Arvutiteaduse instituut
  1. Kursused
  2. 2019/20 sügis
  3. Infoturve (MTAT.07.028)
EN
Logi sisse

Infoturve 2019/20 sügis

  • Home
  • Lectures & labs
  • Homework & course rules
  • Exam
  • News
  • Links

Secure email exchange

Table of contents

  • Introduction: secure email exchange
    • Security issues regarding regular email
    • How to solve the security issues of regular email exchange?
  • Lab tasks
    • Instruction for starting the virutal machine
    • PGP task
    • Signal task
  • Extra information
  • Additional reading



The aim of this lab is to introduce the students to the real life usage of public key cryptography. You will be able to generate keypairs, learn to share the public keys over internet and learn which risks are involved, use the public keys to encrypt and private key to sign emails, verify that the emails are correctly signed, etc. In addition, we will try to use the Signal Messanger as it provides a more secure version of end-to-end encryption and is more usable than the software that we use to encrypt emails.

Technical information about the lab:

All of the required software is already provided to you in the form of a virtual machince. The virtual machine can be started the same way as it was done in the first lab. We will also write down the instructions on the whiteboard. In case you are not able to attend the lab, then you have two options in case you want to solve the lab tasks:

  1. Preferred way: download the virtual machine and use that to solve the tasks (it will probably take a few hours).
    1. You will need around 25 GB of free space to download and use the virutal machine.
    2. You will need to install Oracle VirtualBox to run the virtual machine on your own computer. Make sure to also install the extension pack from the same website.
    3. Download the virtual machine (it is around 12 GB) and double click the .ova file to start importing it in Oracle VirtualBox.
    4. Click next / ok / import until you see the progress bar, then wait a few minutes until importing finishes.
    5. Select the "Information security lab - 2019" from the left side list in the main window of Oracle VirtualBox and then click start (or just double click on the name).
    6. Enter the password (the same as in the previous lab, 6 characters, hint: name of the course). PIM must be left empty, just hit enter and wait a few minutes for VeraCrypt to process the password and decrypt the information.
    7. Now Windows should start to load. The password for Windows user is the same as it was previously for VeraCrypt, just like in the first lab.
    8. Now move on to read the introduction, background information and then start solving the lab tasks. For some of the lab tasks you may have to create two email accounts, in case you are not able to do the lab together with other students. You may also try to send the lab emails to the lab instructor and he will reply but with a delay (so completing the lab might have to be paused for some hours or a days).
    9. You have time until the deadline of the second homework to solve the lab tasks.
    10. In case you are not able to get the virtual machine to work then the instructor is not able to help you remotely. Then you can either try to find help from the Internet or take your computer to the next lecture and then ask for help before or after the lecture.
    11. Now the keyserver should be reachable also without using the university VPN connection. However, in case you can still not access the keyserver, then notify us as then we can restart the server.
  2. Alternative: download all of the required software on your own and try to get it to work. We are not able to provide support regarding the issues that you face when installing and configuring the software. You will have to solve these issues on your own. The lab instructions will tell you which software you will need.

How email exchange works

Simple Mail Transfer Protocol (SMTP) is used to transmit emails both between the user and email server and between the mail servers. However, email client software is commonly configured to use SMTP only for sending emails. In order to receive emails client software uses either IMAP or POP3.

IMAP protocol is commonly used nowadays as it provides support for multiple simultaneous clients. Therefore, with IMAP it is possible to view emails in both the smartphone and in a laptop without the emails being deleted from the server. However, POP3 is an older protocol that first fetches the mail and then deletes it from the server which means that by default mail can be downloaded to a single device.

One might wonder if SMTP, IMAP and POP3 always encrypt the email traffic in order to protect confidential information from leaking. Actually, all of these protocols support the transmission of data over SSL / TLS but this is an optional feature. Special ports are reserved for these protocols to transmit data over SSL / TLS. Secure SMTP is called SMTPS and it uses port 465. Secure IMAP is called IMAPS and it uses port 993. Secure POP3 is called POP3S and it uses port 995. It is obvious that the extra S in the abbreviations stands for secure and it just means that the protocol is used inside of a SSL / TLS session. Most email servers support the secure versions of these protocols but the user may have to configure the email client software to use the correct port.


