Chapter 6

Electronic Mail Security

• Pretty Good Privacy

• S/MIME

1
 E-mail Architecture

2
 E-mail Security
Cryptographic Algorithms

In e-mail security, the sender of the message needs

to include the name or identifiers
of the algorithms used in the message.

Certificates
It is obvious that some public-key algorithms must be
used for e-mail security.

3
Cryptographic Secrets

• In e-mail security, the encryption/decryption is

done using a symmetric-key algorithm,
• But the secret key to decrypt the message is
encrypted with the public key of the receiver and
is sent with the message.

4
 Pretty Good Privacy (PGP)
⚫Pretty Good Privacy (PGP) can be used to
create a secure e-mail message
⚫or to store a file securely for future
retrieval.

5
 Pretty Good Privacy (PGP)
PGP provides four services:
1. Authentication
2. Compression
3. Confidentiality
4. Email compatibility

6
 PGP operation

•1. Digital Signature

• 2. Compression
• 3. Encryption
• 4. Digital Enveloping
• 5. Radix 64 Encoding
• 6. Segmentation

7
 PGP operation: 1)Digital Signature

⚫Create message digest of email

using SHA 1.
⚫The resulting message digest is
encrypted with sender’s private key
to produce digital signature.

8
 PGP operation: 2) Compression
⚫The message IS compressed using ZIP
program which is based on Lempel-Ziv
Algorithm.
⚫ Lempel-Ziv Algorithm looks for repeated
strings or words creates corresponding
variables for them.

9
 PGP operation: 2) Compression
⚫Coding using Lempel-Ziv Algorithm.

10
 PGP operation: 2) Compression
⚫Decoding using Lempel-Ziv Algorithm.

11
 PGP operation: 2) Compression

12
 PGP operation: 3) Encryption
⚫Compressed form of original email and
digital signature are encrypted
symmetric key.
⚫For this IDEA algorithm in CFB mode

is used.

13
 PGP operation: 4) Digital Enveloping
⚫The encrypted message is again
encrypted with receiver’s public
key.

14
 PGP operation: Radix 64 Encoding
⚫Most email systems allow the
message to consists of only ASCII
characters.
⚫To translate the characters in

ASCII format PGP uses Radix 64

conversion.

15
 Radix 64 Encoding Process

16
 Radix 64 Encoding Example

17
 Radix 64 Mapping Table

18
 PGP operation: 6. Segmentation
⚫To accommodate maximum
segment size PGP uses
Segmentation and Reassembly.

19
 PGP operation

20
 Key Rings in PGP

1. Ring of own public-private

keys.(Different key pairs for
different users.)
2. A ring of public key of others.
16.
21
 PGP Certificates
X.509 Certificates
Protocols that use X.509 certificates depend on
the hierarchical structure of the trust.

In X.509, there is a single path from the fully

trusted authority to any certificate.

16.22
 PGP Certificates
• In PGP, there is no need for CAs.
• Anyone in the ring can sign a certificate for
anyone else in the ring.

In PGP, there can be multiple paths from fully or

partially trusted authorities to any subject.

The entire operation of PGP is based on

• Introducer trust
• Certificate trust
• Legitimacy of the public keys.
16.23
Introducer trust level None
Partial
full

Certificate trust level Certificate trust level is normally the

same as the introducer trust level that
issued certificate

Key Legitimacy 1. weight 0 to nontrused certificate.

2. weight 1/2 to partially certificate.
3.weight 1 to fully trused certificate.
16.24
Format of private key ring table

16.25
 Example 16.1
Let us show a private key ring table for Alice. We assume that
Alice has only two user IDs, alice@some.com and alice@anet.net.
We also assume that Alice has two sets of private/public keys, one
for each user ID.

16.26
Format of a public key ring table

16.27
Example 16.2

A series of steps will show how a public key ring table is formed
for Alice.

16.28
Example 16.2

16.29
Example 16.2

16.30
Example 16.2

16.31
 S/MIME
• Another security service designed for electronic mail
is Secure/Multipurpose Internet Mail Extension
(S/MIME).
• The protocol is an enhancement of the Multipurpose
Internet Mail Extension (MIME) protocol.

32
 MIME FORMAT

33
 MIME-Version
This header defines the version of MIME used. The
current version is 1.1.

Content-Type
The content type and the content subtype are separated
by a slash. Depending on the subtype, the header may
contain other parameters.

34
35
36
 Radix-64 conversion

37
 S/MIME
• S/MIME adds some new content types to include
security services to the MIME.
• All of these new types include the parameter
“application/pkcs7-mime,” in which “pkcs” defines
“Public Key Cryptography Specification.”

Cryptographic Message Syntax (CMS)

• To define how security services, such as
confidentiality or integrity, can be added to MIME
content types, S/MIME has defined Cryptographic
Message Syntax (CMS).
• The syntax in each case defines the exact encoding
40 scheme for each content type.
 Signed-data content type

41
 Enveloped-data content type

42
 Digest-data content type

43
 Authenticated-data content type

44
Cryptographic Algorithms
S/MIME defines several cryptographic algorithms. The
term “must” means an absolute requirement; the term
“should” means recommendation.

45
The following shows an example of an enveloped-data in which a
small message is encrypted using triple DES.

46
47
48
49