CSCE 813 Internet Security Secure Services I

Similar documents
CSCE 813 Internet Security Final Exam Preview

CS 356 Internet Security Protocols. Fall 2013

Electronic Mail

Summary of PGP Services

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

is still the most used Internet app. According to some studies around 85% of Internet users still use for communication.

Cryptography and Network Security

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

System: Basic Functionality

Cryptography and Network Security. Sixth Edition by William Stallings

INTERNET & WORLD WIDE WEB (UNIT-1) MECHANISM OF INTERNET

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Security by Any Other Name:

Electronic Mail. Prof. Indranil Sen Gupta. Professor, Dept. of Computer Science & Engineering Indian Institute of Technology Kharagpur

IP Security. Cunsheng Ding HKUST, Kong Kong, China

Internet Engineering Task Force (IETF) Request for Comments: 5959 Category: Standards Track August 2010 ISSN:

Transport Level Security

Internet Engineering Task Force (IETF) Request for Comments: 7192 Category: Standards Track April 2014 ISSN:

SMTP [in]security. Ian Foster Jon Larson

Oracle B2B 11g Technical Note. Technical Note: 11g_006 Security. Table of Contents

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Deploying a New Hash Algorithm. Presented By Archana Viswanath

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Contents. Configuring SSH 1

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Chapter 5 Electronic mail security

CIS 4360 Secure Computer Systems Symmetric Cryptography

Encryption. INST 346, Section 0201 April 3, 2018

NCP Secure Client Juniper Edition Release Notes

APNIC elearning: Cryptography Basics

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

Internet Engineering Task Force (IETF) Request for Comments: 6160 Category: Standards Track April 2011 ISSN:

Implementing Secure Shell

FTP. FTP offers many facilities :

Set Up with Microsoft Outlook 2013 using POP3

MHS (Message Handling System) Electronic mail security. on multi-user systems. in client-server mode. Protocols and ports.

Electronic Mail (SMTP)

CSCE 715: Network Systems Security

Internet Architecture

Message Authentication Codes and Cryptographic Hash Functions

Owner of the content within this article is Written by Marc Grote

Special expressions, phrases, abbreviations and terms of Computer Networks

Ref:

Lecture 12 Page 1. Lecture 12 Page 3

Objectives CINS/F1-01

Lecture 13 Page 1. Lecture 13 Page 3

CSCE 715: Network Systems Security

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

CSCE 715: Network Systems Security

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Digital Certificates Demystified

SSH PK Authentication and Auto login configuration for Chassis Management Controller

Configuring Security for VPNs with IPsec

BlackBerry Enterprise Solution Security

How Internet Works

Computer Networks II, advanced networking

Application Layer: OSI and TCP/IP Models

CipherMail encryption. CipherMail white paper

IPSec Transform Set Configuration Mode Commands

WHITE PAPER. Authentication and Encryption Design

Lotus Protector Interop Guide. Mail Encryption Mail Security Version 1.4

Pretty Good Privacy (PGP

KALASALINGAM UNIVERSITY

PROTECTING CONVERSATIONS

. SMTP, POP, and IMAP

Cipher Suite Configuration Mode Commands

Cisco VPN Internal Service Module for Cisco ISR G2

Internet and Intranet Protocols and Applications

PPP Configuration Options

Most Common Security Threats (cont.)

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators

Configuring Internet Key Exchange Security Protocol

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

E-commerce security: SSL/TLS, SET and others. 4.1

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

Transport Layer Security

Gestion et sécurité des réseaux informatiques. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:

Cryptographic Concepts

UNIT - IV Cryptographic Hash Function 31.1

IPSec Transform Set Configuration Mode Commands

Simple Network Management Protocol (SNMP)

FIPS Management. FIPS Management Overview. Configuration Changes in FIPS Mode

Security Policy Document Version 3.3. Tropos Networks

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Internet Technology. 03r. Application layer protocols: . Paul Krzyzanowski. Rutgers University. Spring 2016

Request for Comments: 2476 Category: Standards Track MCI December 1998

Cisco VPN 3002 Hardware Client Security Policy

VPN Ports and LAN-to-LAN Tunnels

CSC 6575: Internet Security Fall 2017

Innovation and Cryptoventures. Technology 101. Lee Jacobs and Campbell R. Harvey. February 22, 2017

Cryptography and Network Security

UNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE

Comprehensive Setup Guide for TLS on ESA

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

CS 43: Computer Networks. 12: and SMTP September 28, 2018

Application Layer Services Omer F. Rana. Networks and Data Communications 1

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11

Transcription:

