Download to read offline
![SIGNED MAIL
1. The user writes the message as clear-text .
2.The message digest is being calculated
(using SHA-1[2] or MD5[3])
3.The message digest is being encrypted using the signer’s private key
(DSS[4] or RSA[5]).](https://image.slidesharecdn.com/networksecurity-220206135236/75/Network-security-25-2048.jpg)
![ENCRYPTED MAIL
1.The user writes the message as clear-text
2.A random session key is being created(triple DES[6] or rc2[7])
3.The message is being encrypted using the random session key.
4. For every recipient ,the session key is being encrypted using the recipient’s
public key(DH[8] or RSA[5]).](https://image.slidesharecdn.com/networksecurity-220206135236/75/Network-security-27-2048.jpg)
More Related Content
![Number_Guessing_Game_Dsbsbssbzboc[1].pptx](https://cdn.slidesharecdn.com/ss_thumbnails/numberguessinggamedoc1-251206215042-a076fc05-thumbnail.jpg?width=640&height=640&fit=bounds)
Network security
- 1. Nadar Saraswathi Collegeof arts and science,Theni DEPARTMENT OF CS & IT NETWORK AND INTERNET SECURITY Presented by S.Vijayalakshmi – I Msc (IT)
- 2.
- 3. INTRODUCTION email isone of the most widely used and regarded network service currently message content are not secure may be inspected either in transit or by suitably privileged user on destination system
- 4. EMAIL SECURITY REQUIREMENTS Confidentiality Authentication Integrity Non-repudiation
- 5. BASIC PHASE OFEMAIL
- 6. Basic Phase ofEmail
- 7. PRIVACY ENHANCED MAIL PEMadopted by the Internet Architecture Board(LAB) to provide secure electronic mail communication over the internet Steps of PEM canonical conversion Digital signature Encryption Base 64 encoding
- 8. CANONICAL CONVERSIONS PEM transformseach email message into an abstract canonical representation. This means that regardless of the architecture and the operating system of the sending and receiving computers, the email message always travels in a uniform, independent format.
- 9.
- 10.
- 11.
- 12. PRETTY GOOD PRIVACY(PGP) PGPprovides a confidentiality and authentication service that can be used for electronic mail and file storage application. A number of reasons can be cited for this growth. availabel free worldwide. It is based on extremely secure algorithm. Wide range of applicability. Not developed by governmental organization.
- 13. OPERATIONAL DESCRIPTION The actualoperation of PGP, consists of five services: authentication, confidentiality, compression, e-mail compatibility, and segmentation
- 14. AUTHENTICATION 1.Sender creates message 2.makeSHA-1160-bit hash of message 3. attached RSA signed hash to message 4.receiver decrypts& recovers hash code 5.receiver verifies received message hash
- 15. CONFIDENTIALITY 1.Sender forms 128=bitrandom session key 2.encrypts message with session key 3.attaches session key encrypted with RSA 4.receiver decrypts& recovers session key 5.session key is used to decrypt message
- 16. CONFIDENTIALITY&AUTHENTICATION Can useboth services on same message create signature & attach to message encrypt both message & signature attach RSAEIG amal encrypted session key
- 17. COMPRESSION By defaultPGP compresses message after signing but before encrypting -so can store uncompressed message& signature -& because compression is non deterministic Uses ZIP compression algorithm
- 18. EMAIL COMPATIBILITY Whenusing PGP will have binary data to send(encrypted message etc) However email was designed only for text Hence PGP must encode raw binary data into printable ASCII characters Uses radix-64 algorithm -maps 3 bytes to 4 printable chars -also appends a CRC PGP also segment messages if too big
- 19. PGP SESSION KEYS Need a session key for each message -of varying sizes:56-bit DES,128-bit CAST or IDEA, 168-bit Triple –DES Generated using ANSI X12.17 mode Uses random inputs taken from previous uses and from keystroke timing of user
- 20. PGP PUBLIC &PRIVATE KEYS Since many public/private keys may be in use, need to identify which is actually used to encrypt session key in a message. -could send full public-key with every message -but this is inefficient Rather use a key identifier based on key -is least significant 64-bits of the key -will very likely be unique Also use key ID in signature
- 21.
- 22.
- 23.
- 24. S/MIME(secure/Multipurpose Internet Mail Extension) Security enhancement to MIME email -original Internet RFC822 email was text only -MIME provided support for varying content types and multi-part message -with encoding of binary data to textual form -S/MIME added security enhancement Have S/MIME support in many mail agents -eg MS outlook, Mozilla , Mac Mail etc
- 25. SIGNED MAIL 1.The user writes the message as clear-text . 2.The message digest is being calculated (using SHA-1[2] or MD5[3]) 3.The message digest is being encrypted using the signer’s private key (DSS[4] or RSA[5]).
- 26.
- 27. ENCRYPTED MAIL 1.Theuser writes the message as clear-text 2.A random session key is being created(triple DES[6] or rc2[7]) 3.The message is being encrypted using the random session key. 4. For every recipient ,the session key is being encrypted using the recipient’s public key(DH[8] or RSA[5]).
- 28.
- 29. S/MIME CRYPTOGRAPHIC ALGORITHMS Digital signature: DSS &RSA Hash functions: SHA-1 & MD5 Session key encryption: EIG amal & RSA Message encryption: AES,Triple-DES, RC2/40 and other MAC:HMAC with SHA-1
- 30. S/MIME FUNCTION Envelopeddata -encrypted content and associated keys Signed data -encoded message+ signed digest Clear –signed data -clear text message+ encoded signed digest Signed &enveloped data -nesting of signed& encrypted entities