Security Protocols


Mail

PEM

PEM stands for Privacy Enhanced Mail standard. It was proposed by IAB (Internet Activities Board) to provide secure mail over the Internet. It allows secret-key and public-key cryptosystems. It allows encryption, authentication and key management. More information can be found in RFCs 1421-1424.

S/MIME

MIME stands for Multipurpose Internet Mail Extensions. It allows e-mail to include enhanced text, graphics, audio and more. More information can be found in RFC 1521. Well, S/MIME (Secure/Multipurpose Internet Mail Extensions) adds encryption and digital signatures to MIME documents. Check also http://www.rsa.com.

PEM-MIME or MOSS

PEM-MIME is similar to S/MIME, and it is also known as MOSS, that's MIME Object Security Standard.

Web and general security protocols

S-HTTP

S-HTTP stands for Secure Hypertext Transfer Protocol. It supports multiple key management mechanisms and cryptographic algorithms. To exchange key, it can use RSA, out-band, in-band and Kerberos. Out-band refers to an external key agreement, while in-band refers to internal key agreements via S-HTTP protected message in another session. Kerberos is a method where a server (Kerberos server) keep involved keys. S-HTTP can use several cryptographic algorithms such as DES, Triple-DES, DESX, IDEA and RC2. To know more: http://www.terisa.com.

SSL

SSL stands for Secure Socket Layer. This handshake protocol was developed by Netscape Communications Corporation. It consists of 2 phases, but the second phase is optional. During the first phase this protocol uses RSA cryptosystem to exchange keys, and several secret-key algorithms to encrypt messages such as DES, Triple-DES, IDEA, RC2 and RC4. In the first phase, a client send a request and the server reply with its certificate and its cipher preferences. At this point, the client generates a master key and encrypt it by using the server public-key, then transmits that secret-key to the server. Now the server recovers the master key and authenticates itself by sending an encrypted message (encrypted by the master key) to the client. Finally subsequent data is encrypted with keys derived by the master key. During the second phase, the server send a message to the client, and the client authenticate itself to the server by returning its digital signature and its public-key certificate. This protocol operates at the transport layer.

PCT

PCT stands for Private Communication Technology and was developed by Microsoft and Visa. It is similar to SSL but there are some differences. For example, message authentication and message encryption use different keys. This difference is quite important, because encryption key length may be limited by export restrictions, while there isn't this restriction for authentication. So PCT can use for authentication longer keys than keys used for encryption, and therefore it can be more secure.

S/WAN

S/WAN stands for Secure/Wide Area Network, and it provide specifications for IPsec architecture. It supports encryption at the IP level to ensure interoperability among firewall and TCP/IP products. S/WAN uses RC5 algorithms with key size ranging from 40 bit s to 128 bits (the 40 bit limit is due to export restrictions). Unlike S-HTTP and SSL, S/WAN operates at a lower level, and so, these protocols could work together synergistically.

Index           Home  Back       About  Contact us!

Copyright (c) 1998-2006 Wowarea