L3. Describe how confidentiality and integrity can be provided for email messages. Flashcards
What is confidentiality in emails?
Confidentiality means protecting personal information, so confidentiality in email means the email content can’t be read by anyone other than the sender and the intended recipient.
What is integrity in emails?
The integrity of something is its state of being a united whole, so integrity in email means the received message is complete and unaltered.
How can confidentiality and integrity be provided for email messages?
Through various cryptographic methods and protocols, digital signatures, and hash functions
What are the two main email encryption protocols?
S/MIME (Secure/Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy)
What type of encryption does PGP use?
PGP uses a combination of asymmetric and symmetric cryptography to secure emails. PGP encrypts the email content with a symmetric key, which is then encrypted with the recipient’s public key.
What type of encryption does S/MIME use?
S/MIME utilizes public key certificates for encryption and decryption.
How can TLS be used for email encryption?
TLS can be used to encrypt the communication channel between mail servers (SMTP, IMAP, POP3). This ensures that the message is encrypted during transit, but not necessarily stored encrypted.
How can digital signatures be used to ensure email integrity?
A digital signature is an encrypted hash value.
When the sender wants to sign a message, they first create a hash of the message. A hash function (like SHA-256) takes entire message and produces a fixed-size string of characters (the hash value), which uniquely represents the content of the message. Any change in the message, even a tiny one, will result in a completely different hash value.
The sender then encrypts this hash value using their private key. This encrypted hash value is the digital signature. The encryption of the hash ensures that the signature is unique to both the content of the message and the sender.
The sender sends the original message along with the digital signature to the recipient.
How does a recipient verify a digital signature?
Upon receiving the message, the recipient creates a hash of the received message using the same hash function the sender used. The recipient then decrypts the digital signature using the sender’s public key.
Finally, the recipient compares the decrypted hash value with the hash they computed from the received message. If the two hash values match, it means the message has not been altered in transit and the signature is authentic, verifying the sender’s identity.
How does PGP and S/MIME do digital signatures?
PGP: Allows the sender to sign the email with their private key.
S/MIME: Also supports digital signatures, using certificates issued by trusted Certificate Authorities (CAs).
How can email confidentiality and integrity both be ensured?
By a combination of encryption and digital signtures.
How are encryption and digital signatures combined?
Encrypt-Then-Sign: The email content is first encrypted for confidentiality. The encrypted content is then signed for integrity. This ensures that even if the signature verification fails, the email content remains confidential.
Sign-Then-Encrypt: The email content is first signed to create a digital signature. Both the email content and the signature are then encrypted. This approach ensures the integrity of the original content and the confidentiality of both the content and the signature.
How does PGP implement encryption and signatures?
Users create key pairs (public/private) and exchange public keys. When sending an email, the content is encrypted with the recipient’s public key and optionally signed with the sender’s private key.
How does S/MIME implement encryption and signatures?
By utilizing public key certificates issued by CAs. Users obtain certificates and use them to encrypt outgoing emails and decrypt incoming ones. They also sign outgoing emails to ensure integrity and authenticate the sender.
What is a digital certificate?
Certificates are digital documents used to verify the identity of entities (such as websites, individuals, or organizations) and to facilitate secure communication over networks.
