Email Security

About This Presentation

Title:

Description:

Number of Views:78

Avg rating:3.0/5.0

Slides: 17

Provided by: Sri672

Category:

Tags: email | freeware | security

Transcript and Presenter's Notes

Title: Email Security

1
E-mail Security
2
E-mail Security

3
Secure e-mail techniques

4
Main features

Confidentiality assures message content was not
read by others
Integrity assures that the message was not
tampered with
Authentication validates the sender
Non-repudiation validates both the sender and the
receiver. Sender cannot disown the message and
receiver cannot claim non-receipt of message

5
Encryption

Data of all sorts that traverse the network can
be encrypted in one of two ways
Symmetric key (also known as DES, Data Encryption
Standard)
The same key is used to both encrypt and decrypt
Not suited, when dealing with many users
40-bit encryption is the most common.
128-bit and 512-bit encryptions are considered
strong, meaning that they are very difficult to
crack.

6
Encryption

Triple DES (3DES) is another method that is
considered a strong encryption. This uses three
keys instead of one key for encryption.
DES was originally developed by IBM in the 1970s
but is not a proprietary technology
Hardware and software that use strong encryption
cannot be exported from U.S.
DES uses 64-bit encryption key
AES (Advanced Encryption Standard developed by
NIST) uses 128-bit to 256-bit encryption key

7
Encryption

Asymmetric key methods are more popular today
Consists of a public key / private key pair
Encrypt using public key for a specific user
The intended user uses his/her private key to
decrypt the message
Known as the Diffie-Helman model
Popularized by RSA (Rivest, Shamir, and Adleman
who were at MIT in the mid-1970s when this was
published)

8
Encryption

Each user gets a public key that is known to
others and a private key that is secret. Both
keys are needed to decrypt. Only the public key
is needed to encrypt.
Today, the public key / private key pairs are
issued by Verisign, an offshoot of RSA
Organizations that provide the public key /
private key are known as Certificate Authorities
(CAs)

9
PGP

10
PGP

Session key alone is encrypted using the
recipients public key
The encrypted message and the encrypted session
key are then sent to the receiver
Receiver uses the private key to decrypt the
session key first. Then the message is decrypted
in a symmetric key way.

11
PGP

PGP supports the following encryption methods
CAST (named after the developers Carlisle Adams
and Stafford Tavares) is owned by Nortel. It
uses a 128-bit key. Freeware.
IDEA (International Data Encryption Algorithm).
Not a freeware. Uses 128-bit key
Triple DES. Freeware. Uses three 56-bit keys
Twofish. Uses 128-bit, 192-bit, and 256-bit.
Freeware.

12
S/MIME

Secure/Multipurpose Internet Mail Extensions
goal is to provide integrity for email
S/MIME is in version 3 and it is an IETF standard
S/MIME follows a hierarchical trust scheme in
which a trusted party passes on the trust to the
next level below. For example, a trusted CAs
Digital Certificate can be used for
authentication
S/MIME certificates follow X.509 standard

13
S/MIME
14
E-mail vulnerabilities

Usually sent as plaintext and so subject to
Interception
Spoofing
Alteration
Trojan horses are usually hidden in emails
As a widely used medium of free communication,
sensitive data usually is sent via email

15
Spam email

Spam email is unsolicited email sent in bulk
Spammers send as much as 800,000 emails at a time
Spamming is successful since there are people who
buy products based on spam email
AOL blocks 2 Billion spam emails a DAY. It is
80 of the email traffic per day.
Spam email in 2000 was 8 and in 2003 it was 54
Lost productivity estimate
In 2002, 9 Billion
In 2003, 10 Billion

16
Spam email

Congress passed an anti-spam legislation in 2003.
It requires all emails to have legitimate return
addresses
Spam is considered a marketing tool as well
Two of the well-known spammers are
K.C. Smith of Tennessee
Howard Carmack of Buffallo, NY

Write a Comment

User Comments (0)