Scribd Logo
Upload

Welcome to Scribd!

  • Electronic Mail Security: Data and Network Security

    Uploaded by

    asad
    27 views26 pages
    This document discusses electronic mail security through Pretty Good Privacy (PGP) and S/MIME. It describes how PGP provides authentication and confidentiality for email through digital signatures, encryption, compression and other techniques. PGP uses algorithms like RSA, IDEA and SHA-1. The document also outlines how S/MIME similarly provides security for email using public key certificates and algorithms like Triple-DES, RSA and SHA-1 for signatures, encryption and hashing. It explains the roles of these protocols and standards in securing email communications.

    Original Description:

    Original Title

    10. e-mail-security

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses electronic mail security through Pretty Good Privacy (PGP) and S/MIME. It describes how PGP provides authentication and confidentiality for email through digital signatures, encryption, compression and other techniques. PGP uses algorithms like RSA, IDEA and SHA-1. The document also outlines how S/MIME similarly provides security for email using public key certificates and algorithms like Triple-DES, RSA and SHA-1 for signatures, encryption and hashing. It explains the roles of these protocols and standards in securing email communications.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    27 views26 pages

    Electronic Mail Security: Data and Network Security

    Uploaded by

    asad
    This document discusses electronic mail security through Pretty Good Privacy (PGP) and S/MIME. It describes how PGP provides authentication and confidentiality for email through digital signatures, encryption, compression and other techniques. PGP uses algorithms like RSA, IDEA and SHA-1. The document also outlines how S/MIME similarly provides security for email using public key certificates and algorithms like Triple-DES, RSA and SHA-1 for signatures, encryption and hashing. It explains the roles of these protocols and standards in securing email communications.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 26

    Electronic mail

    security

    Data and Network Security


    Outline
    • Pretty good privacy
    • S/MIME

    Data and Network Security


    Pretty Good Privacy

    • Philip R. Zimmerman is the creator of PGP.

    • PGP provides a confidentiality and


    authentication service that can be used for
    electronic mail and file storage
    applications.

    Data and Network Security


    Why Is PGP Popular?

    • It is availiable free on a variety of platforms.

    • Based on well known algorithms.

    • Wide range of applicability

    • Not developed or controlled by governmental


    or standards organizations
    Data and Network Security
    Operational Description

    • Consist of five services:


    – Authentication
    – Confidentiality
    – Compression
    – E-mail compatibility
    – Segmentation

    Data and Network Security


    Authentication see figure 5.1 (a)

    1. The sender creates a message.


    2. SHA-1 is used to generate a 160-bit hash code of the
    message.
    3. The hash code is encrypted with RSA using the
    sender’s private key, and the result is prepended to the
    message.
    4. The receiver uses RSA with the sender’s public key to
    decrypt and recover the hash code.
    5. The receiver generates a new hash code for the
    message and compares it with the decrypted hash code.
    If the two match, the message is accepted as
    authentic.
    Data and Network Security
    Confidentiality see figure 5.1 (b)

    • 1. The sender generates a message and a random 128-


    bit number to be used as a session key for this message
    only.
    • 2. The message is encrypted using CAST-128 (or IDEA
    or 3DES) with the session key.
    • 3. The session key is encrypted with RSA using the
    recipient’s public key and is prepended to the message.
    • 4. The receiver uses RSA with its private key to
    decrypt and recover the session key.
    • 5. The session key is used to decrypt the message.

    Data and Network Security


    Data and Network Security
    Compression
    • PGP compresses the message after applying
    the signature but before encryption
    • The placement of the compression
    algorithm is critical.
    – It is preferable to sign an uncompressed message so
    that one can store only the uncompressed message
    together with the signature for future verification.
    – Message encryption is applied after compression to
    strengthen cryptographic security
    • The compression algorithm used is ZIP

    Data and Network Security


    E-mail Compatibility
    • The scheme used is radix-64 conversion
    • The use of radix-64 expands the message by 33%.

