Al-Azhar University – Gaza Deanship of Postgraduate Studies Faculty of Engineering & Information Technology Master of Computing and Information System Analysis and Evaluation of Email Security Prepared by Mohammed Ahmed Maher Mahmoud Al-Nakhal Supervised by Dr. Ihab Salah Al-Dein Zaqout A Thesis submitted in partial fulfillment of the requirements for the degree of Master of Computing and Information Systems 2018 جامعةةةةةةةةةة ةةةةةةةةةة – غةةةةةةةةةة عمةةةةةةةةةاا لعل اةةةةةةةةةا لع ةةةةةةةةةا ك هلنعا وتكنولوج ا ملع وما ماجسةةةاحل بواةةةم وعلةةةت ملع ومةةةا حتليل وتقييم أمن الربيد اﻹلكرتوني إعداد الباحث حممد أمحد ماهر حممود النخال إشراف الدكتور/ إيهاب صﻻح الدين زقوت قدمت هذه الرسالة استكماﻻً لمتطلبات الحصول على درجة الماجستير في الحوسبة ونظم المعلومات من كلية الهندسة وتكنولوجيا المعلومات – جامعة اﻷزهر – غزة 2018 قَالُوا سُبْحَانَكَ لَا عِلْمَ لَنَا إِلَّا مَا عَلَّمْتَنَا إِنَّكَ أَنْتَ الْعَلِيمُ الْحَكِيمُ صدق اهلل العظيم سورة البقرة ) آية 32( i Dedication To my parents who take my hands and walk me among the ports of life, what is clear in their paths. Thanks to them and hope from Almighty Allah to keep them for me and extend in their age ... To my loving, forgiving and supportive wife who created the atmosphere for me to complete this work. To my brother Mahmoud and sisters Dema and Dania …... To the martyrs of Palestine who fought for the sake of Almighty Allah. ii Acknowledgment The prophet Mohammad (Peace Be Upon Him) says, “He who does not thank people, does not thank Allah “. Completing and issuing such dissertation would not have been possible without the help and support of the people who ably guided this dissertation through the whole process. I feel greatly indebted to the supervisor DR. Ihab Zaqot for his continuous support, guidance and caring, I would also like to thank the Faculty members who have made every effort for me, Dr. Ahmed Mahmoud and Dr. Yosef Abo Shaaban, I would also like to thank Prf. Sami Abu Nasser who taught how to write researches and papers which published in scientific journals. Great thanks for Dr. Ahmed Maher Al Nakhal, my dear father, for helping in writing such desertion and proof reading. Completing this work would have been all the more difficult were it not for the support and friendship provided by the other members of the master of Computer and Information System in Al-Azhar University, I am indebted to them for their help. iii Abstract A new idea is proposed for encrypting electronic messages by using algorithms that are circulated through a key agreed upon by the sender and receiver. The encrypted message is handled and stored in the database, the system is internal, and sends messages only to people registered in the system. If the system compromised or lost the user's password, the message remains encrypted and you need the same key to decrypt it, so the message is kept secret even if the account or system is lost. The system principle depends on the registry for authentication and then get permissions to use the commands related to sending, receiving and reviewing messages and others. The researcher has implemented two algorithms, i.e. the idea that the user has the right to choose encrypted algorithms for the message, the first algorithm is symmetric and the other is asymmetric. The proposed system will encrypt the messages upon the choice of the user. The encryption and decryption process were very successful for the two algorithms. The algorithms were called to encrypt messages and decrypt without any problems regarding encryption and decryption. The algorithms worked & was implemented pursuant to what planned by the researcher and gave expected results, the result is that encryption and decryption of text messages and storing the messages in the database are coded (E-code) consequently that a hacker cannot read text message content. Keywords: Encrypt, Decrypt, Authentication, Password-Based Key Derivation Function 2 (PBKDF2), Data Encryption Standard )DES). iv الملخص تم اقتراح و طرح فكرر ديدري شتير در اشرلراﻹل ارشكتروبدرت دالرتليام اشلوارالدرا اشتر دتم تياوشها دالتليام ل تاح لت ق علده لن قدل اشلرلل واشلتلق . دتم لعاشدت اشرلاشت اشلي ر وتلادبهررا فررر قاعررري اشددابررا ودكررون اشب ررام يالليدررا ودرلررل اشرلرراﻹل فقررط شرر ا يررلا اشللدلدن ف اشب ام . ذا كان اشب ام قري ترام الترقره فو فقري كللرت اشلررور اشلامرت داشللرتليم ت ل اشرلاشت لي ر وتحتاج ش ب س اشل تاح ش ك تي درها شذشك بدق اشرلاشت لرردت حتر فر حاشررت فقرري اشحلررال فو اشب ررام .دعتلرري لدرريف اشب ررام علرر اشتلررددل شللمررايقت ولررن ررم اشحمررول علر فذوبرا تلرتليام ا والرر اشلتعلقرت د رلرال وتلقر ولرادعرت اشرلراﻹل و درهرا .قرام اشداحر دتب دررذ لرروارالدتدن فر فكررر فن اشللررتليم شيدرره اشحررق فرر التدررار لوارالدررا شتيرر در اشرلرراشت اشبمرردت اشلوارالدررت ا وشرر لتلا لررت وا لرررغ دررر لتلا لررت .