The Security Problem of Ad Hoc File Transfers - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

The Security Problem of Ad Hoc File Transfers

Description:

Staff is not aware that aware that standard email is not secure. ... Those RFCs are absolutely informative, i.e. IETF did not declare S/MIME v2 as a standard. ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 9
Provided by: Jaco96
Category:

less

Transcript and Presenter's Notes

Title: The Security Problem of Ad Hoc File Transfers


1
The Security Problem of Ad Hoc File Transfers
  • Working Definition Transfer of financial data
    between business staff at different institutions
    typically by unencrypted email.

2
Problems
  • Staff is often unaware of the need for
    confidentially.
  • Staff is not aware that aware that standard email
    is not secure.
  • Lack of accessible tools and training for
    encryption.

3
Encryption Tools
  • Open PGP (GPG)
  • Secret Agent
  • Web Mailbox
  • PKZIP
  • SMIME

4
What is SMIME?
  • S/MIME was developed through a consortium of
    manufacturers. Only the second version met with
    response.
  • The second version of S/MIME essentially is based
    on RFC 2311 (Message Specification) and RFC 2312
    (Certificate Handling) as well as RFC 2314
    (PKCS10) and RFC 2315 (PKCS7). Those RFCs are
    absolutely informative, i.e. IETF did not declare
    S/MIME v2 as a standard.
  • Version 3 was passed from the IETF in July 1999
    and essentially is based on RFC 2630
    (Cryptographic Message Syntax), RFC 2633 (Message
    Specification), RFC 2632 (Certificate Handling)
    and RFC 2631 (Diffie-Hellman Key Agreement
    Method). Currently most products are based on
    version 2, as most manufacturers did not complete
    the integration of S/MIME v3 so far.
  • The concept of S/MIME provides a hierarchic
    structure and requires a trustworthy instance
    (Certificate Authority) for the trust model.
    Compared to PGP there have been many
    manufacturers implementing S/MIME from the
    outset. That is why there were big problems
    regarding the interoperability of several
    products. The bigger part of those problems seem
    to be solved by now.

5
In Plain English
  • SMIME provides public/private key encryption and
    signing.
  • Unlike GPG which use a web of trust, SMIME
    utilizes certificates that are signed by a
    trusted third party.

6
Why SMIME?
  • SMIME is built into most commercial mail agents
    i.e. Outlook, Netscape and groupwise.
  • SMIME is easy to use for those without technical
    backgrounds.

7
Obstacles
  • Requires the use of a signed X.509 certificates.
  • Utilizes special email headers which may cause
    problems in certain environments
  • Encrypted attachments cannot be scanned for
    viruses.

8
Getting a Digital ID (Certificate)
  • Verisign (15/year)
  • Thawte (free)
  • Selfsigned certs (OpenSSL)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "The Security Problem of Ad Hoc File Transfers" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!