Design And Implementation Of Secure Email Model Based On Building Automation Process

E-mail is one of the most used Internet applications with Web technologies.Used for varied applications-personal,professional,associative,political,it tends to take a more prominent place compared to the traditional means of communication.In addition to its low cost,e-mail has the advantage to optimize communication and dissemination of information.Thus become the primary means of communication for many companies,its use in the exchange of sensitive or confidential material is not without problems.Standardized protocols which allow implementing messaging applications have indeed been designed in the 1970s,time in which Internet security issues were not yet.Unfortunately,with e-mail appeared its perverse effects:spam,viruses,etc.To launch advanced attacks,cybercriminals often use spear(spear phishing)messages as well as attachments and other parts malicious links.These e-mail attacks regularly circumvent traditional protection systems based on signatures,such as antivirus software and spam filters.This paper describes a secure email system especially how to design and implement a personal email system by handling both symmetric-key and asymmetric techniques.The system model includes an email management module for sending and receiving email,message encryption module which performs the email encryption and decryption and a session key encryption module to encrypt the session key by managing public and private keys.Thus the system implementation can be summarized as follow:·Before encryption process,emails management module is in charge to send and receive emails.For that the email servers Postfix for sending and Dovecot for receiving have been implemented on a Linux platform by using their commands.· Then the message encryption module is implemented to encrypt the email or the message to send by using the symmetric-key with AES encryption.Concerning the session key,it generates randomly with the library OpenSSL.· The session key encryption module performs the asymmetric technique to encrypt the session key by using RSA encryption technology.From the public and private keys,the library OpenSSL is used to get all useful information such as public and private key exponent,the modulus..To allow the user reading the email,the decryption process is developed to get first the session key with the recipient private key then decrypt the message by using that session key.All these modules have been implemented to remedy the email security issues.In this project,both symmetric and asymmetric encryption known as hybrid encryption have been used to enforce the security.The user can encrypt an email then uses a secure channel by RSA to send the session key to his correspondent.So the recipient will receive two messages,the first one is the message encrypted and the second one is the session key encrypted.As a result of the project on building automation,the tool interface used is the Linux shell interface.All the sending email process must be transparent to the user,easily handy and especially reliable with all security precautions.