1 / 11

An Analysis of IMAP Security

An Analysis of IMAP Security. CMPE 209 Presented By Divya Panchal Bepsy Paul Menachery. Agenda. What is IMAP State Flow Diagram Advantages of IMAP over POP3 Analysis of IMAP Security Future of IMAP Security Conclusion. What is IMAP. IMAP – Internet Message Access Protocol

finnea
Download Presentation

An Analysis of IMAP Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Analysis of IMAP Security CMPE 209 Presented By Divya Panchal Bepsy Paul Menachery

  2. Agenda • What is IMAP • State Flow Diagram • Advantages of IMAP over POP3 • Analysis of IMAP Security • Future of IMAP Security • Conclusion

  3. What is IMAP • IMAP – Internet Message Access Protocol • It is the most popular Internet Standard Protocol to retrieve email • The other protocol is POP3 • It will allow a client to access and manipulate electronic mail messages on server • IMAP4version1 assumes a reliable data stream such as that provided by TCP • When TCP is used IMAP4version 1 will listen on port 143

  4. Connection Establishment Server Greeting 1 Not Authenticated 2 4 3 Authenticated 6 5 7 Selected Logout Client Server Client Command [tag] [string line] Both sides close the connection Server Command [tag] [+] or [*] [string] State Flow Diagram

  5. Advantages of IMAP over POP3

  6. Analysis of IMAP Security • The basic IMAP sends username and pass word in clear • To secure IMAP, the use of Kerberos was recommended as part of SASL proposal • Another method is to use SSH for securing the IMAP messages. • A perfect solution is to use SSL or SSL wrapper to encrypt both login information and data in the messages.

  7. Analysis of IMAP Security (contd.) • The restriction of LOGIN command usage • Recommended use of STARTTLS • Must used cipher suite -TLS_RSA_WITH_RC4_128_MD5 [TLS] • Recommended cipher suite - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [TLS]

  8. Future of IMAP Security • With the demand for universal multi-device connectivity, IMAP is best suited for accessing email from different devices simultaneously • The importance of IMAP for both back-end and front-end user interfaces are increasingly popular • IMAP for use with client devices such as PDAs, Palm OS, Win CE and cell phones are becoming popular • Use of IMAP in messaging products are an essential requirement in the market

  9. Conclusion • IMAP when used by itself is not secure • IMAP used with secure mechanisms such as SSH, SSL or Kerberos is secure • With the demand for universal multi-device connectivity, the future of IMAP is very promising

  10. Refrences • http://tools.ietf.org/html/rfc3501 • http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol • http://www.ust.hk/itsc/email/tips/imap-or-pop.html • http://www.coruscant.demon.co.uk/mike/imap/security.html • http://security.fi.infn.it/tools/stunnel/index-en.html • Managing IMAP, 1st Editionby Dianna Mullet; Kevin Mullet

  11. Q &A

More Related