لرردقوم اشب ررام اشلقترررح دتيرر در اشرلرراﻹل دبرررا علرر التدرررار اشللرررتليم .شقرري كابرر عللدررت اشتيرر در وفررك اشتيرر در بادحررت درريا شللرروارالدتدن . ان عللدررت الررتيعا اشلوارالدررا شتيرر در اشرلرراﻹل وفررك تيرر درها تلرر يون فر ليرراكل تتعلررق داشتيرر در وفررك اشتيرر در . شقرري ب ررذ و عللرر اشلوارالدررا وفقيررا شلررا لطررط شرره اشداحرر وقرريل اشبترراﻹو اشلتوقعررت و اشلردررو و قرري كابرر اشبتددررت هرر فن تيرر در وفررك تيرر در اشرلاﻹل اشبمدت وتلادن اشرلاﻹل ف قاعي اشددابا درتم ترلداهرا وداشتراش ت دلرتطدا اشللتررق اشهاكر قرا لحتوغ اشرلاﻹل اشبمدت. الكلمات المفتاحية: اشتي در فك اشتي در اشلمايقت فذوبا قاعي ددابا كللت تي در ل تاح تي در. v Table of Contents ABSTRACT .......................................................................................................................... I V .................................................................................................................................... الملخص DEDICATION .................................................................................................................... II ACKNOWLEDGMENT ................................................................................................... III TABLE OF CONTENTS .................................................................................................. VI LIST OF ABBREVIATIONS ............................................................................................. X LIST OF FIGURES........................................................................................................... IX CHAPTER ONE INTRODUCTION ..................................................................................1 1.1 INTRODUCTION ..........................................................................................................2 1.2 STATEMENT OF THE PROBLEM............................................................................4 1.3 OBJECTIVES .................................................................................................................5 1.3.1 MAIN OBJECTIVES ....................................................................................................... 5 1.3.2 SPECIFIC OBJECTIVES ................................................................................................. 5 1.4 SIGNIFICANCE OF THE THESIS .............................................................................5 1.5 SCOPE AND LIMITATIONS OF THE THESIS .......................................................5 1.5.1 MAIN SCOPE ................................................................................................................ 6 1.5.2 MAIN LIMITATIONS ..................................................................................................... 6 1.6 METHODOLOGY .........................................................................................................6 1.7 THESIS OUTLINE ........................................................................................................7 CHAPTER TWO LITERATURE REVIEW ....................................................................8 INTRODUCTION ................................................................................................................9 2.1 PRETTY GOOD PRIVACY (PGP) .............................................................................9 2.2 PRIVACY ENHANCED MAIL (PEM) .....................................................................10 2.3 THREATS ON EMAIL ...............................................................................................10 2.3.1 EAVESDROPPING ........................................................................................................ 10 2.3.2 IDENTITY THEFT ........................................................................................................ 10 2.3.3 MESSAGE MODIFICATION ......................................................................................... 11 2.3.4 FALSE MESSAGES ...................................................................................................... 11 2.3.5 UNPROTECTED BACKUPS .......................................................................................... 11 2.3.6 REPUDIATION ............................................................................................................. 11 2.3.7 EMAIL SPOOFING ....................................................................................................... 11 vi 2.3.8 EMAIL SPAMMING ..................................................................................................... 11 2.3.9 EMAIL BOMBING ....................................................................................................... 12 2.3.10 SENDING THREATS ..................................................................................................