secure e-mail damascus university faculty of information technology networks specialization secure...
TRANSCRIPT
Secure e-mail
Damascus University
Faculty of Information Technology
Networks specialization
Secure e-mail
presentation scheme
What is our project?
Project goals
Encryption Algorithms and Digital Signature
Existed similar products
Server and Client Functions
Security implementation
Developing horizons
Conclusion
what is our project?
Secure e-mailSecure e-mail
Encrypted exchange of messages between communication sides using mixture of symmetric and asymmetric encryption
LAN email with many services
Project goals
Security goals
Communication goals
Information security
Data integrity
Server and Client authentication
Identity spoofing
Non repudiation
Building an application to perform:
Exchanging messages and attached files
Developing Model
client side evaluation design
risk analysis
planning
calling the client analysis
Implementation
Encryption Algorithms
Hi
Mahmoud
*&^1
)-h@’
Hi
Mahmoud
Manar Mahmoud
Same Key
Symmetric
Encryption Algorithms
Hi
Mahmoud
*&^1
)-h@’
Hi
Mahmoud
Manar MahmoudAsymmetric
Mahmoud’s
Public Key
Mahmoud’s
Private Key
Hash Function X
Using of Hash Function
Encryption Algorithms
Message digest
Encryption Algorithms
Message digest + sender private key digital signature
Goals of digital signature:
Data integrity
Authentication
Identity spoofing
Non repudiation
Encryption Algorithms
Hash
Hash
M
M ’
M ’’
H ‘
H
H ‘’
M ’
M
M ’’
H
M ’
Client Private Key
Session Key
Server Public Key
Server Private Key
Client Public Key
H ‘’ H=?
If true True message
Client Server
M ’’
H ‘
H ‘
existed similar products
PEM: Privacy Enhanced Mail, 1987
Attempted to add security to SMTP
Attempted o build a CA hierarchy along X500 lines
Solved the data formatting problem with base 64 encoding
It has failed because:
Message format was ugly
The required X500 support infrastructure
PGP: Pretty Good Privacy, 1991
MD4 + RSA signatures & key s exchange .
.
IDEA for encryption
Ports for UNIX, VMS, …
Compression speedup encryption & signing, reduce msg
Requires no support infrastructure
Data Base
Server’s
User
# E-mail address* Password* firstName* lastName* question* answer
Keys
# E-mail address* privateExp* privateMod* publicExp* publicMod
Messages
# id* To* fromUser* dataSendО subjectО BodyО StateО CcО ImportantО AttachmentО is Encrypted
attachment
# Id* File name
Client’s
Data Base
Mymessage
# Id* To* fromUser* subject dataSend סBody סState סCc סBcc סDeleted סimportant סAttachment ס
attachment
# Id* File name
addressBook
# e-mail addressf_name סl_name סtel_nb סmobile_nb סaddress ס
Client keys
# E-mail address* privateExp* privateMod* publicExp* publicMod
Server and Client Functions
Server’s
Daemon:
Works all the time
Receives requests
Forewords it to threads
Thread:
Receives request from server
Call suitable procedure according to request parameters
What procedures we have:
log in
new account register
receiving message from client and forwarding it to its destination
sending directed messages to client
services as: changing password, remembering password
generating private and public keys
Server and Client Functions
Client’s
Client available services:
log in
new account register
sending message to server with/without attachment
import client messages from server
services as: changing password, remembering password
sending more than one message in the same time (Outbox)
sending: replay, replay all, forward
address book
Security Implementation
Client
Server
Security Implementation
Client Servernew account
X
Y
Server Private Key
K’K’
K’
Server Public Key
K’’
If (K = = K’’) client and server have same key
new account:
Security Implementation
If (K = = K’’) client and server have same key
e-mail address
passwordfirst namelast namequestionanswer
Secret Key (K)
encrypted
Client
Server
encryptedSecret Key (K)
e-mail address
passwordfirst namelast namequestionanswer
Security Implementation
Security Implementation
Client Server
If existed e-mail address
existed
else
New account added
!
h Client private + public
key
Security Implementation
log in:
If (K = = K’’) client and server have same key
e-mail address
password
Session Key
encrypted
Client
Client Private Key
Server Public Key
encryptedDigital SignatureEncryption & Digital Signature
Security Implementation
Client Serverlog in:
log in
encrypted
Digital Signature
encryptedDigital Signature
server
Security Implementation
Client Public Key
Server Private Key
encryptedSecret Key
e-mail address
password
Decryption & Verification
Security Implementation
Client Server
If (existed e-mail address
& matched password)Existed& matched
else
Invalid username or password
!
h
Security Implementation
Sending message with attachment :
msgbody
attachment
*&^1)-h@ DS
To: Cc: Bcc:
Server Public Key
Encryption & Digital Signature
Client
*&^1)-h@ DS
attachment To: Cc: Bcc:
* * ^1 ^1’’’’hh’’
*&^1*&^1)-h@’)-h@’
’’’’hh’’*&^1*&^1
To public keyCc public keyBcc public key(s)To: Cc:
To: Cc:
To: Cc:
Encryption
Security Implementation
Server Private Key
server
Security Implementation
If right destination put msg in destination inbox
else error msg in source inbox
Applying Range & Developing Horizons
Applying Range:
In all LANs
Developing Horizons:
Using this System to send/receive messages across Internet
Conclusion
alt.security 7لخصت مجموعة األخبار في قائمة األسئلة األكثر طرحاFAQ ، مشكلة األمن في األنظمة باإلجابة على السؤال Rعمومية
المشهور:
س: ما الذي يجعل النظام غير آمن؟
7 غير آمنh هو تشغيله!، حيث يكون ج: "إن أكثر ما يجعل نظاما7 بشكل 7 عن كل شيء، أمطف حقيقيn إذا كان: النظام آمنا ، مفصوًال
7 عليه في حافظة من التيتانيوم، 7 في مستودع تحت مقفًال مدفونا7 بغاز سام لألعصاب وبمجموعة من الحراس األرض، ومحاطا
المدججين ذوي الرواتب العالية، وحتى مع كل هذا فأنا ًال أراهن * بحياتي عليه!”
[CONA-99]
Alec Muffett يجيب على قائمة األسئلة هذه *
([email protected]) .وذلك بمساعدة العديد من اآلخرين ،
Developed by:
Manar WassoufSomar Saeda
Mahmoud Mahfoud
Supervised by:
Dr. Moutasem Shafa AmriEng. Muhammad Juneidi
Special thanks to :
Administration and learning Group in
Faculty of Information Technology.
Thanks everybody for listeningDeveloping Team
Secure e-mailAll rights reserved for developing team
SMM © 2003-2004