Iaetsd secure emails an integrity assured email

Proceedings of International Conference on Advances in Engineering and Technology

ISBN : 978 - 1505606395

SECURE EMAILS: AN INTEGRITY ASSURED EMAIL SYSTEMS USING PKI Mohd Yousuf

Md Touseef Sumer

Dept. of Computer science & Engineering Maulana Azad National Urdu University Hyderabad yousuf.asifia@gmail.com

Dept. of Electronics and Communication Engineering Maulana Azad National Urdu University Hyderabad touseefsumer@yahoo.com

Abstract - Most important aspect of any application is security. Complex business systems, e-Commerce and automated business transactions require robust security measures. Companies using the internet environment as a platform to conduct business have a better probability of success if there is security. However, for e-commerce on the internet, additional security and integrity mechanism becomes necessary. Merchants are typically not willing to ship goods or perform services until a payment has been accepted for them. Authentication can allow for a measure of non-repudiation so the customer cannot deny the transaction occurred. Similarly, consumers need assurance that they are purchasing from a legitimate enterprise, rather than a hacker’s site whose sole purpose is to collect credit card numbers. With the changes in today’s business environments and the shift from the traditional face-to-face business models, mechanisms must be developed to ensure that trusted relationships are maintained. The PKI message service is intended to provide mechanisms to ensure trusted relationships are established and maintained. PKI Message Service with PKI Plug-in demonstrates how public key cryptography supports risk management requirements and solves e-commerce security problems in network environments. This is one such application which provides necessary security services to users. This application is also intended to help organizations determine their requirement and necessity for a PKI, and what features are needed for their specific business. The PKI Message Service and PKI Plug-in may find its application in business transactions, banking, military etc.

I. INTRODUCTION As SMTP email is an open protocol in that a message can be intercepted and read by any number of third parties. When you send an email message, that message can be seen and read by anyone who comes in contact with the message; just like a postcard. For example, your message may pass through a number of Internet Service Providers on its journey and administrators for these ISPs will almost undoubtedly have access to the contents of messages that you send. When we talk about secure email, we are talking about the ability to secure a message in such a way that the contents of that message remain private between you and your intended recipient and vice versa. This is achieved through encryption. A second (and arguably more important) issue with SMTP email is that it is open to abuse and manipulation. It is very easy for a third party to forge an SMTP message and make up its content and address details. This act of impersonation is commonly known as spoofing. From this perspective, SMTP email is also unsecure. Therefore, any solution for secure email should not only provide encryption for privacy but also ideally authentication and validation that messages are genuine and can be guaranteed to have originated from the apparent sender. The act of validating the authenticity of a message is known as digital signing.

keys from hardware crypto-tokens such as Aladdin/SafeNet etokens. It also provides for accessing private keys from local file system. The public keys are maintained by the server of the PKI Message Service, thereby acting similar to a Key Distribution Centre (KDC).The users of this mailing application can send messages which are encrypted, digitally signed or signed and encrypted to their respective destinations. The users who receive these messages from other users of the same application can decrypt, verify or verify and decrypt the messages from their peers. The asymmetric cryptographic functions offered by the PKI Message Service is provided by software programs typically coded in JAVA which run on the client side of the PKI Messaging Service application. The PKI Message Service employs a server to manage user’s public key certificates and other details. The Server scripts are typically coded in PHP, HTML, CSS and JavaScript along with the services of a Database to store all the related user information. The purpose of having such an application on the web reduces effort to create and maintain similar such applications on multiple platforms. This application is platform independent and serves well in Microsoft Windows, Mac OS X Systems.

III. PKI FEATURES AND APPLICATIONS PKI is a security architecture that has been introduced to provide an increased level of confidence for exchanging information over an increasingly insecure internet. PKI expands as Public Key Infrastructure, which is the most common method II. REVIEW OF PKI on the internet for authenticating a sender or encrypting a The PKI Message Service is a mail application which is based message. Public key infrastructure encompasses comprehensive on the idea of PKI. PKI assumes the use of key cryptography, security technologies and policies using cryptography and which is the most common method on the Internet for provides standards for fundamental computing infrastructure authenticating a message sender or encrypting a message. The improvement [1].PKI involves the hardware, software, policies, mail application provides Information Security of user messages and standards that are necessary to manage SSL (Secure Socket over insecure networks such as the Internet. This application Layer) certificates. A PKI lets users: [1] Authenticate other can be deployed in domains where monetary transactions users more securely than standard usernames and passwords. happen seldom.The PKI Message Service offers two-factor [2] Encrypt sensitive information. [3] Electronically sign authentication of messages sent, therefore providing privacy, documents more efficiently. authentication, integrity, and non-repudiation; these being The PKI technology works with a pair of keys. One of referred as the PAIN properties satisfied by most of application the two keys may be used to encrypt information which can pertaining to Security. The Message Service having been based only be decrypted with the other key. One key is made public on the idea of PKI is bound to use asymmetric keys for its 1 and the other is kept secret. The secret key is usually called the operations. The application provides services to access private www.iaetsd.in International Association of Engineering and Technology for Skill Development

