Email-System Security-Lecture Slides, Slides of Cryptography and System Security

This lecture was delivered by Dr. Samarendra Jeethesh at Ankit Institute of Technology and Science for System Security and Cryptography course. It includes: E-mail, PGP, MIME, Vulnerabilities, Hoaxes, Spam, Challenges, Floods, Productivity, Gains

Typology: Slides

2011/2012

Uploaded on 07/17/2012

pameela
pameela 🇮🇳

4.8

(5)

94 documents

1 / 44

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
E-mail
Chapter 5
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c

Partial preview of the text

Download Email-System Security-Lecture Slides and more Slides Cryptography and System Security in PDF only on Docsity!

  • E-mail Chapter

Learning Objectives

 Understand the need for secure e-mail  Outline benefits of PGP and S/MIME  Understand e-mail vulnerabilities and howto safeguard against them  Explain the dangers posed by e-mailhoaxes and spam, as well as actions thatcan be taken to counteract them

E-mail Security Technologies

 Two main standards  Pretty good privacy (PGP)  Secure/Multipurpose Internet Mail Extension(S/MIME)  These competing standards:  Seek to ensure integrity and privacy of information bywrapping security measures around e-mail data itself  Use public key encryption techniques (alternative tosecuring communication link itself, as in VPN)

Secure E-mail and Encryption

 Secure e-mail  Uses cryptography to secure messages transmittedacross insecure networks  Advantages of e-mail encryption  E-mail can be transmitted over unsecured links  E-mail can be stored in encrypted form  Key cryptography concepts  Encryption  Digital signatures  Digital certificates

Encryption

 Passes data and a value (key) through aseries of mathematical formulas that makethe data unusable and unreadable  To recover information, reverse the processusing the appropriate key  Two main types  Conventional cryptography  Public key cryptography

Encryption

Digital Signatures

 Electronic identification of a person orthing created by using a public keyalgorithm  Verify (to a recipient) the integrity of dataand identity of the sender  Provide same features as encryption,except confidentiality  Created by using hash functions

Combining Encryption Methods

 Hybrid cryptosystems  Take advantage of symmetric and public keycryptography  Example: PGP/MIME  Conventional encryption  Fast, but results in key distribution problem  Public key encryption  Private key and public key

How Secure E-mail Works

 Encryption

Message is compressed

Session key is created

Message is encrypted using session key withsymmetrical encryption method

Session key is encrypted with an asymmetricalencryption method

Encrypted session key and encrypted message arebound together and transmitted to recipient  Decryption: reverse the process

Background on PGP

 Current de facto standard  Written by Phil Zimmerman 1991  Supports major conventional encryption methods  CAST  International Data Encryption Algorithm (IDEA)  Triple Data Encryption Standard (3DES)  Twofish

PGP Certificates

 More flexible and extensible than X.509certificates  A single certificate can contain multiplesignatures