0
11kviews
Write short note on email security
1 Answer
2
418views

Electronic mail or E-mail is one of the most widely used applications of internet as well as on the World Wide Web (WWW). With the popularity of such a mode of communication and the amount of information transmitted as an E-mail is huge, attackers often try their luck on it.

Discussed below are some of popular mechanisms:

Pretty Good Privacy (PGP):

  • PGP is widely used e-mail software developed by Paul Zimmerman. The best available cryptographic algorithms were used an integrated into single program. The actual operation of PGP consists of four services which are described below:
  • Authentication: We use the concept of Digital signature to verify the user. The sender creates a message and attaches a RSA signed hash (by SHA-1) to the message. The algorithms used here are: RSA / DSS.
  • Confidentiality: The concept of session-keys is used here. Sender encrypts message with a Random Session-key. The session-key is then encrypted with RSA and attached to encrypted message.
  • Both the above steps can be performed individually or combined together as in Q-2.
  • Compression: By default PGP compresses messages after signing but before encrypting . It uses ZIP compression algorithm .
  • Email compatibility: Since PGP is encrypted, it consists of a stream of arbitrary 8-bit octets. However many e-mail systems only permit the use of ASCII text. To accommodate this restriction, PGP provides the service of converting the raw 8-bit binary stream to a stream of printable ASCII characters. It uses radix-64 conversion, in which each group of three octets of binary data is mapped into four ASCII characters.

Secure/Multipurpose Internet Mail Extension (S/MIME):

  • The earliest e-mails were of plain-text format(known as RFC822). MIME was introduced later to accommodate more content types by encoding binary data to textual form. S/MIME was introduced to provide security to this MIME format.
  • In terms of general functionality, S/MIME is very similar to PGP. Both offer the ability to sign and/or encrypt messages.
  • It uses a range of cryptographic algorithms including RSS/DSSDigital Signature, SHA-1 /MD-5 Hash functions, ElGamaalSession-key exchange, AES/3DES Encryption.
  • S/MIME secures a MIME entity with a signature, encryption, or both. A MIME entity may be an entire message or one or more of the subparts of the message

Domain-Key Identified Mail (DKIM):

  • DKIM is a specification for cryptographically signing email messages thereby permitting a sign-ing domain to claim responsibility for a message in the mail stream.
  • DKIM has been widely adopted by a range of email providers, including corporations, government agencies, gmail, yahoo, and many Internet Service Providers (ISPs)
Please log in to add an answer.