|
E-mail standards
Privacy-enhanced mail (PEM):
Provide authentication, message integrity, encryption and key management.
Specific components that can be used:
- Messages encrypted with DES in CBC mode
- Authentication provided by MD2 or MD5
- Public key management provided by RSA
- X.509 standard used for certification structure and format
Message Security Protocol (MSP):
Can sign and encrypt messages and perform hashing functions.
Pretty Good Privacy (PGP):
First widespread public key encryption program
Uses RSA public key encryption for key management and IDEA symmetric cipher for bulk encryption of data.
PGP uses passphrases, that is used to encrypt the user's private key that is stored on her hard drive.
Relies on a "web of trust" in its key management approach.
Key ring - Each user keeps a collection of signed public keys he has received from other users.
Internet Security
HTTP:
Sits on the top of TCP/IP
Is a stateless protocol, client and web server make and break a connection for each operation.
S-HTTP - Secure Hypertext Transport Protocol:
Developed to provide secure communication.
Encrypts messages with session keys that are calculated.
Provides integrity and sender authentication capabilities.
Is not a stateless protocol
Can support multiple encryption modes and types.
Can use public key technology and symmetric encryption.
Used when an individual message needs to be encrypted.
HTTPS:
Protects the communication channel between two computers.
Uses SSL and HTTP to provide a protected circuit between a client and server.
Used when all information that passes between two computers needs to be encrypted.
SSL - Secure Sockets Layer:
Protects a communication channel.
Uses public key encryption.
Provides data encryption, server authentication, message integrity and optional client authentication.
Keeps the communication path open until one of the parties requests to end the session.
Lies beneath the application layer and above the transport layer.
MIME - Multipurpose Internet Mail Extension:
Indication how multimedia data and e-mail attachments are to be transferred.
S/MIME - Secure MIME:
Standard for encrypting and digitally signing electronic mail that contains attachments and providing secure data transmissions.
Provides confidentiality through the user's encryption algorithm, integrity through the user's hashing algorithm, authentication through the use of X.509 public key certificates and non-repudiation through cryptographically signed messages.
|
|
