Email Security

Presented By: Sailesh Shrestha

12 December 2024, Thrusday
 Email Security

• Email security deals with unauthorized access and inspection of email.

• The unauthorized access can happen while email is in transit or rest on

email server.

• Email has to travel through the internet which is very vulnerable.

Types of f Email Attacks
Key benefits of Email Security
Integrated Email Security Framework
Best Practices of Email Security
Email Security policy implementation
Components involved in Email Security
 Secure transmission of emails

• PGP (Pretty Good Privacy)

• S/MIME (Secure/Multipurpose Internet Mail Extension)

 PGP (Pretty Good Privacy)

• PGP stands for Pretty Good Privacy (PGP) which is invented by Phil Zimmermann.

• PGP was designed to provide all four aspects of security, i.e., privacy, integrity,
authentication, and non-repudiation in the sending of email.

• PGP uses a digital signature (a combination of hashing and public key encryption) to
provide integrity, authentication, and non-repudiation.

• PGP uses a combination of secret key encryption and public key encryption to provide
privacy.

i.e. the digital signature uses one hash function, one secret key, and two
private-public key pairs.
 PGP (contd …)

• PGP is an open source and freely available software package for email security.

• PGP provides authentication through the use of Digital Signature.

• It provides confidentiality through the use of symmetric block encryption.

• It provides compression by using the ZIP algorithm, and EMAIL compatibility using the
radix-64 encoding scheme.

• Using PGP the message is encrypted on your device before it passes over the internet.

• Only the recipient has the key to convert the text back into the readable message on
their device.
 Why Do You Need PGP ?

• Prevents information from being modified during transfer.

• Protects sensitive information from unauthorized access.

• Allows the secure sharing of information with multiple parties.

• Verifies the authenticity of email senders.

• Prevents the recovery of deleted sensitive data.

• Ensures emails communications are not intercepted.

 How PGP Works?

PGP at the Sender site (A)

 How PGP Works?
PGP at the Receiver site (B)
PGP transactions
 PGP pros

• Valuable information is always protected, when transmitted over the Internet.

• Information can be shared securely with others.

• Verification of the sender of information ensures you are not being spoofed by a third party.

• Total assurance that files cannot be altered without your knowledge.

• Smaller files are sent over the Internet as they are always compressed before encryption.

• In-built key manager - securely manage yours and others keys.

• Little user training required.

 PGP cons
• Requires a software

• Can’t send encrypted email if you don't have the recipient public key.

• Both the sender and the receiver must have compatible versions of PGP.

• PGP is more complex, and it is less familiar than the traditional symmetric or asymmetric
methods.

• As encryption methods are very strong so, it does not retrieve the forgotten passwords results in
lost messages or lost files. No recovery once deleted or lost.
 S/MIME

• S/MIME stands for Secure/Multipurpose Internet Mail Extension

• S/MIME is standard for exchanging secure mails with help of encryption.

• IT provides support for varying content.

• Supported by major email client applications.

 S/MIME Functions

• Enveloped Data
• Encrypted content and Associated keys.

• Signed Data
• Encoded message and Signed digest

• Clear-signed data
• Clear text message and encoded signed digest

• Signed & Enveloped Data

• Nesting of signed and encrypted entities.
S/MIME – signed email
S/MIME – Encrypted email
 PGP vs S/MIME

S.N. PGP S/MIME

1. It is designed for processing plain texts It is designed to process email as well as many multimedia files.
2. PGP is less costly as compared to S/MIME. S/MIME is comparatively expensive.
3. PGP is good for personal as well as office use. It is good for industrial use.
4. PGP is less efficient than S/MIME. It is more efficient than PGP.
5. It depends on user key exchange. It relies on a hierarchically valid certificate for key exchange.
6. PGP is comparatively less convenient. It is more convenient than PGP due to secure transformation of all apps.
7. PGP contains 4096 public keys. It contains only 1024 public keys.
8. PGP is the standard for strong encryption. It is also the standard for strong encryption but has some drawbacks.
9. PGP is also be used in VPNs. It is not used in VPNs, it is only used in email services.
10. PGP uses Diffie hellman digital signature. It uses Elgamal digital signature.
11. PGP is used for Securing text messages only. S/MIME is used for Securing Messages and attachments.
12. Their is less use of PGP in industry . S/MIME is widely used in industry.
13. Convenience of PGP is low. Convenience of S/MIME is High.
14. Administrative overhead of PGP is high. Administrative overhead of S/MIME is low.
Q&A ?

Contact information for follow-ups

email: [email protected]
Thank You !!!