-commerce, private computers, and computer networks, if not adequately secured, are increasingly vulnerable to damaging attacks. Hackers, viruses, vindictive employees and even human error all represent clear and…
(More)
200
Reads
1
Readcasts
0
Embed Views
More From This User
Notes
Load more
