Hands-on Lab 7 - Email Security
Hands-on Activity
(DUE March 30, 2006 by 11:55 p.m. EDT)

Email has been and is one of the most widely used applications on the Internet. It is also one of the biggest security vulnerabilites. This assignment introduces you to several areas of email security including PGP (Pretty Good Privacy) for encryption, sending and receiving anonymous email, and sending and receiving malicious mail.

Pre-assignment:

  1. Create a new Hotmail or gmail account named CPSC6128-fl where fl are your first and last name initials.
  2. Download and install PGP (http://www.pgpi.org/download) [The PGP Plugin for MS Outlook (Express) only work if you purchase the Personal Version]
  3. Create a PGP Key pair (this should be done automatically). If not, you can review chapter 3 of the manual that was installed with PGP
  4. Configure PGP
  5. Save your Public Key and send me the file in WebCT [or email me that it's created and I can pick your key from the keyserver
  6. You can now encrypt messages by typing the message, putting it into the clipboard, adn encrypting and sending. You can also encrypt the file and send it as an attachment.

Assignment:

  1. Sending an encrypted e-mail message
    1. Encrypt a message (MESSAGE1) with your private key and send it to me at waynesummers@gmail.com
    2. Encrypt a message (MESSAGE2) with my public key and send it to me at waynesummers@gmail.com
    3. Encrypt a message (MESSAGE3) first with your private key and then with my public key and send it to me at waynesummers@gmail.com
    4. Answer the following questions for each message
      1. Who can read the message?
      2. Am I sure that you sent the message?
    5. Receiving an encrypted e-mail message from me
      1. Open the message (MESSAGE1) with your private key.
      2. Open the message (MESSAGE2) with my public key.
      3. Open the message (MESSAGE3) first with your private key and then with my public key.
      4. Answer the following questions for each message
        1. What was the message?
        2. Who can read the message that I sent?
        3. What do you know about the sender?
      5. Sending/Receiving Anonymous email
        1. Read the information about Sneakemail at (http://www.sneakemail.com/).
        2. Use Sneakemail to send me an anonymous email (to get credit for the assignment, include your name in the message).
        3. Examine the anonymous email I sent you.
          1. What was the message?
          2. Who is the sender?
          3. What is the email address of the sender?
          4. Use File | Properties | Details | Message Source to answer the following:
            1. Who is the real sender?
            2. What is the SMTP server for the sender?
            3. What is the IP address for the sender?
      6. Creating a hidden malicious file attachment
        1. Create the rogue attachment
          1. Launch Notepad
          2. Enter text notepad.exe
          3. File|Save As with filename ImportantFile.doc.bat with 100 spaces between .doc and .bat
          4. Send this file to me as an attachment
        2. Receiving a rogue attachment
          1. Open the ".doc" attachment.
          2. Explain what happened.

      Post-assignment: Answer the following questions -

      • How secure is PGP?
      • How could your private key be compromised?
      • What encryption algorithms are supported by PGP? Which one is prefered and why?