Email security presentation
5,455 views
22 slides
Jul 14, 2021
Slide 1 of 22
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
About This Presentation
In this presentation, I am trying to explain why and how email security should be implemented.
> Intro to Email
> Basic steps in emailing
> Intro to Email Security
> Common email threats
> How emailsecurity works
> Security requirements (CIA)
> Secure transmission of email: PGP...
Slide Content
Email Security
1
1
Introduction
Electronic mail or, simply Email is the most widely
used and regarded network services
Currently message contents are not safe-
May be inspected either in transit
Or by suitably privileged users on destination
system
2
Electronic mail or, simply Email is the most widely
used and regarded network services
Currently message contents are not safe-
May be inspected either in transit
Or by suitably privileged users on destination
system
2
Basic steps in E-mailing
SMTP
To:
bob@someschoo
l.com
From:
alice@somedom
ain.com
Sender mail
server
Receiver mail
server
From:
alice@some
domain.co
m
3
SMTP
To:
bob@someschoo
l.com
From:
alice@somedom
ain.com
Sender mail
server
Receiver mail
server
From:
alice@some
domain.co
m
3
Email Security
techniques for protecting email accounts,
content, and communication against
unauthorized access, loss or compromise.
involves encrypting, the content of email
messages to protect potentially sensitive
information from being read by anyone other than
intended recipients.
4
techniques for protecting email accounts,
content, and communication against
unauthorized access, loss or compromise.
involves encrypting, the content of email
messages to protect potentially sensitive
information from being read by anyone other than
intended recipients.
4
Common email threats
Malware – short term for “malicious software”.
Spam – Unsolicited commercial e-mail.
Phishing – Somehow related to spam.
Social engineering - A common social engineering
attack is e-mail spoofing.
Many more..
5
Malware – short term for “malicious software”.
Spam – Unsolicited commercial e-mail.
Phishing – Somehow related to spam.
Social engineering - A common social engineering
attack is e-mail spoofing.
Many more..
5
How email security works:
USER A USER B
Public Key
Private Key
6
USER A USER B
Public Key
Private Key
6
Security Requirements
Confidentiality : Email should be viewed by the
person to whom it is intended to
Integrity : Original content should be received by
the receiver
Availability : Receiver should be able to access
the mail anytime he requires.
7
Confidentiality : Email should be viewed by the
person to whom it is intended to
Integrity : Original content should be received by
the receiver
Availability : Receiver should be able to access
the mail anytime he requires.
7
Secure transmission of Emails
Pretty Good Privacy(PGP)
oSecure/Multipurpose Internet Mail
Extensions (S/MIME)
8
Pretty Good Privacy(PGP)
oSecure/Multipurpose Internet Mail
Extensions (S/MIME)
8
Pretty Good Privacy(PGP)
Developed by Phil Zimmermann, back in 1991.
A number of reasons can be cited for its
popularity-
Available free worldwide
Based on secure algorithm
Wide range of applicability
9
Developed by Phil Zimmermann, back in 1991.
A number of reasons can be cited for its
popularity-
Available free worldwide
Based on secure algorithm
Wide range of applicability
9
Operational description
The mathematics behind PGP can get pretty
complex steps:
Authentication
Confidentiality
Compression
Email Compatibility
Segmentation
10
The mathematics behind PGP can get pretty
complex steps:
Authentication
Confidentiality
Compression
Email Compatibility
Segmentation
10
Authentication
Confidentiality
11
Practically, both the Authentication and Confidentiality services
are provided in parallel.
Confidentiality
11
Practically, both the Authentication and Confidentiality services
are provided in parallel.
Compression
12
By default PGP compresses after signing and before
encrypting.
Uses ZIP compression algorithm
Message
Locks with session
key
Compress the
message
Encrypts with
public key
Email Compatibility
PGP will have binary data to send(encoded message)
Converts the raw 8-bit binary stream to a stream of printable
ASCII characters for sending
Uses radix-64 algorithm for conversion
12
By default PGP compresses after signing and before
encrypting.
