SlideShare a Scribd company logo

BAIT1103 Chapter 5

L
limsh
EducationTechnology
1 of 31
Chapter 5 Electronic Mail Security
objectives • Present an overview of the operation of PGP (Pretty Good Privacy). • Present an overview of MIME (Multipurpose Internet Mail Extension). • Understand the functionality of S/MIME (Secure/Multipurpose Internet Mail Extension) and the security threats it addresses.
Pretty Good Privacy (PGP) • Provides a confidentiality and authentication service that can be used for electronic mail and file storage applications • Developed by Phil Zimmermann • Selected the best available cryptographic algorithms as building blocks • Integrated these algorithms into a general-purpose application that is independent of operating system and processor and that is based on a small set of easy-to-use commands • Made the package and its documentation, including the source code, freely available via the Internet, bulletin boards, and commercial networks • Entered into an agreement with a company to provide a fully compatible, low-cost commercial version of PGP
PGP Growth It is available free worldwide in versions that run on a variety of platforms The commercial version satisfies users who want a product that comes with vendor support It is based on algorithms that have survived extensive public review and are considered extremely secure It has a wide range of applicability It was not developed by, nor is it controlled by, any governmental or standards organization Is now on an Internet standards track, however it still has an aura of an antiestablishment endeavor
Table 8.1 Summary of PGP Services The actual operation of PGP, as opposed to the management of keys, consists of four services: authentication, confidentiality, compression, and e-mail compatibility
PGP Authentication • Combination of SHA-1 and RSA provides an effective digital signature scheme • Because of the strength of RSA the recipient is assured that only the possessor of the matching private key can generate the signature • Because of the strength of SHA-1 the recipient is assured that no one else could generate a new message that matches the hash code • As an alternative, signatures can be generated using DSS/SHA-1 • Detached signatures are supported • Each person’s signature is independent and therefore applied only to the document
1. The sender creates a message. 2. SHA-1 is used to generate a 160-bit hash code of the message. 3. The hash code is encrypted with RSA using the sender’s private key, and the result is prepended to the message. 4. The receiver uses RSA with the sender’s public key to decrypt and recover the hash code. 5. The receiver generates a new hash code for the message and compares it with the decrypted hash code. If the two match, the message is accepted as authentic.
PGP Confidentiality • Provided by encrypting messages to be transmitted or to be stored locally as files • In both cases the symmetric encryption algorithm CAST-128 may be used • Alternatively IDEA or 3DES may be used • The 64-bit cipher feedback (CFB) mode is used In PGP each symmetric key is used only once • Although referred to as a session key, it is in reality a one-time key • Session key is bound to the message and transmitted with it • To protect the key, it is encrypted with the receiver’s public key • As an alternative to the use of RSA for key encryption, PGP uses ElGamal, a variant of Diffie-Hellman that provides encryption/decryption
1. The sender generates a message and a random 128-bit number to be used as a session key for this message only. 2. The message is encrypted using CAST-128 (or IDEA or 3DES) with the session key. 3. The session key is encrypted with RSA using the recipient’s public key and is prepended to the message. 4. The receiver uses RSA with its private key to decrypt and recover the session key. 5. The session key is used to decrypt the message.
PGP Confidentiality and Authentication • Both services may be used for the same message • Create signature and attach to message • Encrypt both message and signature • Attach RSA (or ElGamal) encrypted session key • When both services are used: The sender first signs the message with its own private key Then encrypts the message with a session key And finally encrypts the session key with the recipient’s public key
1. 2. A signature is generated for the 1. plaintext message and prepended to the message The plaintext message plus 2. signature is encrypted using CAST-128 (or IDEA or 3DES) and the session key is encrypted 3. using RSA (or ElGamal) Encrypting the message and then generate a signature for the encrypted message. It is generally more convenient to store a signature with plaintext message. If the signature is performed first, 3rd party need not concerned with the symmetric key when verifying the signature.
PGP Compression • As a default, PGP compresses the message after applying the signature but before encryption • This has the benefit of saving space both for e-mail transmission and for file storage • The placement of the compression algorithm is critical • Applying the hash function and signature after compression would constrain all PGP implementations to the same version of the compression algorithm • Message encryption is applied after compression to strengthen cryptographic security • The compression algorithm used is ZIP
PGP E-mail Compatibility • Many electronic mail systems only permit the use of blocks consisting of ASCII text • To accommodate this restriction, PGP provides the service of converting the raw 8-bit binary stream to a stream of printable ASCII characters • The scheme used for this purpose is radix-64 conversion • Each group of three octets of binary data is mapped into four ASCII characters • This format also appends a CRC to detect transmission errors • PGP also segments messages if it is too big.
PGP OPERATION – SUMMARY
1. On transmission (if it is required), a signature is generated using a hash code of the uncompressed plaintext. 2. Then the plaintext (plus signature if present) is compressed. 3. Next, if confidentiality is required, the block (compressed plaintext or compressed signature plus plaintext) is encrypted and prepended with the publickeyencrypted symmetric encryption key. 4. Finally, the entire block is converted to radix-64 format.
1. On reception, the incoming block is first converted back from radix64 format to binary. 2. Then, if the message is encrypted, the recipient recovers the session key and decrypts the message. 3. The resulting block is then decompressed. 4. If the message is signed, the recipient recovers the transmitted hash code and compares it to its own calculation of the hash code.
Secure/Multipurpose Internet Mail Extension (S/MIME) • A security enhancement to the MIME Internet e-mail format standard based on technology from RSA Data Security • Defined in: • RFCs 3370, 3850, 3851, 3852 • To understand S/MIME, first to have a general understanding of the underlying e-mail format that it uses, namely MIME.
RFC 5322 internet message format • Defines a format for text messages that are sent using electronic mail • Messages are viewed as having an envelope and contents • The envelope contains whatever information is needed to accomplish transmission and delivery • The contents compose the object to be delivered to the recipient • RFC 5322 standard applies only to the contents • The content standard includes a set of header fields that may be used by the mail system to create the envelope
Multipurpose Internet Mail Extensions (MIME) • An extension to the RFC 5322 framework that is intended to address some of the problems and limitations of the use of Simple Mail Transfer Protocol (SMTP) • Is intended to resolve these problems in a manner that is compatible with existing RFC 5322 implementations • The specification is provided in RFCs 2045 through 2049 MIME specification includes the following elements: Five new message header fields are defined, which may be included in an RFC 5322 header; these fields provide information about the body of the message Transfer encodings are defined that enable the conversion of any content format into a form that is protected from alteration by the mail system A number of content formats are defined, thus standardizing representations that support multimedia electronic mail
Limitation of smtp • SMTP cannot transmit executable files or other binary objects. • SMTP cannot transmit text data that includes national language characters. • SMTP servers may reject mail message over a certain size. • SMTP gateways that translate between ASCII and the character code EBCDIC do not use a consistent set of mappings, resulting in translation problems. • SMTP gateways to X.400 electronic mail networks cannot handle nontextual data included in X.400 messages. • Some SMTP implementations do not adhere completely to the SMTP standards defined in RFC 821.
The Five Header Fields Defined in MIME MIME-Version • Must have the parameter value 1.0 • This field indicates that the message conforms to RFCs 2045 and 2046 Content-Type • Describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user or otherwise deal with the data in an appropriate manner Content-Transfer-Encoding • Indicates the type of transformation that has been used to represent the body of the message in a way that is acceptable for mail transport Content-ID • Used to identify MIME entities uniquely in multiple contexts Content-Description • A text description of the object with the body; this is useful when the object is not readable
S/MIME Functionality Enveloped data • Consists of encrypted content of any type and encrypted content encryption keys for one or more recipients Signed data • A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer • The content plus signature are then encoded using base64 encoding • A signed data message can only be viewed by a recipient with S/MIME capability S/MIME Clear-signed data • Only the digital signature is encoded using base64 • As a result recipients without S/MIME capability can view the message content, although they cannot verify the signature Signed and enveloped data • Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted
Table 8.5 Cryptographic Algorithms Used in S/MIME
S/MIME Certificate Processing • S/MIME uses public-key certificates that conform to version 3 of X.509 • The key-management scheme used by S/MIME is in some ways a hybrid between a strict X.509 certification hierarchy and PGP’s web of trust • S/MIME managers and/or users must configure each client with a list of trusted keys and with certificate revocation lists • The responsibility is local for maintaining the certificates needed to verify incoming signatures and to encrypt outgoing messages • The certificates are signed by certification authorities
User Agent Role • An S/MIME user has several key-management functions to perform: Key generation Registration The user of some related administrative utility must be capable of generating separate Diffie-Hellman and DSS key pairs and should be capable of generating RSA key pairs A user’s public key must be registered with a certification authority in order to receive an X.509 public-key certificate A user agent should generate RSA key pairs with a length in the range of 768 to 1024 bits and must not generate a length of less than 512 bits Certificate storage and retrieval A user requires access to a local list of certificates in order to verify incoming signatures and to encrypt outgoing messages
VeriSign Certificates • VeriSign provides a certification authority (CA) service that is intended to be compatible with S/MIME and a variety of other applications • Issues X.509 certificates with the product name VeriSign Digital ID • At a minimum, each Digital ID contains: • • • • • • Owner’s public key Owner’s name or alias Expiration date of the Digital ID Serial number of the Digital ID Name of the certification authority that issued the Digital ID Digital signature of the certification authority that issued the Digital ID
VeriSign Certificates • Provide 3 classes(levels) of security for public-key certificates. • Example: Verisign (www.verisign.com) • Class-1: Buyer’s email address confirmed by emailing vital info. • Class-2: Postal address is confirmed as well, and data checked against directories. • Class-3: Buyer must appear in person, or send notarized documents.
Table 8.7 VeriSign Public-Key Certificate Classes IA CA PCA PIN LRAA Issuing Authority Certification Authority VeriSign public primary certification authority Personal Identification Number Local Registration Authority Administrator
Summary • Pretty good privacy • Notation • Operational description • S/MIME • RFC 5322 • Multipurpose Internet mail extensions • S/MIME functionality • S/MIME certification processing

