2. Threats
Threats to the security of e-mail itself
−
Loss of confidentiality
E-mails are sent in clear over open networks
E-mails stored on potentially insecure clients and
mail servers
−
Loss of integrity
−
−
−
No integrity protection on e-mails; body can be
altered in transit or on mail server
Lack of data origin authentication
Lack of non-repudiation
Lack of notification of receipt
3. Threats Enabled by E-mail
Disclosure of sensitive information
Exposure of systems to malicious code
Denial-of-Service (DoS)
Unauthorized accesses etc.
4. What are the Options
Secure the server to client connections (easy thing first)
−
−
POP, IMAP over ssh, SSL
https access to webmail
Secure the end-to-end email delivery
−
−
The PGPs of the world
Still need to get the other party to be PGP aware
5. Email based Attacks
Buffer over-flow attack
−
Fix the code
Shell script attack
−
Scan before send to the shell
Web bugs (for tracking)
- Hardening the mail server
6. Email SPAM
Cost to exceed $10 billion
SPAM filtering
−
−
−
Content based – required hits
White list
Black list
7. PGP
PGP=“Pretty Good Privacy”
First released in 1991, developed by Phil Zimmerman
Freeware: OpenPGP and variants:
OpenPGP specified in RFC 2440 and defined by IETF OpenPGP
working group.
− www.ietf.org/html.charters/openpgp-charter.html
Available as plug-in for popular e-mail clients, can also be used as
stand-alone software.
9. PGP Algorithms
Broad range of algorithms supported:
Symmetric encryption:
−
Public key encryption of session keys:
−
RSA or ElGamal.
Hashing:
−
DES, 3DES, AES and others.
SHA-1, MD-5 and others.
Signature:
−
RSA, DSS, ECDSA and others.
10. PGP Authentication
This is a digital signature scheme with
hashing.
1. Alice has (private/public) key pair (Ad/Ae)
and she wants to send a digitally signed
message m to Bob.
2. Alice hashes the message using SHA-1 to
obtain
SHA(m).
10
11. 1. Alice encrypts the hash using her private
key Ad to obtain ciphertext c given by
c=pk.encryptAd(SHA(m))
1. Alice sends Bob the pair (m,c)
1. Bob receives (m,c) and decrypts c using
Alice's public key Ae to obtain signature s
s=pk.decryptAe(c)
11
12. 1. He computes the hash of m using SHA-1
and if this hash value is equal to s then the
message is authenticated.
Bob is sure that the message is correct and
that is does come from Alice. Furthermore
Alice cannot later deny sending the
message since only Alice has access to her
private key Ad which works in conjunction
with the public key Ae.
12