Uses ZIP compression algorithm
Message
Locks with session
key
Compress the
message
Encrypts with
public key
Email Compatibility
PGP will have binary data to send(encoded message)
Converts the raw 8-bit binary stream to a stream of printable
ASCII characters for sending
Uses radix-64 algorithm for conversion
Segmentation/Reassembly
Email protocols even restricted to maximum length.
PGP automatically divides the message that is too large into
segments that are small enough to send via e-mail
Divide and conquer
Reassembly at the receiver end is required before
verifying signature and decryption
13
Email protocols even restricted to maximum length.
PGP automatically divides the message that is too large into
segments that are small enough to send via e-mail
Divide and conquer
Reassembly at the receiver end is required before
verifying signature and decryption
13
PGP Summary
Encryption sender side Decryption receiver side
Source:Wikipedia
14
Encryption sender side Decryption receiver side
Source:Wikipedia
14
Secure transmission of Emails
oPretty Good Privacy(PGP)
Secure/Multipurpose Internet Mail
Extensions (S/MIME)
15
oPretty Good Privacy(PGP)
Secure/Multipurpose Internet Mail
Extensions (S/MIME)
15
Secure/Multipurpose Internet
Mail Extension (S/MIME)
Originally developed by RSA Data Security
Security enhancement to the MIME data sent
through email
MIME replaced the restricted SMTP protocol, as
SMTP was not able to exchange the multimedia
files.
Supported by major email programs like Outlook,
Netscape
16
Mail Extension (S/MIME)
Originally developed by RSA Data Security
Security enhancement to the MIME data sent
through email
MIME replaced the restricted SMTP protocol, as
SMTP was not able to exchange the multimedia
files.
Supported by major email programs like Outlook,
Netscape
16
S/MIME Functions
Enveloped data: encrypted content &
associated keys
Signed data: the content plus signature are then
encoded using base64 encoding
Clear-signed data: only the digital signature is
encoded using base64
Signed and enveloped data: signed-only and
encrypted-only entities may be nested
17
Enveloped data: encrypted content &
associated keys
Signed data: the content plus signature are then
encoded using base64 encoding
Clear-signed data: only the digital signature is
encoded using base64
Signed and enveloped data: signed-only and
encrypted-only entities may be nested
17
S/MIME: Signed mail
18
Create a message digest to be used in forming a digital signature. Encrypt message
digest to form digital signature.
18
Create a message digest to be used in forming a digital signature. Encrypt message
digest to form digital signature.
S/MIME: Encrypted Mail
19
•Encrypt session key for transmission with message.
•Encrypt message for transmission with one-time session key.
19
•Encrypt session key for transmission with message.
•Encrypt message for transmission with one-time session key.
Conclusion
20
Email security is becoming more important with time.
Companies are using it for exchanging important information.
It is important to protect this information. If hackers get
access to this information, then they can sell it to your competitors.
Thus, your competitors will get an unfair advantage. It is important
to ensure that your emails are encrypted. You can use email
encryption software for encrypting your emails. This will ensure that
only your recipient can access your emails.
20
Email security is becoming more important with time.
Companies are using it for exchanging important information.
It is important to protect this information. If hackers get
access to this information, then they can sell it to your competitors.
Thus, your competitors will get an unfair advantage. It is important
to ensure that your emails are encrypted. You can use email
encryption software for encrypting your emails. This will ensure that
only your recipient can access your emails.
References
E-mail Security: An Overview of Threats and
Safeguards (ahima.org)
https://en.wikipedia.org/w/index.php?title=Pretty_
Good_Privacy&oldid=1028032091
http://netaccess.on.ca/~rbarclay/bg2pgp.txt
S/MIME Functionality and Messages
(brainkart.com)
rfc5751 (ietf.org)
21
E-mail Security: An Overview of Threats and
Safeguards (ahima.org)
https://en.wikipedia.org/w/index.php?title=Pretty_
Good_Privacy&oldid=1028032091
http://netaccess.on.ca/~rbarclay/bg2pgp.txt
S/MIME Functionality and Messages
(brainkart.com)
rfc5751 (ietf.org)
21
Thank You!
22
22
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 5,455
- Slides 22
- Favorites 1
- Age 1601 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views