Recommended

Pretty good privacy - Email Security
Pretty good privacy - Email SecurityPretty good privacy - Email Security
Pretty good privacy - Email SecurityRakesh Mittal
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 
PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01Qaisar Ayub
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the emailGianni Fiore
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Pgp
PgpPgp
Pgpprecy02
 
Email Security
Email SecurityEmail Security
Email Securityselvakumar_b1985
 

Recommended

Pretty good privacy - Email Security
Pretty good privacy - Email SecurityPretty good privacy - Email Security
Pretty good privacy - Email SecurityRakesh Mittal
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 
PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01Qaisar Ayub
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the emailGianni Fiore
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Pgp
PgpPgp
Pgpprecy02
 
Email Security
Email SecurityEmail Security
Email Securityselvakumar_b1985
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
Email security & threads
Email security & threadsEmail security & threads
Email security & threadsInocentshuja Ahmad
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Tania Agni
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
 
E mail security
E mail securityE mail security
E mail securitySoumya Vijoy
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email securityMazin Alwaaly
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
Network security
Network securityNetwork security
Network securityDhaval Kaneria
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Ipsecurity
IpsecurityIpsecurity
IpsecurityJyoshna Cec Cse Staf bejjam
 
Email security
Email securityEmail security
Email securitySultanErbo
 
Network security
Network securityNetwork security
Network securitySVijaylakshmi
 
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...DevigaR1
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Email security
Email securityEmail security
Email securitykumarviji
 
Network Security Projects
Network Security ProjectsNetwork Security Projects
Network Security ProjectsPhdtopiccom
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
Another proposal
Another proposalAnother proposal
Another proposalKing Portipher
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDSMichael Boman
 

More Related Content

What's hot

Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Tania Agni
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email securityMazin Alwaaly
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
Email security
Email securityEmail security
Email securitySultanErbo
 
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...DevigaR1
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Email security
Email securityEmail security
Email securitykumarviji
 
Network Security Projects
Network Security ProjectsNetwork Security Projects
Network Security ProjectsPhdtopiccom
 

What's hot (20)

Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
Email security & threads
Email security & threadsEmail security & threads
Email security & threads
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
 
E mail security
E mail securityE mail security
E mail security
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email security
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
 
Network security
Network securityNetwork security
Network security
 
Email security
Email securityEmail security
Email security
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Email security
Email securityEmail security
Email security
 
Network security
Network securityNetwork security
Network security
 
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
Electronic mail security R.Deviga II-M.Sc.,Computer Science,Bonsecours colle...
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Email security
Email securityEmail security
Email security
 
Network Security Projects
Network Security ProjectsNetwork Security Projects
Network Security Projects
 
Email security
Email securityEmail security
Email security
 
Another proposal
Another proposalAnother proposal
Another proposal
 

Viewers also liked

Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDSMichael Boman
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyJernej Virag
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)shraddha_b
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 