Proceedings of International Conference on Advances in Engineering and Technology

private key. Since anyone may obtain the public key, users may initiate secure communications without having to previously share a secret through some other medium with their correspondent.PKI enables users of an insecure public network to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. PKI provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Although the components of a PKI are generally understood, a number of different vendor approaches and services are emerging. Meanwhile, an internet standard for PKI is being worked on.PKI binds public keys with a person so in a way that allows users to trust the certificate. Public Key Infrastructures most commonly use a certificate authority (also called a Registration Authority) to verify the identity of an entity and create unforgeable certificates. Web browsers, web servers, email clients, smart cards, and many other types of hardware and software all have integrated, standards-based PKI support that can be used with each other. A PKI is only as valuable as the standards that are established for issuing certificates [1]. IV. APPLICATIONS OF PKI: The most widespread use of PKI is server identification of certificates. SSL requires a PKI certificate on the server to assert its identity in a trustworthy manner to the client. Every HTTPS (Hyper Text Transport Protocol Secure) web server connection uses SSL and therefore also uses PKI. This outreach web focuses on client-side applications of PKI using end user PKI certificates instead of or in addition to server certificates [2]. Client-side applications of PKI fit into three main categories:  Authentication  Digital signatures  Encryption Authentication applies to any application that needs to know with assurance the identity of the user and that the user is actually the one who is present. Traditional authentication typically uses usernames and passwords. PKI provides a more secure alternative to this whereby identity is proven by possession of a private key instead of a password. A password is still usually required to protect the private key, but that password is managed by the user instead of shared with the application server (a major improvement in security).Digital signatures enable a user to put their "digital signature" on an electronic document. This is directly analogous to signing in pen on a paper document except it goes one step further and associates the exact contents of the digital document with the signature in a way that makes tampering with the document's contents after the signature easy to detect. Again, it is possession of the private key that assures that only the owner of the PKI digital credentials could have executed the signature. Encryption is standard protection of data in a file with a twist. Anyone can encrypt data intended to be read by a particular user by using their public key for the encryption process, but only the designated user possesses the private key that can decrypt the data, so its privacy is assured by the security of their private key [2]. Some of the popular PKI applications:

www.iaetsd.in

ISBN : 978 - 1505606395

[I] Authentication [A] Web applications [a] Portals [b] Student information systems [c] Library online journals [B] Network appliances [a] VPN concentrators [b] Firewalls [c] Wireless access points [II] Digital signatures [A] S/MIME secure email (sign individual emails) [B] Electronic document processing [a] Signing XML forms [b] Signing electronic documents [c] Paperless authorization processes [C] Instant messaging (sign each message)[D] Encryption [a] S/MIME secure email (encrypt individual emails) [b] Instant messaging (encrypt each message) V. WHO PROVIDES THE INFRASTRUCTURE? A number of products are offered that enable a company or group of companies to implement a PKI. The acceleration of e-commerce and business-to-business commerce over the internet has increased the demand for PKI solutions. Related ideas are the virtual private network (VPN) and the IP security (IPsec) standard [4]. Among PKI leaders are: [1] RSA, which has developed the main algorithms used by PKI vendors.[2] VeriSign, which acts as a certificate authority and sells software that allows a company to create its own certificate authorities.[3] GTE Cyber Trust, which provides a PKI implementation methodology and consultation service that it plans to vend to other companies for a fixed price.[4] Xcert, whose Web Sentry product that checks the revocation status of certificates on a server, using the Online Certificate Status Protocol (OCSP).[5] Netscape, whose Directory Server product is said to support 50 million objects and process 5,000, queries a second.[6] Secure E-Commerce, which allows a company or extranet manager to manage digital certificates.[7] MetaDirectory, which can connect all corporate directories into a single directory for security management. VI. INFORMATION SECURITY AND PAIN PROPERTIES PKI technology is used in the project, because of its property of information security. Privacy, authentication, integrity and non-repudiation services together provide Information Security. Privacy/Confidentiality -Data confidentiality is designed to protect the data from disclosure attack. It is designed to prevent snooping and traffic analysis attack. It is provided by encrypting the message using Public key of the receiver. Authentication - Authentication is used to check the authentication of the sender and receiver during the connection establishment. It is provides by encipherment, digital signature and authentication exchanges. Integrity - Data Integrity security service is used to ensure whether the integrity of the data has been preserved or not. It is provided by signing the message using private key of the sender and verifying the message using sender’s public key. Non-Repudiation - Non-repudiation service protects against repudiation by either sender or receiver of the data. In non-repudiation with proof of origin, the receiver of the data can later prove the identity of the sender if denied. In nonrepudiation with proof of delivery, the sender of the data can later prove that the data were delivered to the intended recipient. It is provided by digital signature, data integrity and notarization. VII. LITERATURE SURVEY

