secure e-mail damascus university faculty of information technology networks specialization secure...

Secure e-mail

Damascus University

Faculty of Information Technology

Networks specialization

Secure e-mail

presentation scheme

What is our project?

Project goals

Encryption Algorithms and Digital Signature

Existed similar products

Server and Client Functions

Security implementation

Developing horizons

Conclusion

what is our project?

Secure e-mailSecure e-mail

Encrypted exchange of messages between communication sides using mixture of symmetric and asymmetric encryption

LAN email with many services

Project goals

Security goals

Communication goals

Information security

Data integrity

Server and Client authentication

Identity spoofing

Non repudiation

Building an application to perform:

Exchanging messages and attached files

Developing Model

client side evaluation design

risk analysis

planning

calling the client analysis

Implementation

Encryption Algorithms

Hi

Mahmoud

*&^1

)-h@’

Hi

Mahmoud

Manar Mahmoud

Same Key

Symmetric

Encryption Algorithms

Hi

Mahmoud

*&^1

)-h@’

Hi

Mahmoud

Manar MahmoudAsymmetric

Mahmoud’s

Public Key

Mahmoud’s

Private Key

Hash Function X

Using of Hash Function

Encryption Algorithms

Message digest

Encryption Algorithms

Message digest + sender private key digital signature

Goals of digital signature:

Data integrity

Authentication

Identity spoofing

Non repudiation

Encryption Algorithms

Hash

Hash

M

M ’

M ’’

H ‘

H

H ‘’

M ’

M

M ’’

H

M ’

Client Private Key

Session Key

Server Public Key

Server Private Key

Client Public Key

H ‘’ H=?

If true True message

Client Server

M ’’

H ‘

H ‘

existed similar products

PEM: Privacy Enhanced Mail, 1987

Attempted to add security to SMTP

Attempted o build a CA hierarchy along X500 lines

Solved the data formatting problem with base 64 encoding

It has failed because:

Message format was ugly

The required X500 support infrastructure

PGP: Pretty Good Privacy, 1991

MD4 + RSA signatures & key s exchange .

.

IDEA for encryption

Ports for UNIX, VMS, …

Compression speedup encryption & signing, reduce msg

Requires no support infrastructure

Data Base

Server’s

User

# E-mail address* Password* firstName* lastName* question* answer

Keys

# E-mail address* privateExp* privateMod* publicExp* publicMod

Messages

# id* To* fromUser* dataSendО subjectО BodyО StateО CcО ImportantО AttachmentО is Encrypted

attachment

# Id* File name

Client’s

Data Base

Mymessage

# Id* To* fromUser* subject dataSend סBody סState סCc סBcc סDeleted סimportant סAttachment ס

attachment

# Id* File name

addressBook

# e-mail addressf_name סl_name סtel_nb סmobile_nb סaddress ס

Client keys

# E-mail address* privateExp* privateMod* publicExp* publicMod

Server and Client Functions

Server’s

Daemon:

Works all the time

Receives requests

Forewords it to threads

Thread:

Receives request from server

Call suitable procedure according to request parameters

What procedures we have:

log in

new account register

receiving message from client and forwarding it to its destination

sending directed messages to client

services as: changing password, remembering password

generating private and public keys

Server and Client Functions

Client’s

Client available services:

log in

new account register

sending message to server with/without attachment

import client messages from server

services as: changing password, remembering password

sending more than one message in the same time (Outbox)

sending: replay, replay all, forward

address book

Security Implementation

Client

Server

Security Implementation

Client Servernew account

X

Y

Server Private Key

K’K’

K’

Server Public Key

K’’

If (K = = K’’) client and server have same key

new account:

Security Implementation

If (K = = K’’) client and server have same key

e-mail address

passwordfirst namelast namequestionanswer

Secret Key (K)

encrypted

Client

Server

encryptedSecret Key (K)

e-mail address

passwordfirst namelast namequestionanswer

Security Implementation

Security Implementation

Client Server

If existed e-mail address

existed

else

New account added

!

h Client private + public

key

Security Implementation

log in:

If (K = = K’’) client and server have same key

e-mail address

password

Session Key

encrypted

Client

Client Private Key

Server Public Key

encryptedDigital SignatureEncryption & Digital Signature

Security Implementation

Client Serverlog in:

log in

encrypted

Digital Signature

encryptedDigital Signature

server

Security Implementation

Client Public Key

Server Private Key

encryptedSecret Key

e-mail address

password

Decryption & Verification

Security Implementation

Client Server

If (existed e-mail address

& matched password)Existed& matched

else

Invalid username or password

!

h

Security Implementation

Sending message with attachment :

msgbody

attachment

*&^1)-h@ DS

To: Cc: Bcc:

Server Public Key

Encryption & Digital Signature

Client

*&^1)-h@ DS

attachment To: Cc: Bcc:

* * ^1 ^1’’’’hh’’

*&^1*&^1)-h@’)-h@’

’’’’hh’’*&^1*&^1

To public keyCc public keyBcc public key(s)To: Cc:

To: Cc:

To: Cc:

Encryption

Security Implementation

Server Private Key

server

Security Implementation

If right destination put msg in destination inbox

else error msg in source inbox

Applying Range & Developing Horizons

Applying Range:

In all LANs

Developing Horizons:

Using this System to send/receive messages across Internet

Conclusion

alt.security 7لخصت مجموعة األخبار في قائمة األسئلة األكثر طرحاFAQ ، مشكلة األمن في األنظمة باإلجابة على السؤال Rعمومية

المشهور:

س: ما الذي يجعل النظام غير آمن؟

7 غير آمنh هو تشغيله!، حيث يكون ج: "إن أكثر ما يجعل نظاما7 بشكل 7 عن كل شيء، أمطف حقيقيn إذا كان: النظام آمنا ، مفصوًال

7 عليه في حافظة من التيتانيوم، 7 في مستودع تحت مقفًال مدفونا7 بغاز سام لألعصاب وبمجموعة من الحراس األرض، ومحاطا

المدججين ذوي الرواتب العالية، وحتى مع كل هذا فأنا ًال أراهن * بحياتي عليه!”

[CONA-99]

Alec Muffett يجيب على قائمة األسئلة هذه *

(Alec.Muffett@uk.sun.com) .وذلك بمساعدة العديد من اآلخرين ،

Developed by:

Manar WassoufSomar Saeda

Mahmoud Mahfoud

Supervised by:

Dr. Moutasem Shafa AmriEng. Muhammad Juneidi

Special thanks to :

Administration and learning Group in

Faculty of Information Technology.

Thanks everybody for listeningDeveloping Team

Secure e-mailAll rights reserved for developing team

SMM © 2003-2004