Viewers also liked (20)

Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testing
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDS
 
Pgp
PgpPgp
Pgp
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life Cycle
 
Secure Software Development Adoption Strategy
Secure Software Development Adoption StrategySecure Software Development Adoption Strategy
Secure Software Development Adoption Strategy
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Database security
Database securityDatabase security
Database security
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
Standard Penetration Test
Standard Penetration TestStandard Penetration Test
Standard Penetration Test
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Database Security
Database SecurityDatabase Security
Database Security
 

Similar to BAIT1103 Chapter 5

M.FLORENCE DAYANA/electronic mail security.pdf
M.FLORENCE DAYANA/electronic mail security.pdfM.FLORENCE DAYANA/electronic mail security.pdf
M.FLORENCE DAYANA/electronic mail security.pdfDr.Florence Dayana
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber securityShruthi Reddy
 
E-mail Security.ppt
E-mail Security.pptE-mail Security.ppt
E-mail Security.pptmaniklal123
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPunnya Babu
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxprateekPallav2
 

Similar to BAIT1103 Chapter 5 (20)

M.FLORENCE DAYANA/electronic mail security.pdf
M.FLORENCE DAYANA/electronic mail security.pdfM.FLORENCE DAYANA/electronic mail security.pdf
M.FLORENCE DAYANA/electronic mail security.pdf
 
1682302951397_PGP.pdf
1682302951397_PGP.pdf1682302951397_PGP.pdf
1682302951397_PGP.pdf
 
PGP.ppt
PGP.pptPGP.ppt
PGP.ppt
 
Email sec11
Email sec11Email sec11
Email sec11
 
CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS
 
ch15 (1).ppt
ch15 (1).pptch15 (1).ppt
ch15 (1).ppt
 
ch15.ppt
ch15.pptch15.ppt
ch15.ppt
 
ch15.ppt
ch15.pptch15.ppt
ch15.ppt
 
ch15.ppt
ch15.pptch15.ppt
ch15.ppt
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber security
 
Ch15
Ch15Ch15
Ch15
 
Pgp1
Pgp1Pgp1
Pgp1
 
S/MIME
S/MIMES/MIME
S/MIME
 
Pgp
PgpPgp
Pgp
 
E-mail Security.ppt
E-mail Security.pptE-mail Security.ppt
E-mail Security.ppt
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
CNS ppt.pdf
CNS ppt.pdfCNS ppt.pdf
CNS ppt.pdf
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptx
 

More from limsh

BAIT2164 Topics for Revision
BAIT2164 Topics for RevisionBAIT2164 Topics for Revision
BAIT2164 Topics for Revisionlimsh
 
BAIT2164 Tutorial 9
BAIT2164 Tutorial 9BAIT2164 Tutorial 9
BAIT2164 Tutorial 9limsh
 
BAIT2164 Tutorial 8
BAIT2164 Tutorial 8BAIT2164 Tutorial 8
BAIT2164 Tutorial 8limsh
 
BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)limsh
 
BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)limsh
 
BAIT2164 Tutorial 5
BAIT2164 Tutorial 5BAIT2164 Tutorial 5
BAIT2164 Tutorial 5limsh
 
BAIT2164 Tutorial 4
BAIT2164 Tutorial 4BAIT2164 Tutorial 4
BAIT2164 Tutorial 4limsh
 
BAIT2164 Tutorial 3
BAIT2164 Tutorial 3BAIT2164 Tutorial 3
BAIT2164 Tutorial 3limsh
 
BAIT2164 Tutorial 2
BAIT2164 Tutorial 2BAIT2164 Tutorial 2
BAIT2164 Tutorial 2limsh
 
BAIT2164 Tutorial 1
BAIT2164 Tutorial 1BAIT2164 Tutorial 1
BAIT2164 Tutorial 1limsh
 
BAIT1103 Assignment Presentation
BAIT1103 Assignment PresentationBAIT1103 Assignment Presentation
BAIT1103 Assignment Presentationlimsh
 
BAIT1103 Tutorial 8
BAIT1103 Tutorial 8BAIT1103 Tutorial 8
BAIT1103 Tutorial 8limsh
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8limsh
 