2 International Association of Engineering and Technology for Skill Development

Proceedings of International Conference on Advances in Engineering and Technology

Literature Survey aims to review the critical points of current knowledge including substantive findings as well as theoretical and methodological contributions on the topic. A. BASICS OF CRYPTOGRAPHY Cryptography is the practice and study of techniques for secure communication in the presence of third parties (adversaries). It is about constructing and analyzing protocols that overcome the influence of adversaries and which are related to various aspects in information security such as data confidentiality, data integrity, and authentication [6]. Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in practice by any adversary. It is theoretically possible to break such a system but it is infeasible to do so by any known practical means. These schemes are therefore termed computationally secure; theoretical advances and faster computing technology require these solutions to be continually adapted. Modern cryptography is based upon:  Symmetric-key cryptography  Asymmetric-key cryptography  Hash SYMMETRIC KEY CRYPTOGRAPHY Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both encryption of plaintext and decryption of cipher text. The encryption key is trivially related to the decryption key, in that they may be identical or there is a simple transformation to go between the two keys [7].The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. When used with asymmetric ciphers for key transfer, pseudorandom key generators are nearly always used to generate the symmetric cipher session keys. However, lack of randomness in those generators or in their initialization vectors is disastrous and has led to cryptanalytic breaks in the past. Therefore, it is essential that an implementation uses a source of high entropy for its initialization. A disadvantage of symmetric key algorithms is the requirement of a shared secret key, with one copy at each end. Since keys are subject to potential discovery by a cryptographic adversary, they need to be changed often and kept secure during distribution and in service. Choosing, distributing, and storing keys without error and without loss is difficult to reliably achieve. Cryptanalysis of symmetric key algorithms are easier when compared to that of asymmetric key algorithms. ASYMMETRIC KEY CRYPTOGRAPHY Asymmetric-key cryptography used two separate keys: one private and one public. If the encryption and decryption are thought of as locking and unlocking padlocks with keys, then the padlock with keys, then the padlock that is locked with a public key can be unlocked only with the corresponding private key [8]. Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cipher text. Neither key will do both functions. One of these keys is published or public and the other is kept private. If the lock/encryption key is the one published then the system enables private communication from the public to the unlocking key's owner. If the unlock/decryption key is the one published then the system

www.iaetsd.in

ISBN : 978 - 1505606395

serves as a signature verifier of documents locked by the owner of the private key. Thus, unlike symmetric key algorithms, a public key algorithm does not require a secure initial exchange of one, or more, secret keys between the sender and receiver. These algorithms work in such a way that, while it is easy for the intended recipient to generate the public and private keys and to decrypt the message using the private key, and while it is easy for the sender to encrypt the message using the public key, it is extremely difficult for anyone to figure out the private key based on their knowledge of the public key. The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys―a public encryption key and a private decryption key. The publicly available encrypting-key is widely distributed, while the private decrypting-key is known only to the recipient. Messages are encrypted with the recipient's public key and can be decrypted with the corresponding private key. The keys are related mathematically, but parameters are chosen so that determining the private key from the public key is prohibitively expensive [9]. The two main branches of public key cryptography are: Public key encryption: a message encrypted with a recipient's public key cannot be decrypted by anyone except a possessor of the matching private key―presumably, this will be the owner of that key and the person associated with the public key used. This is used for confidentiality. Digital signatures: a message signed with a sender's private key can be verified by anyone who has access to the sender's public key, thereby proving that the sender had access to the private key (and therefore is likely to be the person associated with the public key used), and the part of the message that has not been tampered with. HASH Hash is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value. It is also used in many encryption algorithms [10]. STEGANOGRAPHY The word Steganography means covered writing in contrast with cryptography. Steganography means concealing the message itself by covering it with something else [11]. The advantage of Steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages-no matter how unbreakable-will arouse suspicion, and may in them be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, Steganography can be said to protect both messages and communicating parties. However, it can also pose serious problems because it is difficult to detect. Network surveillance and monitoring systems will not flag messages or files that contain steganographic data. Therefore, if someone attempted to steal confidential data, they could conceal it within another file and send it in an innocent looking email. CRYPTOGRAPHY VS STEGANOGRAPHY The purpose of Cryptography and Steganography is to provide secret communication. However, Steganography is not

