E-mail Risks
• Attacks on e-mails focus on:
- Delivery and execution of malicious code (malcode)
• Basic e-mail only ASCII text that can not be
directly executed
• malcode attacks (viruses etc.) Can be done using
the e-mail attachment
• Collaboration tools (like Microsoft Outlook) can
directly run malcode antecedent pd attach an e-mail
-Leakage of sensitive information that
-E-mail is sent clear text sbgai
Tapping email - confidentiality problem
• E-mail like a postcard (postcard) that can be read
by anyone. Open.
• Email sent by the MTA to "post office"
to be forwarded to the nearest "post office" next. Hopping. Until
finally at the destination.
• Potential intercepts can occur at any point of the
pass.
Protection against eavesdropping
• Use encryption to scramble the contents of the
letter
• Examples of protection: PGP, PEM
Fake Email
• Easily create fake email headers to make your own.
• fake email is then sent via MTA or directly via
SMTP
• Activities recorded in the server log file
Pretty Good Privacy: Hybrid Encryption System
• PGP (Pretty Good Privacy) is an encryption program
that has a fairly high level of security by using "private-public
key" as the basis autentifikasinya.
• PGP program created by Phill Zimmermannini have 2 versions
of the "USA version" and the "International version"
Pretty Good Privacy: Hybrid Encryption System
• PGP USA version can only be used in the USA and by
the citizens of the USA alone
• USA's version of the RSA algorithm (which has been
a patent) in the encryption.
• International Version MPILIByang algorithm
specially created by Phil Zimmermann himself.
The concept of PGP
• PGP uses "private-public keys" as the
basis for authorization
• Each time you create a key, PGP will create two
keys (a pair) that is
Private-key
Public-key
• Private keyadalah key known only to
ourselves.
• Public key keyadalah we tell people that we trust.
• The public key is used as the basis pengenkripsian
process documents that can only be opened by someone who has the private key
corresponding
The concept of PGP
• Message in a symmetric encryption, the password is
the session key (random)
• Session key is encrypted by asymmetric
• Both combined and shipped together
PGP implementation examples
• Adi has 2 key is the key of A (consisting of a
private key and a public key A) and key B (consisting of private key and public
key B B). Later, Hanna will send a confidential e-mail to Adi. Hanna has
obtained the public key of B Adi himself. After that, Hanna running the program
PGP to encrypt e-mails that will be sent to Adi using public key B. When Adi
receive e-mail from Hanna, he uses PGP program for decryption. PGP will ask the
private key corresponding to the private key B. So, Adi can only decrypt the
e-mail by using the private key B alone.
Internet Wiretapping