BAIT1103 Tutorial 7
BAIT1103 Tutorial 7BAIT1103 Tutorial 7
BAIT1103 Tutorial 7limsh
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
BAIT1103 Tutorial 6
BAIT1103 Tutorial 6BAIT1103 Tutorial 6
BAIT1103 Tutorial 6limsh
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
BAIT1103 Tutorial 5
BAIT1103 Tutorial 5BAIT1103 Tutorial 5
BAIT1103 Tutorial 5limsh
 
BAIT1103 Tutorial 4
BAIT1103 Tutorial 4BAIT1103 Tutorial 4
BAIT1103 Tutorial 4limsh
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 

More from limsh (20)

BAIT2164 Topics for Revision
BAIT2164 Topics for RevisionBAIT2164 Topics for Revision
BAIT2164 Topics for Revision
 
BAIT2164 Tutorial 9
BAIT2164 Tutorial 9BAIT2164 Tutorial 9
BAIT2164 Tutorial 9
 
BAIT2164 Tutorial 8
BAIT2164 Tutorial 8BAIT2164 Tutorial 8
BAIT2164 Tutorial 8
 
BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)
 
BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)
 
BAIT2164 Tutorial 5
BAIT2164 Tutorial 5BAIT2164 Tutorial 5
BAIT2164 Tutorial 5
 
BAIT2164 Tutorial 4
BAIT2164 Tutorial 4BAIT2164 Tutorial 4
BAIT2164 Tutorial 4
 
BAIT2164 Tutorial 3
BAIT2164 Tutorial 3BAIT2164 Tutorial 3
BAIT2164 Tutorial 3
 
BAIT2164 Tutorial 2
BAIT2164 Tutorial 2BAIT2164 Tutorial 2
BAIT2164 Tutorial 2
 
BAIT2164 Tutorial 1
BAIT2164 Tutorial 1BAIT2164 Tutorial 1
BAIT2164 Tutorial 1
 
BAIT1103 Assignment Presentation
BAIT1103 Assignment PresentationBAIT1103 Assignment Presentation
BAIT1103 Assignment Presentation
 
BAIT1103 Tutorial 8
BAIT1103 Tutorial 8BAIT1103 Tutorial 8
BAIT1103 Tutorial 8
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
 
BAIT1103 Tutorial 7
BAIT1103 Tutorial 7BAIT1103 Tutorial 7
BAIT1103 Tutorial 7
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7
 
BAIT1103 Tutorial 6
BAIT1103 Tutorial 6BAIT1103 Tutorial 6
BAIT1103 Tutorial 6
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
BAIT1103 Tutorial 5
BAIT1103 Tutorial 5BAIT1103 Tutorial 5
BAIT1103 Tutorial 5
 
BAIT1103 Tutorial 4
BAIT1103 Tutorial 4BAIT1103 Tutorial 4
BAIT1103 Tutorial 4
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 

Recently uploaded

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 

Recently uploaded (20)

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 

BAIT1103 Chapter 5

  • 2. objectives • Present an overview of the operation of PGP (Pretty Good Privacy). • Present an overview of MIME (Multipurpose Internet Mail Extension). • Understand the functionality of S/MIME (Secure/Multipurpose Internet Mail Extension) and the security threats it addresses.
  • 3. Pretty Good Privacy (PGP) • Provides a confidentiality and authentication service that can be used for electronic mail and file storage applications • Developed by Phil Zimmermann • Selected the best available cryptographic algorithms as building blocks • Integrated these algorithms into a general-purpose application that is independent of operating system and processor and that is based on a small set of easy-to-use commands • Made the package and its documentation, including the source code, freely available via the Internet, bulletin boards, and commercial networks • Entered into an agreement with a company to provide a fully compatible, low-cost commercial version of PGP
  • 4. PGP Growth It is available free worldwide in versions that run on a variety of platforms The commercial version satisfies users who want a product that comes with vendor support It is based on algorithms that have survived extensive public review and are considered extremely secure It has a wide range of applicability It was not developed by, nor is it controlled by, any governmental or standards organization Is now on an Internet standards track, however it still has an aura of an antiestablishment endeavor
  • 5. Table 8.1 Summary of PGP Services The actual operation of PGP, as opposed to the management of keys, consists of four services: authentication, confidentiality, compression, and e-mail compatibility
  • 6.
  • 7. PGP Authentication • Combination of SHA-1 and RSA provides an effective digital signature scheme • Because of the strength of RSA the recipient is assured that only the possessor of the matching private key can generate the signature • Because of the strength of SHA-1 the recipient is assured that no one else could generate a new message that matches the hash code • As an alternative, signatures can be generated using DSS/SHA-1 • Detached signatures are supported • Each person’s signature is independent and therefore applied only to the document
  • 8. 1. The sender creates a message. 2. SHA-1 is used to generate a 160-bit hash code of the message. 3. The hash code is encrypted with RSA using the sender’s private key, and the result is prepended to the message. 4. The receiver uses RSA with the sender’s public key to decrypt and recover the hash code. 5. The receiver generates a new hash code for the message and compares it with the decrypted hash code. If the two match, the message is accepted as authentic.
  • 9. PGP Confidentiality • Provided by encrypting messages to be transmitted or to be stored locally as files • In both cases the symmetric encryption algorithm CAST-128 may be used • Alternatively IDEA or 3DES may be used • The 64-bit cipher feedback (CFB) mode is used In PGP each symmetric key is used only once • Although referred to as a session key, it is in reality a one-time key • Session key is bound to the message and transmitted with it • To protect the key, it is encrypted with the receiver’s public key • As an alternative to the use of RSA for key encryption, PGP uses ElGamal, a variant of Diffie-Hellman that provides encryption/decryption
  • 10. 1. The sender generates a message and a random 128-bit number to be used as a session key for this message only. 2. The message is encrypted using CAST-128 (or IDEA or 3DES) with the session key. 3. The session key is encrypted with RSA using the recipient’s public key and is prepended to the message. 4. The receiver uses RSA with its private key to decrypt and recover the session key. 5. The session key is used to decrypt the message.
  • 11. PGP Confidentiality and Authentication • Both services may be used for the same message • Create signature and attach to message • Encrypt both message and signature • Attach RSA (or ElGamal) encrypted session key • When both services are used: The sender first signs the message with its own private key Then encrypts the message with a session key And finally encrypts the session key with the recipient’s public key
  • 12. 1. 2. A signature is generated for the 1. plaintext message and prepended to the message The plaintext message plus 2. signature is encrypted using CAST-128 (or IDEA or 3DES) and the session key is encrypted 3. using RSA (or ElGamal) Encrypting the message and then generate a signature for the encrypted message. It is generally more convenient to store a signature with plaintext message. If the signature is performed first, 3rd party need not concerned with the symmetric key when verifying the signature.
  • 13. PGP Compression • As a default, PGP compresses the message after applying the signature but before encryption • This has the benefit of saving space both for e-mail transmission and for file storage • The placement of the compression algorithm is critical • Applying the hash function and signature after compression would constrain all PGP implementations to the same version of the compression algorithm • Message encryption is applied after compression to strengthen cryptographic security • The compression algorithm used is ZIP
  • 14. PGP E-mail Compatibility • Many electronic mail systems only permit the use of blocks consisting of ASCII text • To accommodate this restriction, PGP provides the service of converting the raw 8-bit binary stream to a stream of printable ASCII characters • The scheme used for this purpose is radix-64 conversion • Each group of three octets of binary data is mapped into four ASCII characters • This format also appends a CRC to detect transmission errors • PGP also segments messages if it is too big.
  • 15.
  • 16. PGP OPERATION – SUMMARY
  • 17. 1. On transmission (if it is required), a signature is generated using a hash code of the uncompressed plaintext. 2. Then the plaintext (plus signature if present) is compressed. 3. Next, if confidentiality is required, the block (compressed plaintext or compressed signature plus plaintext) is encrypted and prepended with the publickeyencrypted symmetric encryption key. 4. Finally, the entire block is converted to radix-64 format.