    Data and Network Security


    Segmentation and Reassembly

    • Often restricted to a maximum message length


    of 50,000 octets.
    • Longer messages must be broken up into
    segments.
    • PGP automatically subdivides a message that is
    to large.
    • The receiver strip of all e-mail headers and
    reassemble the block.

    Data and Network Security


    Summary of PGP Services

    Function Algorithm Used


    Digital Signature DSS/SHA or RSA/SHA

    Message CAST or IDEA or


    Encryption three-key triple DES
    with Diffie-Hellman or
    RSA
    Compression ZIP
    E-mail Radix-64 conversion
    Compatibility
    Segmentation -

    Data and Network Security


    Data and Network Security
    Format of PGP Message

    Data and Network Security


    Data and Network Security
    PGP msg. generation A to B

    1. Signing the message:


    a. PGP retrieves the sender’s private key from the private-key ring
    using your_userid as an index.
    b. PGP prompts the user for the passphrase to recover the
    unencrypted private key.
    c. The signature component of the message is constructed.

    2. Encrypting the message:


    a. PGP generates a session key and encrypts the message.
    b. PGP retrieves the recipient’s public key from the public-key ring
    using her_userid as an index.
    c. The session key component of the message is constructed.

    Data and Network Security


    Data and Network Security
    PGP msg. receiving B to A
    1. Decrypting the message:
    a. PGP retrieves the receiver’s private key from the private-key
    ring using the Key ID field in the session key component of the
    message as an index.
    b. PGP prompts the user for the passphrase to recover the
    unencrypted private key.
    c. PGP then recovers the session key and decrypts the message.
    2. Authenticating the message:
    a. PGP retrieves the sender’s public key from the public-key ring
    using the Key ID field in the signature key component of the
    message as an index.
    b. PGP recovers the transmitted message digest.
    c. PGP computes the message digest for the received message
    and compares it to the transmitted message digest to
    authenticate.
    Data and Network Security
    Data and Network Security
    Revoking Public Keys

    • The owner issue a key revocation certificate.

    • Normal signature certificate with a revote


    indicator.

    • Corresponding private key is used to sign the


    certificate.

    Data and Network Security


    S/MIME

    • Secure/Multipurpose Internet Mail Extension

    Data and Network Security


    Simple Mail Transfer Protocol (SMTP,
    RFC 822)
    • SMTP Limitations - Can not transmit, or has a
    problem with:
    – executable files, or other binary files (jpeg
    image)
    – “national language” characters (non-ASCII)
    – messages over a certain size
    – ASCII to EBCDIC translation problems
    – lines longer than a certain length (72 to 254
    characters)

    Data and Network Security


    Header fields in MIME
    • MIME-Version: Must be “1.0” -> RFC 2045, RFC
    2046
    • Content-Type: More types being added by
    developers (application/word)
    • Content-Transfer-Encoding: How message has
    been encoded (radix-64)
    • Content-ID: Unique identifying character string.
    • Content Description: Needed when content is not
    readable text (e.g.,mpeg)

    Data and Network Security


    S/MIME Functions
    • Enveloped Data: Encrypted content and
    encrypted session keys for recipients.
    • Signed Data: Message Digest encrypted with
    private key of “signer.”
    • Clear-Signed Data: Signed but not
    encrypted.
    • Signed and Enveloped Data: Various
    orderings for encrypting and signing.

    Data and Network Security


    Algorithms Used

    • Message Digesting: SHA-1 and MDS


    • Digital Signatures: DSS
    • Secret-Key Encryption: Triple-DES,
    RC2/40 (exportable)
    • Public-Private Key Encryption: RSA with
    key sizes of 512 and 1024 bits, and Diffie-
    Hellman (for session keys).

    Data and Network Security


    User Agent Role

    • S/MIME uses Public-Key Certificates - X.509


    version 3 signed by Certification Authority

    • Functions:
    – Key Generation - Diffie-Hellman, DSS, and RSA key-
    pairs.
    – Registration - Public keys must be registered with
    X.509 CA.
    – Certificate Storage - Local (as in browser application)
    for different services.
    – Signed and Enveloped Data - Various orderings for
    encrypting and signing.

    Data and Network Security

    You might also like