Trusted S/MIME Gateways

The utility of Web-based email clients is clear: a user is able to access their email account from any computer anywhere at any time. However, this option is unavailable to users whose security depends on their key pair being stored either on their local computer or in their browser. Our implementation seeks to solve two problems with secure email services. The first that of mobility: users must have access to their key pairs in order to perform the necessary cryptographic operations. The second is one of transition: initially, users would not want to give up their regular email clients. Keeping these two restrictions in mind, we decided on the implementation of a secure gateway system that works in conjunction with an existing mail server and client. Our result is PKIGate, an S/MIME gateway that uses the DigitalNet (formerly Getronics) S/MIME Freeware Library and IBM\u27s 4758 secure coprocessor. This thesis presents motivations for the project, a comparison with similar existing products, software and hardware selection, the design, use case scenarios, a discussion of implementation issues, and suggestions for future work

Consulting in computer systems and software

This report aims to describe the work I have done during my project in company. It is part of my second year in the Master of Computer Engineering – Mobile Computing of the School of Technology and Management of the Polytechnic Institute of Leiria. During this experience, I was assigned two missions. The first one is about the study of a S/MIME solution for email security and the second one is about the improvement of Microsoft Office 365 security score. For both missions I had material at my disposal and some instructions were given to me. I began by analysing the situation, and then established a state of the art in terms of technologies used. Then, thanks to my knowledge, I simulated virtual computer networks, tested encryption solutions, determined what were the best security practices, automated my work by scripting, reported the difficulties, and provided a detailed documentation about my work. The solutions produced respond to the problems, and they are functional. For the first mission, client machines can send S/MIME emails in a virtual network. For the second mission, the scripts and the tool provided allow to improve Microsoft Office 365 security score

Representing ASN.1 in Z

ASN.1 (Abstract Syntax Notation One) has been increasingly used in defining the data structures used in internet security protocols. In this paper we present a framework for translating ASN.1 specification into Z. We use a restricted version of ASN.1, which is however sufficiently powerful to specify important network communication protocols. Finally, we present an example of translation based on the Cryptographic Message Syntax of S/MIME

Methods for the E-mail Encryption

Postoje mnoge prijetnje što se tiče sigurnosti elektroničke pošte. Iz tog razloga, stručnjaci su razvili razne metode za zaštitu elektroničke pošte. Većina metoda se temelji na PGP i S/MIME standardima. Ovi standardi koriste različite algorimte za različite funkcije koje pružaju. PGP i S/MIME se koriste u većini suvremenih metoda za enkripciju elektroničke pošte kao što su aplikacije, dodatci ili klijenti elektroničke pošte s ugrađenom enkripcijom. Svaka od metoda ima svoje prednosti i nedostatke, a korisnik bi treba pronaći metodu koja mu najviše odgovara te ju dobro proučiti kako bi mogao na siguran način koristiti elektroničku poštu.There are many threats in case of E-mail security. Therefore, experts have developed different methods for E-mail protection. Most of these methods are based on PGP and S/MIME standards. These standards use different algorithms for different functions that they provide. PGP and S/MIME are used in most of the modern methods for E-mail encryption such as applications, add-ons or E-mail clients with embedded encryption. Each of these methods have their pros and cons and user should find and learn a method that suits him the most so he can use E-mail in a safe way

Implementasi Protokol S/MIME pada Layanan E-mail Peningkatan Jaminan Keamanan Secara Online pada Kantor PT Tammar Frasti

Implementation of information system technology has been changing all aspects of human life, such as the human’s way of communicationthat is initially conventional into digital way. E-mail is a service provided by information technology system as a means to exchange information digitally. Even though communicating using e-mail has many advantages,it is vulnerable to digital attackers, such as tapping. Security is the key to securing information containedin e-mail. PT. TAMMAR FRASTI is a business organization that deals with Information Technology infrastructure among private companies that exchange their daily confidential information using e-mail online. S/MIME is one of the alternative security that can be implemented in e-mail. The final result of this research is the design of S/MIME protocol implementation in e-mail service for PT. TAMMAR FRASTI applying cryptographic techniques in the form of digital signatures and / or encryption proven to meet the aspects of information security. By implementing S/MIME, information security aspects such as confidentiality, integrity, authentication and non-repudiation expected by PT. TAMMAR FRASTI may be successfully realized

Deploying a New Hash Algorithm

The strength of hash functions such as MD5 and SHA-1 has been called into question as a result of recent discoveries. Regardless of whether or not it is necessary to move away from those now, it is clear that it will be necessary to do so in the not-too-distant future. This poses a number of challenges, especially for certificate-based protocols. We analyze a number of protocols, including S/MIME and TLS. All require protocol or implementation changes. We explain the necessary changes, show how the conversion can be done, and list what measures should be taken immediately

The Value of User-Visible Internet Cryptography

Cryptographic mechanisms are used in a wide range of applications, including email clients, web browsers, document and asset management systems, where typical users are not cryptography experts. A number of empirical studies have demonstrated that explicit, user-visible cryptographic mechanisms are not widely used by non-expert users, and as a result arguments have been made that cryptographic mechanisms need to be better hidden or embedded in end-user processes and tools. Other mechanisms, such as HTTPS, have cryptography built-in and only become visible to the user when a dialogue appears due to a (potential) problem. This paper surveys deployed and potential technologies in use, examines the social and legal context of broad classes of users, and from there, assesses the value and issues for those users

Distributed Key Management for Secure Role Based Messaging

Secure Role Based Messaging (SRBM) augments messaging systems with role oriented communication in a secure manner. Role occupants can sign and decrypt messages on behalf of roles. This paper identifies the requirements of SRBM and recognises the need for: distributed key shares, fast membership revocation, mandatory security controls and detection of identity spoofing. A shared RSA scheme is constructed. RSA keys are shared and distributed to role occupants and role gate keepers. Role occupants and role gate keepers must cooperate together to use the key shares to sign and decrypt the messages. Role occupant signatures can be verified by an audit service. A SRBM system architecture is developed to show the security related performance of the proposed scheme, which also demonstrates the implementation of fast membership revocation, mandatory security control and prevention of spoofing. It is shown that the proposed scheme has successfully coupled distributed security with mandatory security controls to realize secure role based messaging