  • 18. 1. On reception, the incoming block is first converted back from radix64 format to binary. 2. Then, if the message is encrypted, the recipient recovers the session key and decrypts the message. 3. The resulting block is then decompressed. 4. If the message is signed, the recipient recovers the transmitted hash code and compares it to its own calculation of the hash code.
  • 19. Secure/Multipurpose Internet Mail Extension (S/MIME) • A security enhancement to the MIME Internet e-mail format standard based on technology from RSA Data Security • Defined in: • RFCs 3370, 3850, 3851, 3852 • To understand S/MIME, first to have a general understanding of the underlying e-mail format that it uses, namely MIME.
  • 20. RFC 5322 internet message format • Defines a format for text messages that are sent using electronic mail • Messages are viewed as having an envelope and contents • The envelope contains whatever information is needed to accomplish transmission and delivery • The contents compose the object to be delivered to the recipient • RFC 5322 standard applies only to the contents • The content standard includes a set of header fields that may be used by the mail system to create the envelope
  • 21. Multipurpose Internet Mail Extensions (MIME) • An extension to the RFC 5322 framework that is intended to address some of the problems and limitations of the use of Simple Mail Transfer Protocol (SMTP) • Is intended to resolve these problems in a manner that is compatible with existing RFC 5322 implementations • The specification is provided in RFCs 2045 through 2049 MIME specification includes the following elements: Five new message header fields are defined, which may be included in an RFC 5322 header; these fields provide information about the body of the message Transfer encodings are defined that enable the conversion of any content format into a form that is protected from alteration by the mail system A number of content formats are defined, thus standardizing representations that support multimedia electronic mail
  • 22. Limitation of smtp • SMTP cannot transmit executable files or other binary objects. • SMTP cannot transmit text data that includes national language characters. • SMTP servers may reject mail message over a certain size. • SMTP gateways that translate between ASCII and the character code EBCDIC do not use a consistent set of mappings, resulting in translation problems. • SMTP gateways to X.400 electronic mail networks cannot handle nontextual data included in X.400 messages. • Some SMTP implementations do not adhere completely to the SMTP standards defined in RFC 821.
  • 23. The Five Header Fields Defined in MIME MIME-Version • Must have the parameter value 1.0 • This field indicates that the message conforms to RFCs 2045 and 2046 Content-Type • Describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user or otherwise deal with the data in an appropriate manner Content-Transfer-Encoding • Indicates the type of transformation that has been used to represent the body of the message in a way that is acceptable for mail transport Content-ID • Used to identify MIME entities uniquely in multiple contexts Content-Description • A text description of the object with the body; this is useful when the object is not readable
  • 24. S/MIME Functionality Enveloped data • Consists of encrypted content of any type and encrypted content encryption keys for one or more recipients Signed data • A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer • The content plus signature are then encoded using base64 encoding • A signed data message can only be viewed by a recipient with S/MIME capability S/MIME Clear-signed data • Only the digital signature is encoded using base64 • As a result recipients without S/MIME capability can view the message content, although they cannot verify the signature Signed and enveloped data • Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted
  • 26. S/MIME Certificate Processing • S/MIME uses public-key certificates that conform to version 3 of X.509 • The key-management scheme used by S/MIME is in some ways a hybrid between a strict X.509 certification hierarchy and PGP’s web of trust • S/MIME managers and/or users must configure each client with a list of trusted keys and with certificate revocation lists • The responsibility is local for maintaining the certificates needed to verify incoming signatures and to encrypt outgoing messages • The certificates are signed by certification authorities
  • 27. User Agent Role • An S/MIME user has several key-management functions to perform: Key generation Registration The user of some related administrative utility must be capable of generating separate Diffie-Hellman and DSS key pairs and should be capable of generating RSA key pairs A user’s public key must be registered with a certification authority in order to receive an X.509 public-key certificate A user agent should generate RSA key pairs with a length in the range of 768 to 1024 bits and must not generate a length of less than 512 bits Certificate storage and retrieval A user requires access to a local list of certificates in order to verify incoming signatures and to encrypt outgoing messages
  • 28. VeriSign Certificates • VeriSign provides a certification authority (CA) service that is intended to be compatible with S/MIME and a variety of other applications • Issues X.509 certificates with the product name VeriSign Digital ID • At a minimum, each Digital ID contains: • • • • • • Owner’s public key Owner’s name or alias Expiration date of the Digital ID Serial number of the Digital ID Name of the certification authority that issued the Digital ID Digital signature of the certification authority that issued the Digital ID
  • 29. VeriSign Certificates • Provide 3 classes(levels) of security for public-key certificates. • Example: Verisign (www.verisign.com) • Class-1: Buyer’s email address confirmed by emailing vital info. • Class-2: Postal address is confirmed as well, and data checked against directories. • Class-3: Buyer must appear in person, or send notarized documents.
  • 30. Table 8.7 VeriSign Public-Key Certificate Classes IA CA PCA PIN LRAA Issuing Authority Certification Authority VeriSign public primary certification authority Personal Identification Number Local Registration Authority Administrator
  • 31. Summary • Pretty good privacy • Notation • Operational description • S/MIME • RFC 5322 • Multipurpose Internet mail extensions • S/MIME functionality • S/MIME certification processing