Source: Wikimedia

There is a feature that enables encryption even for the plain SMTP, IMAP, POP3 and this feature is called STARTTLS. STARTTLS adds SSL / TLS by default if the corresponding mail server supports this. Most well known email providers have enabled support for STARTTLS. However, if a mail server does not support STARTTLS, then the user will have to configure the email client software to use a port that provides an encrypted connection.

Security and privacy issues of email exchange

The protocols that are used to exchange emails are not designed to take security and privacy seriously. These protocols were designed to get the job done in an environment where security was not so relevant. However, these protocols are still alive and it is difficult to modify them or to replace them with more secure protocols.

By default email is not encrypted, some links between the mail servers might be encrypted but this does not mean that the content of the email can not be intercepted, read and modified. It might be possible to encrypt the links between the mail clients and mail servers but while the mail is routed through the Internet it might pass servers that do not support encryption. In addition, as the content of the mail is not end-to-end encrypted, the mail servers are able to read the contents of the emails.

Some SMTP servers support STARTTLS which enables to automatically switch from an unencrypted connection to an encrypted connection over SSL / TLS. However, STARTTLS is mostly supported by the major email providers and many servers still do not provide this option. When STARTTLS is not available and the mail client is not forced to use a secure mail exchange protocol then the email is exchanged in plaintext, i.e., in an unencrypted form.

A message transfer agent (MTA) is used to relay emails from one mail server to another. MTA uses SMTP and deals with receiving messages and relaying messages. It is important to note that MTA-s do not have to communicate with each other over TLS/SSL. If one of the MTA-s does not support TLS/SSL then the email is exchanged in plaintext. In case an email is sent to a mail server that does not support TLS/SSL then it is guaranteed that the email will be transmitted in plaintext at least in one transmission step. Therefore, STARTTLS and secure mail exchange protocols do not provide confidentiality during the transmission of the email as one of the mail servers might not support TLS/SSL. Even when all links during the transmission of the email are secured by encryption the contents of the email can leak as the mail servers are able to read the email in plaintext. Therefore, one needs to trust the MTA-s while sending emails but this is not a very wise thing to do when the contents of the emails are confidential.


Source: OASIS

In addition, it is important to notice that the metadata in the header of the email can not be encrypted as this information is required for relaying the emails. Therefore, it is possible to intercept the metadata that contains: sender email address, recipient email address, sender ip, recipient ip, date, time, title of the email. This data is public and the mail exchange protocols do not provide means to protect such information.

Risks that are related with email communication:
  • the contents of the emails can be intercepted and saved
  • the contents of the emails can be modified
  • the contents of the emails can become public information
  • it might be possible to use someone else's identify

A very good overview of the security issues of email is given by the article Neither Snow Nor Rain Nor MITM ... An Empirical Analysis of Email Delivery Security (2015). It is written by researchers from University of Michigan, Google, University of Illinois.

Solution for the privacy and security issues

There is no ideal solution for the described security and privacy issues. The best available solutions use end-to-end encryption but they are not widely used. In end-to-end encryption the message is encrypted in the sender's computer and decrypted in the recipient's computer, which means that the intercepting party can not get access to the contents of the message. End-to-end encryption of emails is provided by PGP/GPG and S/MIME. As an alternative, it is possible to use other communication means that provide end-to-end encryption. One popular alternative used to be Off-the-Record Messaging (OTR) but nowadays Signal is considered to be one of the most secure communication applications.

Today we are going to use PGP/GPG to encrypt and sign emails. You will also have to use Signal in order to solve one of the homework tasks.

S/MIME

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a mail exchange standard that is based on public key infrastructure. In addition to providing confidentiality by using encryption, non-repudiation by using signing, it also provides authentication and message integrity. Similarly to HTTPS, each end user should have a key pair and a certificate that binds the identity (email address) with the corresponding public key. The certificate has to be signed by a trusted certificate authority (CA).

In order to encrypt emails with S/MIME one would need to have the public key of the email recipient. Usually the public key can be accessed if the recipient has previously sent a signed email which contains the certificate and therefore also the public key.

S/MIME is supported by several mail clients but it is rarely used as one would have to get a certificate that is signed by a CA. However, S/MIME is widely used in Estonia as each ID-card owner has a certificate signed by a CA. It is possible to send encrypted and signed emails using the Estonian ID-card. In order to do that one would have to search for the corresponding certificate and then use the email address that is in that certificate. The email addresses in the ID-card certificates are of the following format: Surname.Lastname[.X]@eesti.ee.

PGP and GPG

Pretty Good Privacy (PGP) is a computer program that was created in 1991. It allows to encrypt and sign documents and emails. Similarly to S/MIME PGP is based on public key cryptography. Each PGP user has a key pair but it differs from S/MIME by the way how keys are managed. PGP is not centralized, i.e., it does not use public key infrastructure. Therefore, one does not have to get a CA to sign a certificate which makes it easier to start using PGP.

Instead of using public key infrastructure where trust relationships are created between CA-s, PGP uses something that is called a web of trust. In the web of trust everyone can choose how much trust is given out and then the decision is bound by signing the corresponding certificate. If many people enforce the trust by signing other peoples certificates then a social network of trust is created where trust is a transitive relation as shown on the following figure.


PGP trust relations. An ordinary arrow denotes that a certificate has been signed and the dotted arrow denotes a trust relationship. For example, as Dave trusts Alice and Alice has signed the certificate of Bob, then by the transitive relation Dave also trusts Bob, i.e., Dave believes that the corresponding public key really belongs to Bob. (Source)

Key servers are used to manage the trust relationships. One can download a certificate from the key server and also upload new signed certificates to the key server. Therefore, everyone can create new trust relations and publish them in the key servers.


Source: XKCD

Actually, PGP is an old commercial software product and therefore it is not used anymore. A standard called OpenPGP was created based on PGP in order to make the functionalities provided by PGP widespread. OpenPGP is supported by different software products which makes them interoperable. The most common and widespread software that follows the OpenPGP standard is GNU Privacy Guard (GnuPG or GPG). GPG is an open-source program that is available for free.

GNU Privacy Guard (GPG)

GPG allows to exchange emails and attached files in a secure manner. GPG allows to encrypt and sign emails which means that a third party is not able to secretly modify or read the contents of the emails. In addition, when an email is signed the the receiver can be sure who sent the email (actually, the receiver only knows that the sender had access to the corresponding private key).

GPG is considered to be one of the safest methods for encrypting data. However, GPG is not very popular and only a small group of people communicate by using GPG. Therefore, one can usually start using GPG only if the receiving party is instructed on how to setup GPG. There might be a situation when someone, e.g. a client, wants to submit confidential information and GPG provides a solution for this problem. Estonian citizens can use the encryption and signing functionalities provided by the ID-card but if the client is a foreigner then ID-card may not be an option. In such cases one could create an OpenPGP key pair for himself / herself or for the company. However, just creating the key pair is not enough, the key pair would also have to be published so that the clients could find the key. One option is to publish the key in addition to the key servers also to the company website in case the website is configured to use HTTPS.


Source: XKCD

Tasks for the lab

You should be using a virtual machine if you are attending the lab, otherwise installing the software would take too much time (and you would have to solve the issues on your own!). The virtual machine already contains the required software. If you already have a virtual machine (you were sitting in front of the same computer last time) then try to start it. If you don't have a virtual machine, then get a new one.

Instructions:

  1. Open "Oracle VirtualBox", you can find it from the start menu.
  2. Open from the menu "File -> Preferences -> General -> Default Machine Folder" and select the folder to be "LabData(O):\infoturve_2019\" or something similar if that folder does not exist. Click on the yellow folder icon in order to browse the existing folder. When you are done click OK.
  3. Import the virtual machine: "File -> Import Appliance ... -> click on the yellow folder and then browse into LabData(O):\infoturve_2019\infsec_2019_fall_ver2.ova. Click "Open" and then "Next".
  4. Change the name of the virtual machine by modifying the field "Name". To do that double click on row next to "Name". Now click "Import" and wait a few minutes until importing has been finished.
  5. Once importing has finished then you can start the virtual machine. To do that click on the name of the virtual machine and then click on the greed start button. Alternatively you can just double click on the name of the virtual machine.
  6. The hard drive of the virtual machine is encrypted with VeraCrypt. Enter the password that is written on the whiteboard and then hit enter twice (pim is empty). You can use the same password to log into the user account in Windows.
  7. Now skip the following two subsections and start to read the subsection about Mozilla Thunderbird and GPG. You already have Thunderbird, Enigmail and GPG installed in your virtual machine.