CSCE 813 Internet Security Secure E-Mail Services I Professor Lisa Luo Fall 2017

Previous Class Why do we need cloud computing? Three models of cloud service Software as a service (SaaS) Platform as a service (PaaS) Infrastructure as a service (IaaS) Cloud security risks Abuse of cloud computing Insecure interfaces and APIs Account or service hijacking Data loss or leakage Data protection in the cloud Basic requirement: encrypt data + access control 2

Security Objectives of E-Mail Services Confidentiality Integrity Availability Authentication Authentication vs. Authorization User authentication vs. Message authentication 3

1. Internet Mail Architecture

5

Message User Agent (MUA) Operates on behalf of user actors and user applications 1. Formats a message 2. Submit message to MHS via MSA Housed in the user s computer: client email program, or local network email server 6

Mail Submission Agent (MSA) 1. Accepts messages submitted by MUA SMTP is used between MUA and MSA 2. Enforces the policies of the hosting domain and the requirements of Internet standards 7

Message Transfer Agent (MTA) Relays mails, like a package switch or IP router SMTP is used between MTA and MTA, MTA and MDA Mail Delivery Agent (MDA) Transfers message from MHS to MS Message Store (MS) Stores messages MUA retrieves messages from MS via POP (Post Office Protocal) or IMAP (Internet Message Access Protocol) 8

2. Email Protocols

Email Protocols SMTP: used to move messages from source (MUA) to destination (MS) IMPA or POP: used to retrieval message from MS to MUA, or transfer messages between mail servers 10

SMTP (Simple Mail Transfer Protocol) Encapsulates messages in an envelope Relay the encapsulated message from source to destination via MTAs How SMTP works: https://www.youtube.com/watch?v=vybx4jalu- M https://www.youtube.com/watch?v=j7kmzd81he c 11

IMAP vs. POP Allows users to download emails from an email server 1. User provides username and password 2. After user is authenticated, user can download emails via IMAP or POP IMAP vs. POP Both them use TCP IMPA provides stronger authentication, and other functions not supported by POP 12

SMTP over TLS (STARTTLS) A security-related extension for SMTP Enables the confidentiality and authentication between SMTP agents If TLS is used to establish a secure communication channel, it is SMTP over TLS 13

Multipurpose Internet Mail Extensions (MIME) Goal: address some problems and limitations of SMTP Limitations of SMTP cannot transmit executable files or binary objects cannot transmit text data including national language characters may reject mail message over a certain size some SMTP implementations does not follow the SMTP standards (RFC 821) 14

Secure/MIME (S/MIME) A secure enhancement to MIME Provides: Authentication Confidentiality Compression Email compatibility https://www.youtube.com/watch?v=aaom6mhw 93Y 15

Authentication Add digital signatures RSA + SHA-256 Q: How to generate digital signatures? message -> M message digest -> H = SHA(M) digital signature -> Sig = E(H, PR_sender) send the message M Sig 16

Confidentiality Encrypting message Encryption algorithm: AES with CBC Q: How to distribute the secrete key? use RSA the sender use the receiver s public key to encrypt the secrete key and send to the receiver 17

M M E (K, M sig.) M H(M) E (PR, H(M)) Sig. Sig. Sig. Message digest Digital signature M D (K, M sig.) M H(M) Sig. Sig. D (PU, sig) H(M) Equal? 18

If only the signature service is used, then the digital signature is encrypted If the confidentiality is used, the message plus the digital signature are encrypted 19

Cryptographic algorithms used in S/MIME Function create a message digest to be used in forming a digital signature Requirement MUST support SHA-256 SHOULD support SHA-1 Use message digest to form a digital signature Encrypt session key for transmission with a message Encrypt message for transmission with a onetime session key MUST support RSA with SHA-256 SHOULD support DSA with SHA-256 RSASSA-PSS with SHA-256 RSA with SHA-1 RSA with SHA-1 DSA with SHA-1 RSA with MD5 MUST support RSA encryption SHOULD support RSAES-OAEP Diffie-Hellmanehpemeral-static mode MUST support AES-128 with CBC SHOULD support AES-192 CBC and AES-256 CBC Triple DESCBC 20

Summary Internet Mail Architecture Message User Agent (MUA) Mail Submission Agent (MSA) Message Transfer Agent (MTA) Mail Delivery Agent (MDA) Message Store (MS) Email Protocols SMTP IMPA or POP MIME Secure Email Protocols: SMTP over TLS S/MIME 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback