E-mail Security using EncryptionSecurity Features

• Message Origin Authentication - verifying that the sender is who he or she says they are

• Content Integrity - verifying that the message was not changed after sender sent it

• Content Confidentiality - making certain that only the intended recipient reads the message

• Proof of Delivery - making certain that the message was delivered

Continued...

1

2

3

4

E-mail Security using EncryptionSecurity Features

• Message Sequence Integrity - making certain that all messages were delivered in proper order.

• Non-repudiation of Origin - being able to prove that sender sent a message.

• Non-repudiation of Delivery - being able to prove that a recipient got a message.

Continued...

5

6

7

E-mail Security using EncryptionSecurity Features

• Message Security Labeling - labeling a message with handling instructions.

• Message Flow Confidentiality - making certain no one knows who you exchange mail with.

• Secure Access Management - making certain no one uses your e-mail system without being authorized.

8

9

10

E-mail Security using EncryptionOperation

• All secure e-mail systems work roughly the same way.– Calculate a message digest of the message.

– Encrypt the message digest with sender’s private key.

– Encrypt the mail with a session key (random).

– Encrypt the session key with receiver’s public key.

E-mail Security using EncryptionOperation

• Receiver must:– Decrypt session key with the receiver’s private key.

– Decrypt the message with session key.

– Decrypt message digest with the sender’s public key.

– Calculate a message digest and compare to the one that was sent.• Encrypted message digest serves as both signature and

integrity check.

Sender Functions:

Email message

Create

Message Digest

Private Key

Encrypt MD with Sender’s

Digital Signature

Email message

Encrypt Bundlewith Session Key

(Random Number)

Digit al

Si gna tur e

Em

ai l messa ge

Encrypt withReceiver’s Public Key

{SEND }

1 2

Bundle3

45

6

7

1 2

3

4 Set Reply Request

6

5

SN

8

9

10 C

onfi

den

tial

Encapsulate Header

Require Private Key to unlock Workstation

SN

Con

fid

enti

al

SNConfidential

Message Sequence No

SecurityLabeling

BUSINESS PROTOCOL

BUSINESS PROTOCOL

BUSINESS PROTOCOL

BUSINESS PROTOCOL

Receiver Functions:

Dig

ital

S

i gna

tur e

Em

ail m

essa

ge

{ }

Receive

Decrypt session key withReceiver’s Private Key

1

Decrypt Bundlewith Session Key

2

Digital Signature

Email message

Bundle

3Public Key

Decrypt MD with Sender’s

Message Digest

Create

Message Digest

4Email message SN

Con

fid

enti

al

SN

Con

fid

enti

al

0 = {5

6 Read Message

Compare MD’s

SN Confidential

7Repeat Process in other direction for

Non-Repudiation of Delivery

BUSINESS PROTOCOL