Windows: Gpg4win and the Thunderbird extension Enigmail ( skip this if you are in lab or if you are solving these tasks at home with the downloaded virtual machine )


GPG4win logo (Source)

The GPG version on Windows is called Gpg4win and it contains the following tools:

  • GnuPG - the main tool that allows to encrypt / decrypt / sign / verify
  • Kleopatra - certificate manager
  • GPA - an alternative certificate manager
  • GpgOL - a plugin for Microsoft Outlook that allows to encrypt emails
  • GpgEX - a plugin for Microsoft Explorer that allows to encrypt files
  • Claws Mail - a mail client that supports GPG
  • Gpg4win Compendium - documentation in english and in german

How to install Gpg4win to your computer ( skip this if you are in lab or if you are solving these tasks at home with the downloaded virtual machine):

  1. Navigate to the website http://www.gpg4win.org/
  2. Click on the button "Download Gpg4win" and choose the newest version of the software
  3. Download the installation file and then open it
  4. Click "Yes", "Next"
  5. Choose to install all components and click "Next"
  6. Click "Install", "Next" and "Finish"

Tasks regarding Mozilla Thunderbird & GPG

Mozilla Thunderbird is a popular email client that can be downloaded from here: Download Thunderbird in your language. In order to send encrypted and signed emails using Thunderbird one would have to install the extension Enigmail, which adds support for GPG.

Task 1: install Mozilla Thunderbird (skip this task if you are participating in the lab or if you are solving these tasks at home with the downloaded virtual machine)

  1. Navigate to https://www.mozilla.org/en-US/thunderbird/all/ and choose the suitable language
  2. Download the installer for your operating system (Windows for the virtual machine)
  3. Open the installer file and use the default options to install Thunderbird: Yes -> Next -> Next -> Install -> Finish

Task 2: install Enigmail (skip this task if you are participating in the lab or if you are solving these tasks at home with the downloaded virtual machine)

  1. Open Thunderbird
  2. Check if you already have Enigmail menu in Thunderbird. If you have then go to task 3.
  3. Navigate to "Tools" -> "Add-ons" -> "Search all add-ons"
  4. Search for "Enigmail"
  5. If found then click "Install"
  6. Click "Restart now" to activate the Enigmail

Task 3: link your email account with Thunderbird

  1. Link your email account with Thunderbird as then you can create a keypair for your email aadress. The aim is to generate a keypair for the selected email address and then you can use that keypair to sign your emails that you send with Thunderbird and others can use the corresponding public key to send you encrypted emails, which you are then able to read with the correctly configured Thunderbird email client.

When choosing the email account make sure that it does not forward emails as otherwise you can't complete the lab tasks. In addition, two factor authentication might be a problem unless you are using Gmail (Thunderbird supports 2FA with Gmail). If you do not have a suitable email account then create a new email account for this lab (this might take some time). We have found out during the last years that the following accounts are not suitable: @mail.ee, @hot.ee, @mail.com, @yahoo.com as they consider encrypted emails as spam or block them.'''

The main condition is that you will have to be able to send and download both regular and encrypted emails with Thunderbird. You can create a new free email account using Gmail, AOL or Outlooki.

  1. Link the new email account with Thunderbird
    1. Select "File -> New -> Existing Mail Account..."
    2. Fill in the forms by using the email and password of the new account and click "Continue""
    3. Hopefully mail servers are detected and you can click "Done"
  1. Lets prevent the time consuming synchronization of old emails
    1. Right click on your email account and select "Settings"
    2. Synchronization & storage -> Message Synchronizing -> remove tick
    3. Synchronization -> Disk space -> Select: "Synchronize the most recent 1 Days".
    4. Select "OK" and then restart Thunderbird (close and open)

Task 4: make sure that you are able to send and receive emails with Thunderbird

  1. Send a test email from Thunderbird to your other email account or to another student. Make sure that the email reached the recipient.
  2. Send an email to yourself from another email aadress or ask another student to send you an email. Make sure that you receive the email with Thunderbird.
  3. Do not continue until you have confirmed that both steps work.

