Electronic Mail

1
Electronic Mail

• COMP 101
• Spring Semester, 2006
• (Last Modified 2006/2/16)

2
A popular (killer) application

• Allows fast and accurate communications between
  people at low or no cost.
• Handles text, graphics, voice, video, programs,
  etc.
• Supports various levels of confidentiality.

3
Popular mail tools

• Microsoft Outlook/Outlook Express
• Netscape Messenger
• pine (Unix-based)
• Various webmail services

4
Basic elements of an e-mail system

• Each user must have a unique mail address (e.g.,
  shen_at_cs.ust.hk).
• The address is registered with a mail server at
  the users organization or at an Internet service
  provider.
• The mail tool retrieves incoming messages from
  the server upon launch and at regular intervals.
• The mail tool sends new messages to the server as
  instructed by the user.

5
Elements of a mail message

• To Vincent Shen
• Subject COMP 101 lectures
• From The Boss
• Date 20 Feb 2006 095023
• The From and Date lines and other header
  lines are supplied by the system (but could be
  faked).

6
Contents of a mail message

• Mostly English text
• Chinese characters might not be received properly
  due to confusion between different encoding
  systems
• Chinese document is best sent through a MIME
  (Multi-purpose Internet Mail Extension)
  attachment

7
Protocols used by the mail tool

• SMTP Simple Mail Transfer Protocol sending mail
  to the server
• POP Post Office Protocol retrieving mail from
  the server with option to leave the messages
  there for designated period
• IMAP Internet Message Access Protocol
  retrieving mail from the server but leaving the
  messages there indefinitely

8
Netiquette

• Salute the recipient properly e.g.,
• Dear Professor Shen,
• Describe the attachment, if any e.g.,
• Attached is the draft announcement in Chinese
  for your comments.
• Ending the message properly e.g.,
• With best regards,
• -Vincent

9
Netiquette

• Using shorthand convention to express emotion
  e.g.,
• emphasis
• LOUD VOICE
• -) for humor
• -( for sadness
• Using e-mail for information, not for debate

10
(Lack of) privacy on e-mails

• An IP packet is different from a mail envelope
  there is no trace for tampering.
• There may be many hops (servers and routers)
  between mail sender and recipient.
• The server or each hop site may copy the IP
  packets for audit, back-up, performance analysis,
  etc.

11
Mail encryption

• Privacy and confidentiality
• Shared private key
• Public-key infrastructure (PKI)
• Strength of encryption

12
Public-key encryption

• Feature is supported by many popular mail tools
  e.g., Outlook Express.
• Encrypted messages can be cracked only by most
  determined interlopers using most powerful
  computers or by stolen private key.
• Digital signatures are legally recognized in Hong
  Kong.

13
Summary
14
Using PKI at HKUST

• Use the digital certificate (e-Cert) in your
  student ID or get one from the HKUST Certificate
  Authority (CA https//keon.ust.hk ).
• Exchange the public keys with your correspondents
  by sending them a digitally signed message and
  requesting a signed message in return.
• Safeguard your private key since you cannot read
  the archived encrypted messages if the private
  key is lost.

15
Issues that stress the e-mail

• Scam
• Hoax
• Spam
• Phishing
• Spoofing
• Virus

16
Sites that provide virus/hoax information

• http//www.trendmicro.com.cn
• http//www.sophos.com
• http//www.symantec.com

17
(No Transcript)
18
Private key encryption

• Plain text
• CATS HAVE FUR
• Encrypted by Key 1 shift character by 1
• DBUT IBWF GVS
• Encrypted by Key 2 shift character by 2
• ECVU JCXG HWT
• Data Encryption Standard (DES)

19
Public-key infrastructure

• An ingenious method invented by Rivest, Shamir,
  and Adleman (RSA).
• A certificate authority (CA) generates a pair of
  keys for a user.
• A message encrypted by one of the keys can only
  be decrypted using the other in the key-pair.
• Encryption/decryption method is supported by many
  mail tools.

20
Creating encrypted message
21
Message body to others
22
Message to intended recipient
23
E-mail scams

• Messages that offer large sums of money (e.g.,
  the Nigerian scam)
• Chain letters

24
E-mail hoaxes

• Messages that ask recipients to delete system
  programs
• Messages that defame people/organizations

25
E-mail spams

• Normally sent with fake sender address
• Unsolicited messages that promote merchandise or
  activities

26
E-mail phishing

• Fake messages that request confidential
  information (e.g., bank fraud)

27
E-mail spoofing

• Domain names that are different but appear
  similar to well-known names e.g.,
• AUDIT_at_H0NGK0NGBANK.COM
• accounts_at_paypa1.com
• More serious problem when international domain
  names (IDN) are introduced

28
E-mail viruses

• Normally come as a program in a mail attachment
• May cause havoc if opened (launched) accidentally
• May replicate by being sent to the victims
  correspondents

29
To resist virus attacks

• Keep virus protection software up-to-date
• Open/launch mail attachments only if
• It came from a familiar person
• It addresses you in person i.e., Dear Vincent
  instead of Dear shen
• It is signed in the persons usual way i.e.,
  -Vincent

30
(No Transcript)
31
(No Transcript)
32
(No Transcript)