Network SecurityS/MIME & E-mail Security

Prafull Johri 2011BTechCSE007Pritam Kalwaniya 2011BTechCSE008Yogesh Chaube 2011BTechCSE014Shiva Johari 2011BTechCSE015

Why E-mail Security

???The Internet is an expansive network of computers, much of which is unprotected against malicious attacks. From the time an email composed to the time it is read, an email travels through this unprotected Internet, exposed to various electronic dangers.

What is E-mail Privacy

The protection of email from unauthorized access and inspection is known as electronic privacy. In countries with a constitutional guarantee of the secrecy of correspondence, email is equated with letters and thus legally protected from all forms of eavesdropping.

Remedies

At the ISP level, a further level of protection can be implemented by encrypting the communication between servers themselves, usually employing an encryption standard called Transport Layer Security (TLS). It is coupled with Simple Authentication and Security Layer (SASL), which confirms the target router's identity.

To provide a reasonable level of privacy, all routers in the email pathway, and all connections between them, must be secured.

Remedies (contd.)O E- Mail encryption

Email encryption can rely on public-key cryptography, in which users can each publish a public key that others can use to encrypt messages to them, while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send.

PRETTY GOOD PRIVACY

(PGP)

It is a remarkable phenomenonPGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications.• Selected the best cryptographic algorithms as

building blocks• Integrated these algorithms to a general

purpose application that is independent of operating system and processor, and is based on a small set of easy to use commands

• Made the package and its documentation, including the source code, freely available via the Internet, bulletin boards, and commercial networks such as AOL

S/MimeO It is a security enhancement to the

MIME Internet e-mail format standard, based on technology from RSA Data Security.

RFC 822

RFC 822O It defines a format for text

messages that are sent using electronic mail

O It has been the standard for internet based text mail message and remains in common use

My private Key is

“Hum english ki taraf se hai”

Mime is an extension to the RFC 822 framework that is intended to address some of the problems and limitations of the use of SMTP and RFC 822 foe e-mail.

O SMTP cannot transmit executable files or other binary objects

O SMTP cannot transmit text data that includes national language characters

O SMTP servers may reject mail message over a certain size

O and many more…..

S/MIME FunctionalityO Enveloped Data: This consist of encrypted

content of any type and encrypted content encryption keys for one or more recipients

O Signed Data: A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer.