Email Security Flashcards
What are the four main services PGP provides?
Pretty Good Privacy provides confidentiality, authentication, compression and compatibility.
True or false, PGP only works on linux operation systems?
False, it is independent of OS.
How does PGP authenticate?
Digital Signatures. SHA-1 is used to generate a 160 bit hash code. This Hash is then encrypted using RSA with the sender’s private key.
How does PGP provide integrity?
With the hash code generated in the digital signature.
Which symmetric encryption algorithms does PGP use?
CAST-128, IDEA or 3DES
How many times are symmetric keys reused in PGP? How long are these keys?
They are not reused. For each message, a new set of symmetric keys are generated and shared. The keys are 128 bits.
How are the keys exchanged in PGP?
Since the key is only used once, the symmetric key is bound to the message, and transmitted with it (after being encrypted with the receiver’s public key). There is an option to use Diffie Hellman for key exchange.
Do we encrypt the digital signature in PGP?
Yes, we encrypt it with the plaintext.
How does PGP compress what it sends? When does compression take place?
Using ZIP. This is done after signing, but before encrypting.
Which algorithm does PGP use for email compatibility?
Radix-64
What algorithm is S/MIME based on?
RSA
What are the four S/MIME functions?
Enveloping data, signing data, clear-signing data, signing and enveloping data.
What is S/MIME enveloping?
It involves encrypting any type of data.
Why might we need to clear-sign data in S/MIME?
To allow users who don’t use S/MIME to view the message.
Which algorithms does S/MIME use? Think about digital signatures, exchanging session keys, hashing, message encryption.
For digital signatures: DSS or RSA. For session key exchange: Diffie Hellman. For generating a hash for digital signatures: SHA-1. For message encryption: 3DES.
How do PGP and S/MIME use certificates?
S/MIME’s trust model is based around the use of CAs, but PGP has a more anarchic trust model.
How are message signatures verified in DKIM?
The receiver will verify by querying the sender’s domain directly, to obtain the appropriate public key.
Name some problems which DKIM can address?
Spam emails from unknown ips. Bulk spam attackers. Email based fraud schemes.
Which key signs a DKIM message?
The private key of the administrative domain from which the email originates.
Who queries the signatures?
The Mail Delivery Agent at the receiver end.
True or false, with S/MIME messages can still be secure if only one of the parties is using S/MIME?
False.
True or false, DKIM is not transparent to the user, as it takes place in their Message User Agent?
False. It is transparent and does not take place in the user agent.
What algorithm does DKIM use to sign?
RSA with SHA-256
If Alice wants to send Bob a message with PGP, how is the session key generated?
Alice will generate this, and encrypt it with Bob’s public key, and append it to the message.
Which protocol authenticates mail as coming from a certain domain?
DKIM
In which protocol are clients required to authenticate themselves before submitting emails for delivery.
SMTP/Auth
Which protocol authenticates an email message as coming from an organization’s authorized MTA.
SPF
Which protocol publishes Information about an organization’s authorized MTAs in DNS.
SPF
Which protocol ensures that email is submitted from a properly configured email client (and not a spam sending virus or open relay, for instance).
Smart Host
In which protocol is outgoing email submitted via the ISP’s MTA.
Smart Host
Where are PGP and S/MIME implemented?
In the mail user agent.
Name one problem with SMTP?
There is no built in authentication. The MAIL FROM field is set by the sender, and the recipients mail server only sees the IP address of the direct peer from which it received the message.
What is an open relay, and what might it do if it is hacked?
An open relay will forward SMTP messages to any destination. Normally, they will add the correct “RECEIVED” header revealing the IP source of the message, but a hacked one might not.
Why might spammers want to hide the source of their mail?
To avoid blacklists. This is why they often use botnets.
Name and describe some measures against spam.
Blacklisting dodgy IP addresses.
Greylisting new senders.
Use smart hosts, which do not allow outgoing traffic from their customers to port 25, and instead they must use their ISPs SMTP relay to send outgoing mail.
Use SMTP-auth, where the sender is required to authenticate first.
Use POP before SMTP, where you must check for incoming mail, before sending.