3 International Association of Engineering and Technology for Skill Development

Proceedings of International Conference on Advances in Engineering and Technology

the same as cryptography. Cryptography hides the contents of a secret message from a malicious people, whereas Steganography even conceals the existence of the message. Steganography must not be confused with cryptography, where we transform the message so as to make it meaning obscure to a malicious people who intercept it. Therefore, the definition of breaking the system is different. In cryptography, the system is broken when the attacker can read the secret message. Breaking a steganographic system need the attacker to detect that Steganography has been used and he is able to read the embedded message. In cryptography, the structure of a message is scrambled to make it meaningless and unintelligible unless the decryption key is available. It makes no attempt to disguise or hide the encoded message. Cryptography offers the ability of transmitting information between persons in a way that prevents a third party from reading it. Cryptography can also provide authentication for verifying the identity of someone or something.It is possible to combine the techniques by encrypting message using cryptography and then hiding the encrypted message using Steganography. The resulting stegoimage is transmitted without revealing that secret information is being exchanged. Furthermore, even if an attacker were to defeat the steganographic technique and detect the message from the object, he would still require the cryptographic decoding key to decipher the encrypted message [12]. VIII. PROGRAM MODULES  PUBLIC KEY CERTIFICATE VALIDATION The validation of the certificate is done with the help of the applet by checking the email id of the user and expiration date of the certificate. This date is verified with the server date to check if the certificate is valid. By this we validate the users public certificate.  ALADDIN E-TOKEN ACCESS To access the e-token we use JCE. The following is an extract of code to access the e-token. ---------------------------------------------------------------------------String os1=System.getProperty("os.name").toUpperCase(); if(os1.startsWith("WINDOWS")) { String configDir=""; if(os1.contains("Windows 9")) configDir = System.getenv("WinDir"); else configDir = System.getenv("SystemRoot"); String etoken_path=configDir+"\\system32\\eTPKCS11.dll"; String pkcs11ConfigSettings=""; if(os1.equalsIgnoreCase("WINDOWS XP") || os1.equalsIgnoreCase("WINDOWS NT") || os1.equalsIgnoreCase("WINDOWS 98") || os1.equalsIgnoreCase("WINDOWS 2000") || os1.equalsIgnoreCase("WINDOWS ME")) { pkcs11ConfigSettings ="name = SmartCard\n" + "library = "+etoken_path; } else {

