Advanced E-Mail and Certificate Security

From March 11, 2013 to March 12, 2013

This Workshop recapitulates the basics of encryption, digital signature and X.509 certificates in order to gain a basis for the understanding of PKI, S/MIME, PGP and related standards.

Organizational and user specific conditions as well as certifcate handling in different operating systems, browsers and applications are shown in order to understand the pitfalls that must be addressed, before implementing a solution for e-mail security.

Finally, different approaches for securing e-mail communication like Gateway-to-Gateway encryption, TLS, S/MIME, PGP, DRM et al. are discussed and evaluated in accordance to their architectural, organizational and technical implications as well as in relationship to their operational feasibility and their security benefit.

Agenda

Basics of e-mail security relevant crypto: encryption, hashing and digital signature.
X.509-based certificates.
PKI architecture and certificates management.
S/MIME and PGP.
The Qualified Electronic Signature (QES).
Mail signature and encryption components in operating system architectures (Windows and Linux).
Pitfalls of certificate handling in Windows, Linux and Apple based browser and e-mail clients.
Different approaches for secure e-mail communication and their architectural, organizational and technical implications: individual mail encryption, gateway encryption, DRM.

Friedwart Kuhn

Friedwart Kuhn is a renowned expert for Active Directory security and has performed a huge number of projects both in the concept and design space and in the pentesting and incident analysis field.