• No results found

SECURE ANALYSIS OF EXISTING IMPLEMENTATIONS OF S/MIME & PGP. Final Specification

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "SECURE ANALYSIS OF EXISTING IMPLEMENTATIONS OF S/MIME & PGP. Final Specification"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

SECURE EMAIL:

ANALYSIS OF EXISTING IMPLEMENTATIONS OF

S/MIME & PGP

Final Specification

BY

Rajesh Ravi.

Jon Halperin.

Srikanth Nannapaneni.

(2)

Secure Email: Analysis of Existing Implementations of S/MIME and PGP 1. Introduction:

The S/MIME (Secure/Multipurpose Internet Mail Extensions) set of specifications defines a standard protocol used by electronic messaging user agents to apply

cryptographic security services to mail that is sent, and to process protected mail that is received.

The project focuses on analyzing different implementations of S/MIME and PGP in various popular email clients like Outlook, Mozilla (Thunderbird), Netscape and Eudora. 2. We will analyze the following implementations of S/MIME and PGP:

• Microsoft Outlook • Mozilla

• Netscape • Eudora

3. For each implementation we will analyze the following: • Functionality

1. Confidentiality 2. Integrity 3. Vulnerabilities

4. Scalability and Interoperability of the implementation with various systems.

• Ease of Use

The ease of use of the product which involves costs for setting it up, easiness with which it can be used and the support available. This is done keeping in mind both the consumer and businesses.

4. Tentative list of questions we will be seeking an answer to:

• What are the cryptographic algorithms used in the implementations? • How confidential is the information sent using this email?

• Is this information tamper proof?

• What is the ease with which the end user can use these implementations? 5. Procedure for verifying the results of your investigation:

(3)

• Results can be verified by using softwares, which use different implementation of S/MIME and PGP.

• By referring the documentation of the software’s regarding how they use S/MIME and PGP.

6. Format and tentative table of contents of the final report: A. Introduction

B. Analysis of implementations in terms of: • Functionality

1. Cryptographic algorithms

A study of the cryptographic algorithms used in each

Implementation for PGP and S/MIME.

2. Confidentiality

Analyzing each implementation for its ability to keep the information secret while using PGP and S/MIME.

Analyze which is better for confidentiality PGP or S/MIME.

Recommendations for the End User about confidentiality.

3. Integrity

Analyze each implementation for tamper proof ness using PGP and S/MIME.

Analyze the better one for Integrity

Recommendations for the End User about Integrity 4. Interoperability

Analyze each implementation for compatability with other implementations i.e checking if secure email sent using one email client can be read using another email client.

(4)

5. Vulnerabilities and problems

Analyzing the implementations for various vulnerabilities and problems.

Suggesting possible solutions for the problems

C. Ease of Use 1. Consumer

a) Assumptions b) Main goals

Needs to be really easy to use Very low cost

c) Available products

For each product define the costs of using the overall set up, the amount of computer knowledge needed to implement the set up, and the easy of use once the product is set up for both PGP and S/ Mime

Secure Email software PGP S/ Mime Basic Email program

Outlook

Thunderbird Mozilla Netscape

Eudora

d) Recommendation for home user.

2. Small Business a) Assumptions b) Main goals

Still pretty easy to set up. Tech support is available, but limited. Can afford a greater cost than consumer, but still needs to keep

implementations costs down.

c) Available products

For each product define the costs of using the overall set up, the amount of computer knowledge needed to implement the set up, and the easy of use once the product is set up for both PGP and S/ Mime

(5)

Outlook

Thunderbird / Mozilla Netscape

Eudora

d) Recommendation for small business 3. Large Business

a) Assumptions b) Main goals

Easy for end user

Does not have to be easy to implement, because of technical support staff.

c) Available products

For each product define the costs of using the overall set up, the amount of computer knowledge needed to implement the set up, and the easy of use once the product is set up for both PGP and S/ Mime

Outlook

Thunderbird/ Mozilla Netscape

Outlook Express

d)Recommendations for large business

C) Conclusion

D) References

7. Time schedule and Intermediate goals to be achieved

• October 6th : Submission of Final project specification by e-mail

• October 12th : To complete study on various implementations

• November 2nd : To continue the study and start analyzing them for

functionality

• November 16th :To continue analyzing for ease of use.