www.iaetsd.in

ISBN : 978 - 1505606395

pkcs11ConfigSettings = "name = SmartCard\n" + "library = "+etoken_path+"\n"+"slot=2"; } byte[] pkcs11ConfigBytes = pkcs11ConfigSettings.getBytes(); ByteArrayInputStream confStream = new ByteArrayInputStream(pkcs11ConfigBytes); sun.security.pkcs11.SUNPKCS11 Class sunPkcs11Class = Class.forName("sun.security.pkcs11.SunPKCS11"); Constructor pkcs11Constr = sunPkcs11Class.getConstructor( Java.io.InputStream.class); pkcs11Provider = (Provider) pkcs11Constr.newInstance(confStream); Security.addProvider(pkcs11Provider); ----------------------------------------------------------------------------First, we check if the user operating system is windows; Sun PKCS#11 provider acts as a bridge between the Java JCA and JCE APIs and the native PKCS#11 cryptographic API, translating the calls and conventions between the two. Cryptographic devices such as Smartcards and hardware accelerators often come with software that includes a PKCS#11 implementation. For SafeNet e-token it is eTPKCS11.dll. We add this Security provider to access the e-token.  EXTRACTING PUBLIC KEY FROM CERTIFICATE (.CRT) The following is an extract of code to obtain public key from a .crt file. ----------------------------------------------------------------------------InputStream in=new FileInputStream("/Path/to/.crt/files"); CertificateFactory cf=CertificateFactory.getInstance("X.509"); X509Certificate cert=(X509Certificate)cf.generateCertificate(in); PublicKey pk=(PublicKey)cert.getPublicKey(); ----------------------------------------------------------------------------The variable in contains a reference to a .crt file. A X.509 certificate instance is obtained in the variable cf and the certificate is generated with the file stream in. The public key is extracted from the certificate object cert using the built-in function getPublicKey() which returns a reference of a PublicKey object pk.  EXTRACTING PRIVATE KEY Extracting Private Key from .p12 file on local file system. The following is an extract of code to obtain private key from a .pfx file on local file system. --------------------------------------------------------------------------KeyStore pfx = KeyStore.getInstance("pkcs12"); FileInputStream fin=new FileInputStream("path/to/private key/certificate.p12"); char[] password="user_password".toCharArray(); pfx.load(fin,password); fin.close(); String alias=”alias name of the .pfx file of interest”; pfx.getCertificateChain(alias); KeyStore.PasswordProtection pass=new KeyStore.PasswordProtection(password); KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) pfx.getEntry(alias, pass); PrivateKey myPrivateKey = pkEntry.getPrivateKey(); ----------------------------------------------------------------------------

4 International Association of Engineering and Technology for Skill Development

Proceedings of International Conference on Advances in Engineering and Technology

Java Cryptographic extension provides a Keystore to store private keys and certificates. A keyStore object type pkcs12 is obtained to a variable pfx. The variable fin holds the reference of the certificate file on the local file system. A function load() which takes two arguments, a file reference and the corresponding passcode to the file loads the certificate. The alias variable holds an alias name of the certificate which helps identify the certificate in the keystore. The PasswordProtection object is initialized with the passcode. Entry to the E-Token is obtained with the built-in function getEntry() which takes two arguments, the alias and the password. The function getPrivateKey() returns a reference to the private key stored in the certificate.  Loading Aladdin E-token and Extracting private key from a .p12 certificate. The following is an extract of code to load the E-Token, and obtain a private key from a .p12 file. ----------------------------------------------------------------------------KeyStore keyStore = KeyStore.getInstance("PKCS11"); String Pass=”passcode_of_e-token”; keyStore.load(null, Pass); // loads the token. String alias=”alias name of the .pfx file of interest”; keyStore.getCertificateChain(alias); KeyStore.PasswordProtection pass=new KeyStore.PasswordProtection(password); KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, pass); PrivateKey myPrivateKey = pkEntry.getPrivateKey(); ------------------------------------------------------------------------Here an instance of PKCS11 keystore is obtained since e-token are categorized under PKCS11 standards. All other procedures to extract the private key remain the same, as explained in the above section.  SIGNING MESSAGES The following is an extract of code which sign a message with SHA-512 and RSA. ----------------------------------------------------------------------------import Java.security.*; privateKey =(PrivateKey) keyStore.getKey(alias_dup, null); Signature instance = Signature.getInstance("SHA512withRSA"); instance.initSign(privateKey); instance.update((sign1_extra.text1).getBytes()); byte[] signature = instance.sign(); char[] signature1 = Base64Coder.encode(signature); sign1_extra.s5=new String(signature1); String text2=sign1_extra.text1+":"+sign1_extra.s5; char[] c2=Base64Coder.encode(text2.getBytes()); ---------------------------------------------------------------------------The variable alias_dup is the alias name of the private key certificate in the e-token. The variable sign1_extra.text1 contains the text which is to be digitally signed. The variable signature contained the signed data which is encoded using base64 encoder and stored in signature1. The original text and the signed data are concatenated and stored in the character array c2.  VERIFYING MESSAGES The following is an extract of code to verify digital signatures. -----------------------------------------------------------------------------

