Professional Documents
Culture Documents
Email Security
Student: Ashraf Gamal Ahmed El-Bialy CS634 data Security Fall 2012-2013
EMAIL SECURITY
email is one of the most widely used and regarded network services The protection of email from unauthorized access and inspection is known as electronic privacy.
RISKS TO USER
Email is vulnerable to both passive and active attacks.
Active threats include Modification of message contents, Masquerade, Replay, and Denial of Service (DoS). Actually, all the mentioned threats are applicable to the traditional email protocols
Email Pathway
METHODS/ALGORITHMS
Pretty Good Privacy (PGP)
Released in 1991 Complete email security package providing privacy, authentication, digital signatures, and compression.
Available on Unix, Linux, Windows, Mac OS It is based on algorithms that have survived extensive public review and are considered extremely secure. Specifically, the package includes RSA, DSS, and Diffie-Hellman for public-key encryption(Key Management); CAST-128, IDEA, and 3DES for symmetric encryption; and SHA-1 for hash coding.
PGP
Five services Authentication, confidentiality, compression, email compatibility. Functions Digital signature Message encryption Compression Email compatibility
10
11
3. session key is encrypted using RSA with recipient's public key, then attached to message
4. receiver uses RSA with its private key to decrypt and recover session key 5. session key is used to decrypt message
12
14
16
17
18
KEY MANAGEMENT
Generating unpredictable session keys
Identifying keys
Multiple public, private key pairs for a user Maintain keys Its own public, private keys of a PGP entity Public keys of correspondents
19
20
21
22
Thank you