Email Security

 Distribution Lists
 Local
Exploder
 Remote Exploder
Distribution Lists :
Local Exploder

 Its easier to prevent mail forwarding loops

 If there are multiple distribution lists, Its possible for
the sender to prevent duplicate copies being sent to
individuals on multiple lists.

Get List Distribution List

List

Recipient 1

Sender Msg Recipient 2

Recipient 3

Local Exploder
Distribution Lists :
Remote Exploder
 Allows you to send to a list whose membership you are not allowed
to know.
 If distribution are organized geographically, you need to send one
copy of message over expensive link to remote area.
 When distribution list is longer than message, its more efficient.
 Parallelism is exploited if distribution consists of distributions.

Recipient 1

Sender Msg Distribution List Msg Recipient 2

Recipient 3

Remote Exploder
Store and forward …
 MTA (Mail Transfer Agents)

MTA

MTA

MTA
MTA

UA (User Agent)
MTA UA (User Agent)
What about Email Security ?
 Privacy  Containment
 Authentication  Audit
 Integrity  Accounting
 Non-repudiation  Self Destruct
 Proof of submission  Message Sequence
 Proof of delivery integrity
 Message flow
confidentiality
 Anonymity
Email Security
Privacy
 End to End Privacy
 If Alice wants to send Message to Bob, Carol
 Choose a Random no. ‘S’
 Encrypt message using ‘S’
 S{m}
 Encrypt ‘S’ with Each user’s Key
 Bob’s name : KBob {S}
 Carol’s name: KCarol {S}
 Message sent:
To : Bob, Carol, Ted
From : Alice
Key-info: Bob-234234525432
Key-info: Carol-739873243348
Msg-info: 2h42h34ljh758gj57g546jh7g4j5hv67rgfdgddg

 Is the above encryption done using Public or Secret Key ??

Email Security
Authentication of Source

 Using Public Keys

Alice can digitally sign the message using her
private key, which will assure Bob that Alice wrote
the message.
Signing is done by Alice first computing a hash of
the message (mostly via MD5) and then signing
the message digest.
 Q. Why is a message digest used when its
perfectly possible to sign the message itself ?
Email Security
Authentication of Source
 Using Secret Keys
Alice can prove her identity by showing that she
knows the secret key
Alice computes MAC (Secret checksum using
shared secret key)
The MAC is computed for each recipient.

Each recipient confirms the message via the

shared key and verifying the MAC
Email Security
Message Integrity

 With Source
Authentication
 Without Source
Authentication
Is Message integrity
Required ?
Email Security
Non Repudiation
 Based on Public Keys:
 Alice includes her public key signature on message
digest of message using her private key.
 Only Alice can sign message digest (since she knows
Private key). Anyone knowing Alice’s public key can
verify message.
 Based on Private Keys:
 Select a trusted service common to both Alice and
Bob (say
Notary N)
 N computes ‘Seal’ on message using a secret quantity
SN
Email Security
Non Repudiation
 Plausible Deniability based on public key
Alicepicks secret key ‘S’
Encrypts S with Bob’s Public key getting {S}
Bob

Signs {S}Bob with her Private key getting [{S}Bob]Alice

UsesS to compute MAC
Sends MAC, [{S} ]
Bob Alice ,Message to Bob

Bob will know message came from Alice since

she signed the encrypted ‘S’ but Bob cannot
prove anyone the contents of the message.
Email Security
Other issues

 Proof of submission (certification)

Compute message digest after appending
date/time to message
 Proof of delivery (return receipt)
Co-operation of recipient
 Message flow confidentiality
Use intermediate ‘friend’
 Anonymity
Give message to third party
Practical Issues
Who Benefits from Spam ?

 Concept of Spam
Spamming is the abuse of electronic messaging
systems to indiscriminately send unsolicited bulk
messages.

 How much is my email id worth ??

Practical Issues
Can someone confirm my email id actually exists ?
Practical Issues
Spam from Friends
 Emails :
 My Daughter is suffering from a serious illness called idiotitis and
requires E+ blood.
 My husband is missing ever since World war IV
 This is an exciting offer, get 1 at the cost of 2 !
 FROM THE DESK (AND TABLE AND CHAIR) OF MR.
HASSAN, YOU ARE NOW MY PARTNER OF A PROPERTY OF
1MILLION, SEND ME YOUR CREDIT CARD NUMBER.
 Messages commanding you to forward :
 “…forward this message or you will die in 3 hours”
 “...forward this to all your beloved friends”
 “...forward this if you believe in God”
 “...forward this if you really love your family”
Practical Issues
Hoaxes

 NASA predicts an meteorite shower this Tuesday.

 Microsoft, Hotmail, Yahoo and Google are going to
pay 1cent for every forward you make
 Warning ! Hard Disk eraser virus ! Its true, it
happened to my dad’s only son !
 Earn Rs. 2000/3000 per month sitting at home and
surfing the net.
 You have won 10 million Euros in the National
lottery !! Please Click here to confirm your email id.