Upload
chastity-pitts
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
8.4 Securing E-mail
4 Layers in Protocol Stack •Application Layer
▫Email•Transport Layer
▫SSL Protocol•Network Layer
▫IPSec•Link Layer
▫IEEE 802.11
8.4 Securing E-mail
Why have multiple-layer security?
•To provide user level security
• It is easier to deploy security services at higher layers in protocol stack
8.4 Securing E-mail
4 Security Features
•Confidentiality
•Sender Authentication
•Message Integrity
•Receiver Authentication
8.4 Securing E-mail
Confidentiality
•Public Key Cryptography
▫RSA
•Symmetric Key Technology
▫DES or AES
8.4 Securing E-mail
Sender Authentication & Message
Integrity
•Without Confidentiality
▫Digital Signatures and Message Digests
8.4 Securing E-mail
Pretty Good Privacy (PGP)---BEGIN PGP SIGNED MESSAGE--- Hash: SHA1 Bob: My husband is out of town tonight.Passionately yours, Alice ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE---
---BEGIN PGP MESSAGE---Version: PGP 5.0u4g9fh0KJF03hjdoe./jehfiwoefwehg032rskjclnvbiol-----END PGP MESSAGE
8.5 Securing TCP Connections: SSLSSL
•Secure Sockets Layer
▫Enhanced version of TCP
•Transport Layer Security
▫Slightly modified version of SSL (version 3)
•Https
8.5 Securing TCP Connections: SSLWhy SSL?
•Provides confidentiality
•Provides data integrity
•Provides server authentication
8.5 Securing TCP Connections: SSLThree Phases
•Handshake
•Key Derivation
•Data Transfer
(Connection Closure)
8.5 Securing TCP Connections: SSLSSL Handshake
•Server authentication
▫Master Secret (MS)
▫Encrypted Master Secret (EMS)
8.5 Securing TCP Connections: SSLSSL Key Derivation
•Generate Four Keys:
▫EB = encryption
▫MB = MAC
▫EA = encryption
▫MA = MAC
8.5 Securing TCP Connections: SSLSSL Data Transfer
•Break data stream into records:
Data MACVersion LengthType
Encrypted with EB
8.5 Securing TCP Connections: SSLReal SSL
•Server authentication
•Negotiation: agree on crypto
algorithms
•Establish keys
•Client authentication (optional)
Bibliography• [1] J. Kurose and K. Ross, Computer Networking: A top-down
approach, 5th edition. New York: Pearson Education, Inc., 2010.• [2] M.S.Bhiogade, “Secure Socket Layer”, in InSITE - “Where
Parallels Intersect,” June 2002, pp. 85-90.• [3]A. Weaver, “How Things Work Secure Sockets Layer,” in Computer
– Innovative Technology for Computing Professionals, April 2006.• [4] R. Bazile and O. Wong, “Pretty Good Privacy Network Security and
Cryptography, CS682,” November 4, 2002.• [5] D.V. Bhatt, S. Schulze, G.P. Hancke, L. Horvath, “Secure Internet
access to gateway using secure socket layer,” in Virtual Environments, Human-Computer Interfaces and Measurement Systems, July 2003, pp. 157- 162.
• [6] S. Garfinkel and G. Spafford, Web Security and Commerce. Sebastopol, CA : O'Reilly & Associates, Inc. , 1997.
• [7] A. Levi and Ç. K. Koç, “Risks in Email Security,” in Inside Risks, 2001.
• [8] M. Sunner , “Email Security,” in Network Security, Volume 2005, Issue 12, December 2005, pp. 4-7.