William Stallings, Cryptography and Network Security 5/e

William Stallings, Cryptography and Network Security 5/e

Network Security Essentials Chapter 4 Electronic Mail Security Fourth Fourth Edition Edition by by William William Stallings Stallings Dr. Bremnavas Ismail Mohideen Key Objectives of Chapter 4

To learn about Electronic mail security To understand PGP and its operation To learn about S/MIME and its functionalities There are two main schemes which are especially designed to provide confidentiality and authentication for electronic mail systems. PGP : Pretty Good Privacy S/MIME : Secure/Multipurpose Internet Mail Extension

Pretty Good Privacy (PGP) Provides a confidentiality and authentication service that can be used for electronic mail and file storage applications Developed by Phil Zimmermann Selected the best available cryptographic algorithms as building blocks Integrated these algorithms into a general-purpose application Made the package and its documentation, including the source code, freely available via the Internet, bulletin boards, and commercial networks Entered into an agreement with a company to provide a fully compatible, low-cost commercial version of PGP PGP Growth

It is available free worldwide in versions that run on a variety of platforms The commercial version satisfies users who want a product that comes with vendor support It is based on algorithms that have survived extensive public review and are considered extremely secure It has a wide range of applicability It was not developed by, nor is it controlled by, any governmental or standards organization Is now on an Internet standards track, however it still has an aura of an antiestablishment endeavor PGP Operation Digital Signatures (Authentication only)

Classical application of public key crypto This figure is actually for RSA for DSA refer to previous lectures Z is zip function radix-64 conversion is done after zip at sender, before Z-1 at receiver may be done only for signature or for the whole message PGP Operation Confidentiality E[PUb, Ks] One-time session key, Ks generated at random encrypted using a public key cryptosystem, EP RSA or ElGamal

Message is compressed before encryption This is the default case PGP Operation Confidentiality and Authentication uses both services on same message create signature and attach to message compress and encrypt both message & signature attach encrypted session key

radix-64 conversion is for everything at the end Summary of PGP Services Secure/Multipurpose Internet Mail Extension (S/MIME) A security enhancement to the MIME Internet e-mail format standard based on technology from RSA Data Security Defined in: RFCs 3370, 3850, 3851, 3852 A standard way for email encryption and signing IETF effort (RFCs 2632, 2633 for version 3.0; RFCs 3850, 3851 for version 3.1; 5750, 5751 for version 3.2) Industry support Not a standalone software, a system that is to be supported by

email clients such as MS Outlook and Thunderbird Quick E-mail History SMTP and RFC 822 only ASCII messages (7-bit) MIME (Multipurpose Internet Mail Extensions) content type Almost any type of information can appear in an email message transfer encoding specifies how the message body is encoded into textual form (radix64 is common)

S/MIME: Secure MIME new content types, like signature, encrypted data Multipurpose Internet Mail Extensions (MIME) An extension to the RFC 5322 framework that is intended to address some of the problems and limitations of the use of Simple Mail Transfer Protocol (SMTP) Is intended to resolve these problems in a manner that is compatible with existing RFC 5322 implementations The specification is provided in RFCs 2045 through 2049 The Five Header Fields Defined in MIME MIME-Version Must have the parameter value 1.0 This field indicates that the message conforms to RFCs 2045 and 2046

Content-Type Describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user or otherwise deal with the data in an appropriate manner Content-Transfer-Encoding Indicates the type of transformation that has been used to represent the body of the message in a way that is acceptable for mail transport Content-ID Used to identify MIME entities uniquely in multiple contexts Content-Description A text description of the object with the body; this is useful when the object is not readable

MIME Content Types S/MIME Functionality Signed data A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer The content plus signature are then encoded using base64 encoding A signed data message can only be

viewed by a recipient with S/MIME capability Clear-signed data Signed and enveloped data S/MIME Only the digital signature is Signed-only and encrypted-only encoded using base64 entities may be nested, so that encrypted data may be signed and As a result recipients without signed data or clear-signed data S/MIME capability can view the may be encrypted message content, although they

cannot verify the signature Enveloped data Consists of encrypted content of any type and encrypted content encryption keys for one or more recipients Cryptograp hic Algorithms Used in S/MIME S/MIME Certificate Processing

S/MIME uses public-key certificates that conform to version 3 of X.509 The key-management scheme used by S/MIME is in some ways a hybrid between a strict X.509 certification hierarchy and PGPs web of trust S/MIME managers and/or users must configure each client with a list of trusted keys and with certificate revocation lists The responsibility is local for maintaining the certificates needed to verify incoming signatures and to encrypt outgoing messages The certificates are signed by certification authorities User Agent Role An S/MIME user has several key-management

functions to perform: Key generation Registration The user of some related administrative utility must be capable of generating separate Diffie-Hellman and DSS key pairs and should be capable of generating RSA key pairs A users public key must be registered

with a certification authority in order to receive an X.509 public-key certificate A user agent should generate RSA key pairs with a length in the range of 768 to 1024 bits and must not generate a length of less than 512 bits Certificate storage and retrieval

A user requires access to a local list of certificates in order to verify incoming signatures and to encrypt outgoing messages VeriSign Certificates VeriSign provides a certification authority (CA) service that is intended to be compatible with S/MIME and a variety of other applications Issues X.509 certificates with the product name VeriSign Digital ID At a minimum, each Digital ID contains:

Owners public key Owners name or alias Expiration date of the Digital ID Serial number of the Digital ID Name of the certification authority that issued the Digital ID Digital signature of the certification authority that issued the Digital ID Address E-Mail Address Basic Registration information (country, zipcode,age and

gender) Summary Pretty good privacy Notation Operational description S/MIME RFC 5322 Multipurpose Internet mail extensions S/MIME functionality S/MIME messages S/MIME certification processing

Enhanced security services

Recently Viewed Presentations

  • Recognition and Treatment of Addictions in the Family ...

    Recognition and Treatment of Addictions in the Family ...

    Thank You VA NWI-HCS Research Leadership & Staff VA Office of Rural Health Veterans Rural Health Resource Center-CR Iowa City VA & Substance Use Disorders Quality Enhancement Research Initiative 1-800-767-1750 (18451#) 1-800-767-1750 (18451#) Objectives Introduce recent VA Office of Rural...
  • International Telecommunication Union - TT

    International Telecommunication Union - TT

    perspectives from Bangladesh Dr Sultan Shamiul Bashar, Medical Officer ... hospitals ~24,000 day-care facilities ~150,000 health workforce ehealth found phenomenal change in 3 years from 2009 Digital Bangladesh 2021 5-yr HPNSDP 2011-2016 with ambitious ehealth plan National Health Policy 2011...
  • Exchange Partner Engagement and Readiness: Global to Breadth

    Exchange Partner Engagement and Readiness: Global to Breadth

    Examples: Everdream, Centerbeam, IBM Global Services "Express Advantage" HP "Smart Desktop" Service. Price range: $30-$50/seat/month Software to Power Hosted Services: Proprietary IT management solution platforms Build and market remote monitoring and management platform solutions that partners leverage to build their...
  • "Provide a Meaningful Experience and People Will Want to Talk ...

    "Provide a Meaningful Experience and People Will Want to Talk ...

    Working with the arts, whether it be through theater, writing poetry, music or visual arts, is a dynamic way of communicating and inspires greater understanding and appreciation of one's own ability and greater participation in the world. ... (Jack Kerouac)....
  • Labour INSURANCE SECTOR EDUCATION AND TRAINING AUTHORITY MIKE

    Labour INSURANCE SECTOR EDUCATION AND TRAINING AUTHORITY MIKE

    Labour INSURANCE SECTOR EDUCATION AND TRAINING AUTHORITY MIKE ABEL: INSETA CEO SHIRLEY STEENEKAMP: SKILLS DEVELOPMENT MANAGER Progress Report NSDS Progress Report Provinces Progress Report Provinces WSP/ATR Submitted for 2005/2006 Progress Report Provinces Progress Report Provinces INVOLVEMENT WITH PSDFs Participation in...
  • Mythological Monsters and Beasts

    Mythological Monsters and Beasts

    Mythological Monsters and Beasts ... Those who cannot answer her riddle suffer a fate typical in such mythological stories, as they are killed and eaten by this ravenous monster. ... Perseus famously kills her. Originally bird-like or winged women who...
  • Vocabulary Unit 4 - Schoolwires

    Vocabulary Unit 4 - Schoolwires

    Affable (af' ə bəl) Adj. Courteous and pleasant, sociable, easy to speak to. Synonyms: genial, amicable, agreeable, cordial. Antonyms: surly, cantankerous, dour ...
  • Arborbrace Tree Staking Systems

    Arborbrace Tree Staking Systems

    Arborbrace Palm Tree Bracing Simple - Fast System Saves Time and Material Costs Will not girdle the tree Arborbrace Palm Tree Bracing CAD or PDF File Available on Web Site for Specifying www.treestaking.com Arborbrace Tree Staking Systems A Simple, Cost...