Email Security Presentation
10
Email Security & Development By: Yosef Gamble CS 325 https://commons.wikimedia.org/wiki/File:Crypto_key.svg
-
Upload
yosef-gamble -
Category
Documents
-
view
282 -
download
0
Transcript of Email Security Presentation
Email Security & Development
By: Yosef GambleCS 325
https://commons.wikimedia.org/wiki/File:Crypto_key.svg
Table of Contents
Email Security Flaws
Encryption TechniquesPublic key Infrastructure (PKI)
Pretty Good Privacy (PGP)
Application
Future Development
Email Security Flaws
Email is sent in plain text.
Email uses outdated protocol, Simple Mail
Transfer Protocol (SMTP).
Includes a header full of revealing metadata.
Can easily become intercepted.
Encryption Techniques - PKIPublic Key InfrastructureIntroduced public/private key encryption using
certificatesRelied on Third-Party vendorsWidely used in Corporate environment
https://en.wikipedia.org/wiki/Public_key_infrastructure#mediaviewer/File:Public-Key-Infrastructure.svg
Encryption Technique - PGP
Pretty Good Privacy
Decentralised version of PKI
Removed Third-Party Involvement
Uses ‘Web of Trust’ authentication
https://www.sandboxgeneral.com/?p=974
Applications
GNU Privacy Guard (GnuPG)HushmailLavabit, Silent Circle, & PrivateSkyThird-Party Plugins Webmail
https://en.wikipedia.org/wiki/GNU_Privacy_Guard#mediaviewer/File:Gnupg_logo.svg
Future Development
Focus on End-to-End Email Encryption and Usability
Dark Mail ProjectExtensible Messaging and Presence Protocol
(XMPP)
http://www.darkmail.info
Conclusion
Email Security Flaws
Encryption TechniquesPublic key Infrastructure (PKI)
Pretty Good Privacy (PGP)
Application
Future Development
Questions?
?
Works Cited
Bradbury, D. (2014, March). Can we make email secure? Network Security, 2014(3), 13-16. Retrieved May 27, 2014, from ACM Database.
Ellison, C., & Schneier, B. (2000). Risks of pki: Secure email. Communications of the ACM, 43(1), 160.
Hallam-Baker P. (2014). Privacy protected email. Retrieved from https://www.w3.org/2014/strint/papers/01.pdf
Nguyen P. (2004). Can we trust cryptographic software? cryptographic flaws in gnu privacy guard V1.2.3. In C. Cachin and J. Camenisch (Eds.), Advances in Cryptology - EUROCRYPT 2004, 3027, 555-570.
Shelley L. I. (2003). Organized crime, terrorism and cybercrime. In A. Bryden, P. Fluri (Eds.), Security sector reform: Institutions, society and good governance (pp. 303-312). Baden-Baden, DE: Nomos Verlagsgesellschaft.
Yu J., Cheval V., Ryan M. (2014). Challenges with end-to-end email encryption. Retrieved from https://www.w3.org/2014/strint/papers/08.pdf