• November 17th to November 30: Final draft/Project report

• December 1st : Final progress report with the draft version of the final

viewgraph presentation

• December 11th : Project reports submitted by e-mail to the instructor

• December 15th : Final Oral presentation and final report.

8. Possible changes: Depending upon the resources available for us to study various implementations we might add or delete some of the

implementations which are under consideration. 9. List of literature:

(6)

• Using S/MIME in Mozilla

http://www.mozilla.org/projects/security/pki/psm/smime_guide.html • Beginners Guide to secure email using S/MIME:

http://www.marknoble.com/tutorial/smime/smime.aspx • Paper : Review about S/MIME

http://www.itsecurity.com/papers/articsoft18.htm • Website: Specifications of S/MIME

http://www.imc.org/smime-pgpmime.html • Guide to use S/MIME:

http://www.mozilla.org/projects/security/pki/psm/smime_guide.html • S/MIME Working Group:

http://www.imc.org/ietf-smime/index.html • Beginners Guide to secure email using S/MIME:

http://www.marknoble.com/tutorial/smime/smime.aspx • S/MIME publications by NIST

http://csrc.nist.gov/pki/smime/smpubs.htm • S/MIME implementation guide:

http://lib.ua.ac.be/ibw/PDF/smimeimp.pdf

• Paper: http://www.cswl.com/whiteppr/tech/emailsecurity.html • S/MIME and PGP:

http://www.imc.org/smime-pgpmime.html

• Safe email, safe office, and safe web browser demo description,

Balzer, R.;DARPA Information Survivability Conference and Exposition, 2003. Proceedings, Volume: 2, 22-24 April 2003 Pages: 116 vol.2,

http://ieeexplore.ieee.org/iel5/8503/26876/01194941.pdf?tp=&arnu

mber=1194941&isnumber=26876&arSt=116%20vol.2&ared=&arAuthor= Balzer%2C+R.%3B

• How PGP relates to federal government standards and laws

(7)

http://www.pgp.com/solutions/government.html • Increase workstation security with PGP

http://techrepublic.com.com/5100-6270-5069338.html • Lost in the scramble-open source encryption

http://www.wired.com/wired/archive/9.01/streetcred.html?pg=11 • White paper - is secure email the answer to your problems

http://itpapers.zdnet.com/abstract.aspx?docid=38721&promo=999222&kw=+mime

(8)

References

Download now ( PDF - 8 Page - 32.43 KB )

Related documents

Breeding Strategies for Maintaining Colonies of Laboratory Mice

How Many Breeding Females are Needed to Produce 40 Male Homozygotes per Week Using a Heterozygous Female x Heterozygous Male Breeding Scheme With 15% Non-Productive Breeders.

Efficient low-complexity data detection for multiple-input multiple-output wireless communication systems

• The proposed block diagonal matrix based massive MIMO uplink detection scheme and the block Gauss-Seidel method for V2I communications have shown much reduced processing delay

Software Engineering: History

While making the case that software engineering was truly an engineering discipline, it acknowledged that the new field had drawn heavily from the traditional engineer- ing fields

Health First Vitamin B-50 Complex

D-Pantothenic Acid (calcium pantothenate) 50 mg Vitamin B6 (pyridoxine hydrochloride) 50 mg Vitamin B12 (cyanocobalamin) 50 mcg Biotin 50 mcg Folic Acid 1 mg Lipotropic Factors:

Income surtax on managers and advisory boards income law in the time of financial and economic crisis considering constitutionality

PREDGOVOR V času finančne in gospodarske krize je zakonodajalec dodatno obdavčil dohodke fizičnih oseb, ki vodijo posle poslovnih subjektov v nadaljevanju poslovodne osebe ali

Intervenções com atividades físicas para crianças e adolescentes com deficiência visual

All of the participants were faculty members, currently working in a higher education setting, teaching adapted physical activity / education courses and, finally, were

Modeling labor market flows on the basis of sectoral employment in Europe

The explanation for Germany probably lies in the substantial flexibility of German labor market, where drop of employment in construction (F) and manufacturing (C) is compensated

Operation Manual. Macintosh. Wireless Manager ME 5.5. Wireless Manager mobile edition 5.5 ENGLISH F WMM-LY8JC

Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you