An e-mail is a message made up of a string of ASCII characters in a format specified by RFC 822. It consists of two parts, separated by blank line which is the header (sender, recipient, date, subject, delivery path) and the body: containing the actual message content. The security provided in an email are Confidentiality, Data origin authentication, Message integrity, Non-repudiation of origin and Key management.
Security in Email :
S/MIME
S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of e-mail encapsulated in MIME.
S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFCs. S/MIME was originally developed by RSA Data Security Inc.
S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption). S/MIME functionality is built into the vast majority of modern e-mail software and interoperates between them.
PGP
PGP is a freeware and commercial email and file encryption utility. It is also discussed in the chapter "Security Mechanisms".
Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is a replacement for rlogin, rsh, rcp, and rdist.
HTTPS
Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encryption and secure identification of the server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems. HTTPS should not be confused with Secure HTTP (S-HTTP) specified in RFC 2660
SFTP
SFTP, or secure FTP, is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in the clear over the network. It is functionally similar to FTP, but because it uses a different protocol, you can't use a standard FTP client to talk to an SFTP server,can connect to an FTP server with a client that supports only SFTP.
Web Security
Web security included 3 parts:
1. Security of server.
2. Security of client
3. Network traffic security between a browser and a server.
Security of server and security of client are problems of computer security. Network security can considered at different level, for examples:
§ network level: use IPSec,
§ Transport level:Use SSL (Secure socket layer) or TLS (Transport layer security)
§ Application level: Use PGP,S/MIME,SET(Secure Electronic Transaction).
Secure Socket Layer (SSL)
SSL is developed by Netscape. The main part of SSL contains several protocol: SSL Handshake protocol, SSL change cipher spec protocol, SSL alert protocol, and SSL record protocol.
Secure Shell (SSH)
1. Initially designed to replace insecure SSH, telnet utilities.
2. Secure remote administration (mostly of Unix system).
3. Extended to support secure file transfer and email.
4. Latterly, provide a general secure channel for network application.
5. SSH-1 flawed, SSH-2 better secure security (and different architecture).
Secure Electronic Transaction (SET)
SET is an open encryption and security specification designed to protect credit card transaction on the internet. SSL secures communications between a client and a server.
Biometric
Biometrics is the measurement and statistical analysis of biological data. In IT, biometrics refers to technologies for measuring and analyzing human body characteristics for authentication purposes. Biometric has two types which are Static and Dynamic. The biometric methods for Static (also called physiological) are authentication based on a feature that is always present. In the other hand, Dynamic uses authentication based on a certain behavior pattern as their biometric method. We also studied one of the Static types which is fingerprint recognition. It uses Sensors and Integrated products.