Task 5: create a new key pair for the linked email account

  1. Navigate to: "Enigmail" -> "Key management"
  1. In the OpenPGP Key management window choose "Display All Keys by Default"
  2. Create a new key pair: "Generate" -> "New key pair"
  1. Choose the linked email account
  2. Enter a passphrase that will protect your secret key (remember the key)
  3. In the practice session you should set your key expiry to 1 month
  4. Select to generate either 3072 bit RSA key or ECC key
  5. Click "Generate key"
  6. Move your mouse and hit buttons on the keyboard to generate randomness that is used for generating the new keypair
  7. Once complete click on "Generate Certificate" that creates a revocation certificate
  8. Save the revocation certificate on the disk (this can be used to invalidate the public key)
  1. The revocation certificate can also be generated later by clicking "Enigmail" -> "Key management" -> "Generate" -> "Revocation certificate". It is important that you would have a revocation certificate if you start to use GPG.
  2. We have to change the configuration of Enigmail before we can move to the next step. Go to the Enigmail menu an choose Preferences -> The Display / Hide Expert Settings and Menus -> Keyserver. Remove the names of keyservers from the "Specify your keyserver(s)" field and enter the name of the keyserver: infsec.cs.ut.ee. Now click ok and move to the next step.
  3. Now you have a key pair but it is not very useful if no one knows your public key. Therefore, as a next step we will upload the public key to our key server (the address of the server is written on the whiteboard). If you would like to publish your public key for your real email address then you should pick one of the most common key servers that are also suggested by Enigmail.
    1. Navigate to "Enigmail" -> "Key management" -> "Keyserver" -> "Upload Public Keys"
    2. Click OK

Task 6: find the public keys of your left and right neighbours

  1. You will need to know the public keys of your contacts in order to send them encrypted messages. The public key is also required to verify the signatures that are created with their private keys. To search a public key:
    1. Navigate to "Enigmail" -> "Key management" -> "Keyserver" -> "Search for keys".
    2. Enter either the name of the person, the email of the person or the ID of the public key
    3. Enter the key server from which the key will be searched from
    4. Now find the public keys of your left and right neighbours

Task 7: send a signed email to your left and right neighbour

  1. To send an encrypted email the mail account has to be linked with the corresponding key pair but we have already done this step. Now when you write an email you can choose from the Enigmail menu to switch on signing or to switch on encryption. This can also be done with the corresponding icons in the toolbar.

Task 8: try to verify the signed email from your left and right neighbours

Task 9: send an encrypted email to your left and right neighbours

  1. To send an encrypted email you will need to know the public keys of your neighbours. Create a new email and then pick from the Enigmail menu to switch on encryption.

Task 10: Find the public key of the supervisor (the supervisor will write the correct email address and key ID on the whiteboard) and then send him an encrypted and signed email. This email should contain your name. This is one part of the homework - if you manage to do this in the lab then you have already done a part of the homework.

  1. Send your lab supervisor an encrypted and signed e-mail using PGP/GPG. It should be a single mail message that contains your name, signed and encrypted at the same time. (3p)
    • Upload your public key to the key server infsec.cs.ut.ee
    • To encrypt, use the public key: Kristjan Krips (5BFC8B9D).
    • Be sure to include some text in the mail message itself, otherwise there is nothing to sign or encrypt.

Task 11: If you were using a virtual machine in the computer class then remove the linked email account from Thunderbird.

Task 12:Use Signal to send end-to-end encrypted messages. This is part of the second homework. If you are not able to try out Signal then a replacement task regarding Signal will be posted as part of the second homework.

Signal is an open source messaging application that uses end-to-end encryption. It works on Android since version 4.0 and on iOS since verion 9.0. Once Signal is activated on your phone you can also use a desktop client (it is supported on Windows, MacOS and on Debian based Linux distributions). You can get helpful information from Signal Messenger Basics and Signal Security.

  • install Signal from Google Play / App Store
  • Signal uses contact list in order to find contacts. Therefore, you can see if anyone from your contact list is using Signal. We are using a prepaid card for the homework task. Add temporarily to your contacts the following number: +372 five four five six seven seven seven two.
  • Now you are able to send messages to the test account. Of course if you have others in your contact list then you could contact them also using end-to-end encrypted messages.
  • To claim one homework point send a self destructing message to the test account. The message should contain your name. If you are not able to install Signal or do not want to do this task then ask for a replacement task from krips ät ut ee.

