




































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This lecture was delivered by Dr. Samarendra Jeethesh at Ankit Institute of Technology and Science for System Security and Cryptography course. It includes: E-mail, PGP, MIME, Vulnerabilities, Hoaxes, Spam, Challenges, Floods, Productivity, Gains
Typology: Slides
1 / 44
This page cannot be seen from the preview
Don't miss anything!





































Understand the need for secure e-mail Outline benefits of PGP and S/MIME Understand e-mail vulnerabilities and howto safeguard against them Explain the dangers posed by e-mailhoaxes and spam, as well as actions thatcan be taken to counteract them
Two main standards Pretty good privacy (PGP) Secure/Multipurpose Internet Mail Extension(S/MIME) These competing standards: Seek to ensure integrity and privacy of information bywrapping security measures around e-mail data itself Use public key encryption techniques (alternative tosecuring communication link itself, as in VPN)
Secure e-mail Uses cryptography to secure messages transmittedacross insecure networks Advantages of e-mail encryption E-mail can be transmitted over unsecured links E-mail can be stored in encrypted form Key cryptography concepts Encryption Digital signatures Digital certificates
Passes data and a value (key) through aseries of mathematical formulas that makethe data unusable and unreadable To recover information, reverse the processusing the appropriate key Two main types Conventional cryptography Public key cryptography
Electronic identification of a person orthing created by using a public keyalgorithm Verify (to a recipient) the integrity of dataand identity of the sender Provide same features as encryption,except confidentiality Created by using hash functions
Hybrid cryptosystems Take advantage of symmetric and public keycryptography Example: PGP/MIME Conventional encryption Fast, but results in key distribution problem Public key encryption Private key and public key
Encryption
Message is compressed
Session key is created
Message is encrypted using session key withsymmetrical encryption method
Session key is encrypted with an asymmetricalencryption method
Encrypted session key and encrypted message arebound together and transmitted to recipient Decryption: reverse the process
Current de facto standard Written by Phil Zimmerman 1991 Supports major conventional encryption methods CAST International Data Encryption Algorithm (IDEA) Triple Data Encryption Standard (3DES) Twofish
More flexible and extensible than X.509certificates A single certificate can contain multiplesignatures