Electronic Mail Security-System Security and Cryptography-Lecture Slides, Slides of Cryptography and System Security

This lecture was delivered by Dr. Samarendra Jeethesh at Ankit Institute of Technology and Science for System Security and Cryptography course. It includes: Electronic, Mail, Security, VADM, Poindexter, Enhancements, Confidentiality, Authentication, Message, Integrity

Typology: Slides

2011/2012

Uploaded on 07/17/2012

pameela
pameela 🇮🇳

4.8

(5)

94 documents

1 / 24

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Chapter 15 – Electronic Mail
Security
Despite the refusal of VADM Poindexter and LtCol North to
appear, the Board's access to other sources of
information filled much of this gap. The FBI provided
documents taken from the files of the National Security
Advisor and relevant NSC staff members, including
messages from the PROF system between VADM
Poindexter and LtCol North. The PROF messages were
conversations by computer, written at the time events
occurred and presumed by the writers to be protected
from disclosure. In this sense, they provide a first-hand,
contemporaneous account of events.
—The Tower Commission Report to President
Reagan on the Iran-Contra Affair, 1987
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18

Partial preview of the text

Download Electronic Mail Security-System Security and Cryptography-Lecture Slides and more Slides Cryptography and System Security in PDF only on Docsity!

Chapter 15 – Electronic Mail

Security

Despite the refusal of VADM Poindexter and LtCol North to appear, the Board's access to other sources ofinformation filled much of this gap. The FBI provideddocuments taken from the files of the National SecurityAdvisor and relevant NSC staff members, includingmessages from the PROF system between VADMPoindexter and LtCol North. The PROF messages wereconversations by computer, written at the time eventsoccurred and presumed by the writers to be protectedfrom disclosure. In this sense, they provide a first-hand,contemporaneous account of events. —The Tower Commission Report to PresidentReagan on the Iran-Contra Affair, 1987

Email Security

 email is one of the most widely used andregarded network services  currently message contents are not secure  may be inspected either in transit  or by suitably privileged users on destinationsystem

Pretty Good Privacy (PGP)

 widely used de facto secure email  developed by Phil Zimmermann  selected best available crypto algs to use  integrated into a single program  on Unix, PC, Macintosh and other systems  originally free, now also have commercialversions available

PGP Operation –

Authentication

sender creates message

use SHA-1 to generate 160-bit hash ofmessage

signed hash with RSA using sender'sprivate key, and is attached to message

receiver uses RSA with sender's publickey to decrypt and recover hash code

receiver verifies received message usinghash of it and compares with decryptedhash code

PGP Operation – Confidentiality

& Authentication

 can use both services on same message  create signature & attach to message  encrypt both message & signature  attach RSA/ElGamal encrypted session key

PGP Operation –

Compression

 by default PGP compresses messageafter signing but before encrypting  so can store uncompressed message &signature for later verification  & because compression is non deterministic  uses ZIP compression algorithm

PGP Operation – Summary

PGP Session Keys

 need a session key for each message  of varying sizes: 56-bit DES, 128-bit CAST orIDEA, 168-bit Triple-DES  generated using ANSI X12.17 mode  uses random inputs taken from previoususes and from keystroke timing of user

PGP Message Format

PGP Key Rings

 each PGP user has a pair of keyrings:  public-key ring contains all the public-keys ofother PGP users known to this user, indexedby key ID  private-key ring contains the public/privatekey pair(s) for this user, indexed by key ID &encrypted keyed from a hashed passphrase  security of private keys thus depends onthe pass-phrase security

PGP Message Reception

PGP Key Management

 rather than relying on certificate authorities  in PGP every user is own CA  can sign keys for users they know directly  forms a “web of trust”  trust keys have signed  can trust keys others have signed if have a chain ofsignatures to them  key ring includes trust indicators  users can also revoke their keys

S/MIME Functions

 enveloped data  encrypted content and associated keys  signed data  encoded message + signed digest  clear-signed data  cleartext message + encoded signed digest  signed & enveloped data  nesting of signed & encrypted entities

S/MIME Cryptographic

Algorithms

 digital signatures: DSS & RSA  hash functions: SHA-1 & MD  session key encryption: ElGamal & RSA  message encryption: AES, Triple-DES,RC2/40 and others  MAC: HMAC with SHA-  have process to decide which algs to use