www.iaetsd.in

ISBN : 978 - 1505606395

import Java.security.*; Signature instance1=Signature.getInstance("SHA512withRSA"); instance1.initVerify(publicKey); instance1.update(sig2_text_split.getBytes()); if(instance1.verify(sig2)){System.out.println("true"); String param=sig2_text_split; Object[] params = {param}; verify3.browserWindow.call("f1", params); System.exit(0);} --------------------------------------------------------------------------The variable sig2_text_split contains the original text. The Signature object is initialized with the signature algorithm. The function call verify(sig2) verifies the digital signature on the variable sig2.  ENCRYPTING MESSAGES Messages are encrypted with RSA algorithm. ----------------------------------------------------------------------------Cipher pkcipher=Cipher.getInstance("RSA/ECB/PKCS1Padding"); pkcipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] buffer = plaintext.getBytes("UTF-8"); byte[] encrypted = pkcipher.doFinal(buffer); byte[] encoded = Base64Coder.encode(encrypted); ----------------------------------------------------------------------------The above code illustrates encrypting and encoding plain text messages. A pkcipher is initialized with RSA in ECB mode. The plaintext message is converted to a byte representation of the String. The function doFinal() takes one argument, buffer and encrypts the data in the buffer returning an array of encrypted bytes. The encrypted bytes are encoded to base64 format to enable the database to store the encrypted data.  DECRYPTING MESSAGES Messages are encrypted with RSA algorithm. ----------------------------------------------------------------------------Cipher pkcipher=Cipher.getInstance("RSA/ECB/PKCS1Padding"); pkcipher.init(Cipher.DECRYPT_MODE, privateKey); byte[] bts = Base64Coder.decode(encrypted.toCharArray()); byte[] text = pkcipher.doFinal(bts); ----------------------------------------------------------------------------The above code decrypts an encrypted data. First the encoded data is decoded with a base64 coder. The decoded text is decrypted by the pkcipher initialized with the RSA algorithm in decrypt mode. The function doFinal() returns decrypted bits. SIGNING AND ENCRYPTING MESSAGES The message is first digitally signed with the private key of the sender. This signature is encrypted with the public key of the receiver. This double encryption satisfies all properties of PAIN. DECRYPTING AND VERIFYING MESSAGES This operation takes place at the receiving end. Messages which are signed and encrypted are fed to this operation. The secure message is first decrypted with the private key of the receiver and the signature on the data is verified with the public key of the sender. IX. OUTPUTS

5 International Association of Engineering and Technology for Skill Development

Proceedings of International Conference on Advances in Engineering and Technology

a.

ISBN : 978 - 1505606395

PKI MESSAGE HOME PAGE

e.

SELECTING A PRIVATEKEY CERTIFICATE FROM THE KEYSTORE OF E-TOKEN

b.

c.

NEW USER REGISTRATION

COMPOSING A TEXT MESSAGE

X. CONCLUSION There is an increasing need for secure system with increase in cyber fraud and crimes. With advancement in technology, internet is now an alternative workspace for cloud users and users of online project management services. Users of such services work on data of private nature, which may be detrimental to them if there happened to be a change in the integrity of these data. PKI is an emerging technology based on Asymmetric cryptography which proposes certain practices which ensure information or data security.PKI Message service is based on PKI and provides information security to user messages through Privacy, Integrity, Authentication of end users and Non-Repudiation services. PKI Message Service ensure security of data over insure networks. PKI Message Services’ dependence on certificates issued by CA makes it more a reliable service. PKI Message Service proves to be useful in the Online Banking, Online Purchasing and other areas where security happens to be a critical concern. PKI Message can also be embedded into social networking sites to provide a higher level of security XI. ACKNOWLEDGMENT This work is to enable more security for Complex business systems, e-Commerce and automated business transactions who uses internet service. XII. REFERENCES

d.

www.iaetsd.in

DIGITALLY SIGNING A TEXT MESSAGE

[1].http://www.dartmouth.edu/~deploypki/overview.html [2].http://www.dartmouth.edu/~deploypki/application.html [3].http://www.blogs.technet.com/b/indust2006/06/438895.aspx [4].http://www.2.dir.texas.gov/pubs/srrpubs13-providers.aspx [5].http://www.en.wikipedia.org/wiki/certificate_authority [8].http://www.en.wikipedia.org/wiki/Public-key_cryptography [9].http://www.it.toolbox.com/wik/Asymmetric_key_encryption [10].http://www.en.wikipedia.org/wiki/Cryptographic_function [11].http://www.en.wikipedia.org/wiki/steganography [12].http://www.vspages.com/Cryptography-vs-Steganography4 [13].http://www.technet.microsoft.com/cc77982(v=ws.10).aspx [14].http://www.cca.gov.in/ [15].http://www.redbooks.ibm.com/redbooks/pdfs/s924978.pdf

6 International Association of Engineering and Technology for Skill Development