Lecture 7 of IT security course is about Security in Application which concentrates on Electronic Mail Security. Lecture start with En.Mohd Zaki explained on what is an email. According to him, an email (Electronic mail) is the exchange of computer-stored message by telecommunication. An email message is usually encoded in ASCII text and consists of two parts which are header and body separated by blank line. The header consists of sender, recipient, date, and subject and delivery path while body consists of actual message content.
Besides that, En.Mohd Zaki told us that there are security provided in E-mail which is confidentiality, data origin authentication, message integrity, non-repudiation of origin and key management. Data origin authentication and non repudiation of origin can be provided by digital signature which has been register at Verisign. Confidentiality can be provided by login function while message integrity can be provided by message encryption.
However, email also exposed to some threats which is generally divided into two main group such as threats to the security of email itself and threats to an organization that are enabled by the use of an email. Loss of confidentiality, loss of integrity, lack of data origin authentication, lack of non-repudiation and lack of notification of receipt are email security threats. All these threats will causes disclosure of sensitive information either deliberate or unintentional, exposure of systems to malicious code where view email through html is vulnerable to virus attack, exposure of systems to denial of service attacks and spamming.
En.Mohd Zaki told us that in order to secure email, S/MIME and PGP can be used. S/MIME allows flexible client-client security through encryption and signatures. PGP is similar to S/MIME by using encryption for confidentiality and signature for non-repudiation or authenticity. However, PGP is not secure if public key and private key is not register.
Besides, En.Mohd Zaki also explained to us about web security which includes security of server, security of client, and network traffic security between a browser and a server. Web security can be implement using SSL/TLS, SSH and SET. SSL/TLS are widely used in web browsers and servers to support secure e-commerce over HTTP by providing secure channel for sending credit card information and personal details. However, it only secures to customer side but not secure at receiving side. SSH is designed to replace secure rsh and telnet utilizes to support secure file transfer and email. SSH provides security at Application layer and install at server side. SET is an open encryption and security specification designed to protect credit card transactions on the Internet. It uses SSL to secure communication links.
Lastly, En. Mohd Zaki proceeds to biometric topic. Biometric refer to authentication techniques that rely on measurable physical characteristic that can be automatically checked.
| Physiological (Static) biometric method | |
| Biometric Identification | Description |
| Fingerprint recognition | Analysis of an individual’s unique fingerprints. |
| Retinal scan | Analysis of the capillary vessels located at the back of the eye. |
| Iris scan | Analysis of the colored ring that surrounds the eye’s pupil. |
| Hand geometry | Analysis of the shape of the hand and the length of the fingers. |
| Face | Analysis of facial characteristics using visible and infrared light. |
| Behavioral (dynamic) biometric methods | |
| Biometric Identification | Description |
| Signature recognition | Analysis of the way a person signs his name. |
| Speaker recognition | Analysis of the tone, pitch, cadence and frequency of a person’s voice. |
| keystroke dynamics | Analysis of the coloured ring that surrounds the eye’s pupil. |
No comments:
Post a Comment