569 Semantic Web. Dr. J. Lu University of windsor, Project Presentation Encrypted Web service...

569 Semantic Web . Dr. J. Lu University of windsor , Project Presentation Encrypted Web service application

Encrypted E-mail Web Application

Presented by: Aqila Dissanayake & Tarik EL-amsy


Motivations

When you send an email, do you realize that it can easily be read:

–By anyone who works for your Internet Service Provider

–By anyone who works for the recipient's internet service provider

–By anyone who operates any of the perhaps dozens of Internet routers that your data packets will pass through

–By anyone with physical access to the telephone switching equipment in the phone company's office


Services Used

neuroFuzz Cryptographic Web Service

http://www.neurofuzz.com/modules/cryptoService/cryptoSOAP.php?wsdl

SendEmail E-mail Servicehttp://www.abysal.com/soap/AbysalEmail.wsdl


neuroFuzz Crypto Service This is a cryptographic web service that allows a user

encrypt/decrypt a text using a key. The encryption algorithm implemented is the block-

cipher AES Rijndael with a 256-bit block size and 32-bit key size.

In June 2003, the US Government announced that AES (Advanced Encryption Standard) may be used for classified information:“The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths”.

This marks the first time that the public has had access to a cipher approved by NSA for TOP SECRET information.

The service is provided free of charge.


Symmetric key

AES algorithm uses a symmetric key; which means it utilizes the same key to encrypt and decrypt a message.

In other words both the sender and the receiver should utilize the same key to encrypt and decrypt a message.


SendEmail This is a web service that lets a user send an E-

mail to any e-mail address from any e-mail address.

It uses the SMTP (Simple Mail Transfer Protocol) Abysal-WebDTP server for this purpose.

This service is executed on one of the Abysal Systems webDTP application servers, through a simple C language program. This program uses the denoted Abysal-SOAP API (Application Programming Interface).


New Application Generated The new application constructed is a web

application that lets a user send an encrypted e-mail message to a user.

The receiving user can use the web application to decrypt the message using the symmetric key.

The application provides a user friendly interface which even a novice to the concept of cryptography can use

The only thing the user needs to be aware of is that the receiving user needs to utilize the same key to decrypt the message.


Integrating the services

The user would write down his e-mail in normal text.

Then, the user would choose to encrypt the text.

A key needs to be used for encryption.

The program provides the user with the option of automatically generating a key or entering his or her own key.


Integrating the services It is assumed the user exchanges the key data with

the communicating party with some non-Internet based method (snail-mail, sneaker net, POTS (plain old telephone service))

Utilizing this key, the user needs to send the text to the Neurofuzz web service to be encrypted.

The Neurofuzz crypto service will return the encrypted text to the e-mail program

Then the user will fill out all the required info such as the receivers e-mail address and the senders e-mail address and send the e-mail.


Integrating the services

At this step to send the e-mail the SendEmail web service will be called and the encrypted text will be sent to this service. This web service will send the e-mail on behalf of the user.

Once the receiver receives the e-mail, to read it he or she needs to decrypt the message, for this the same key that was used to encrypt the message should be used.

Once the ciphertext is sent to the Neurofuzz crypto service along with the correct key, it will be decrypted and the plaintext message will be returned to the user. The user can read the message after this step is completed.


Limitations of the application

The application is only capable of sending one e-mail at a time.

In a way it makes sense, because if more than two users utilize the same key it can be considered as a security risk.

Still, if one needs to send a message to two e-mail addresses of the same user (at the same instance), the application won’t achieve the task.

The limitation is inherited from the SendEmail web service. The service limits the number of target e-mail addresses to one.


Difficulties

Difficulty in locating web services was one of the major problems in this project.

The Neurofuzz crypto service was the only web service that was found to contain any encryption/decryption technique. Even though there are many encryption standards available today there weren’t any other cryptographic web services available.

When it came to finding an e-mail web service, it seemed as though there were a fair number of e-mail services.

Most of them were not working because of the WSDL

file being unavailable or they required authentication.


Difficulties (cont’) It was difficult to find a web service to integrate

with the cryptographic web service.

One of cryptography's primary purposes is hiding the meaning of messages, but not usually their existence. In other words cryptography is about communicating in the presence of adversaries.

For this purpose we had to find a web service that involves communication.

There were many choices such as SMS (Short Message Service) which is widely available for mobile devices, IM (Instant messaging) and E-mail.

Encryption service can be implemented on top of any of those services, but for it to be practical we chose E-mail as our other web service.


This application is available atThis application is available athttp://137.207.234.251/CryptEmail/http://137.207.234.251/CryptEmail/

Email.aspxEmail.aspx


References

Hans Delfs and Helmut Knebl, Introduction to Cryptography, Principles and Applications

Why you should use Encryptionhttp://www.goingware.com/encryption/

Advanced Encryption Standardhttp://en.wikipedia.org/wiki/Advanced_Encryption_Standard

http://www.xmethods.com

SendEmail Web Servicehttp://www.xmethods.net/ve2/ViewListing.po?key=uuid:E9CC365B-B3B0-339C-0D3F-71D033ACB0CC

neuroFuzz Crypt Servicehttp://xmethods.org/ve2/ViewListing.po;jsessionid=vdcuYX5Qcszs6KTCZhhSW_wX(2MgVnSRM)?key=uuid:D6E52F11-C2B7-58DD-699B-36646ABD7F28

569 Semantic Web. Dr. J. Lu University of windsor, Project Presentation Encrypted Web service...

Documents

Transcript of 569 Semantic Web. Dr. J. Lu University of windsor, Project Presentation Encrypted Web service...