Task 13 (voluntary): In case you have spare time and want to test out other tools that support pgp then visit: Mailvelope. This tool is recommended by the New York Times.

What should be done differently when creating a key pair for your own email account

  • the secret key should be protected by a secure password
  • the expiry date of the key should be longer but do not set it to never expire
  • the secret key has to be kept safe to avoid leaks and to be sure that you will be able to decrypt messages in the future
  • you should create a revocation certificate which allows to mark a public key invalid - it is not possible to delete an old public key from the key server, you can only mark it to be invalid by using the revocation certificate
  • you should publish your public key to a well known key server
  • in addition you may connect your public key with your identity in the Internet, e.g., with your Twitter account, with your homepage, etc.

Mac OS X: GPGTools

GPG also works on Macs, on OS X it is provided by GPGTools. GPG Suite comes with GPG for Mail, GPG Keychain, GPG Services and MacGPG. If you would like to use GPGTools, then navigate to their website and click on "Download GPG Suite".

After installation, open GPG Keychain Access and create a new keypair for you email account. If you already have a keypair for the account then it is possible to import it. As a next step create a revocation certificate, to do that navigate to "Key" -> "Generate Revoke Certificate". Under the same menu is an option that allows to publish the public key and also to search for public keys of other people.

Now it should be possible to send encrypted and signed emails using Mail. In order to send an encrypted email one would have to start writing the email and then click on the encryption button, the same holds for signing. It is important to note that one can send encrypted emails only to these contacts whose public key is available in the GPG Keychain Access. I.e., before sending an encrypted email one will have to search for the corresponding public keys. It is very likely that the contacts do not have an OpenPGP public key and therefore it might be necessary to instruct them on how to use GPG.

Problems related with OpenPGP and GPG

An overview of the problems related with PGP is given by Matthew Green: What's the matter with PGP?.

  • few users and it is not trivial to use PGP
  • difficult to create trust relationships
  • email metadata is not encrypted
  • it is difficult to share and verify the long public key
  • queries to the key-servers are not encrypted
  • no support for perfect forward secrecy
    • access to the password that unlocks the private key is constantly required
    • secret key is kept in RAM even when it is not used
  • people do not know what is PGP or how to verify emails signed by PGP (this problem is illustrated with the following comic)

Source: XKCD

Secure email exchange in a browser

PGP and S/MIME can be used only in supported mail client software (Outlook, Thunderbird, Mail.app, etc.) but many users only use the online version of mailboxes like Gmail, Outlook.com, Yahoo! mail. How could such users increase their privacy and security? They can not use S/MIME or PGP as the web browser can not access the secret key without a special browser extension and it is not possible (also it would not be wise) to store the secret key in the service providers server. In addition, using S/MIME or PGP in the web browser would probably mean that the cryptographic operations would have to be implemented in JavaScript, which would mean that the service provider would have to be trusted.

In 2014 both Google and Yahoo! announced that they are developing a browser extension that would allow to encrypt and sign emails when using their online mailboxes. The browser extension developed by Google is called End-to-End and it is based on PGP. The browser extension developed by Yahoo! used the same code base. Development of the project stopped in 2017 and it is not known if that will continue, thus currently Gmail users are not able to use these functionalities.

Further reading

  • Neither Snow Nor Rain Nor MITM ... An Empirical Analysis of Email Delivery Security
  • Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away?
  • Guide for operational security while using PGP
  • Matthew Green: What's the matter with PGP?
  • PGP
    • Why I Wrote PGP
    • Pretty Good Privacy
  • GPG, Thunderbird, Enigmail
    • The GNU Privacy Guard
    • GnuPG frontends
    • Windows version of GnuPG
    • Mac OS X version of GnuPG
    • Mozilla Thunderbird
    • Thunderbird plugin Enigmail
    • Enigmail
  • PGP in a web browser
    • Google End-to-End encryption for email
    • https://code.google.com/p/end-to-end/
    • Yahoo CISO: End-to-end Mail encryption by 2015
    • Mailvelope
  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Courses’i keskkonna kasutustingimused