session_08_electronic_mail_security_101108

session_08_electronic_mail_security_101108 - Electronic...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Electronic Mail Security Cryptography and Network Security TECH 6350 Session 8 Electronic Mail Security Manuel Mogollon [email protected] Graduate School of Management Information Assurance University of Dallas 0 Electronic Mail Security Session 8 – Contents • What encryption won’t do • Pretty Good Privacy • S/MIME PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 1 • Electronic mail enables users to exchange messages using computer communication facilities. Today, email systems have made the transmission of electronic mail very easy, but sending an email message is like sending a postcard that anyone can read as it travels from post office to post office. • When a company sends a document using regular mail, employees may go to the extreme to safeguard the information by delivering the mail directly to the post office and using certified delivery, or by using courier companies. However, employees do not hesitate to send highly sensitive and confidential information, such as a business report or sales forecast, using email. Email is the most used network-based application, but it is the least secure. Companies spend millions of dollars in hardware and security intrusion software, but very few encipher their email communications. • To send and receive emails a user needs to be connected to an email server. When a message is sent, the email server receives and stores the message, and then sends it to another email server that does the same. Emails travel through many servers and each one keeps a copy of the message. Users cannot erase the email on all those servers, so the copy of the email stays in the server until the server owner decides to erase it. There are companies that have found a niche in developing specialized software that supposedly erases email from all the servers where the email has been archived. • A way to protect email is by using writer-to-reader security in which the message is encrypted using Privacy Enhanced Mail (PEM), MIME Object Security Services (MOSS), X.400, PGP, and S/MIME. PGP, which is a specification and a product, and S/MIME, which is a protocol, are compatible with Internet mail and work with Eudora email, Netscape Messenger, and Microsoft Outlook. 1 Electronic Mail Security What encryption won’t do • Prevent users from leaving an unencrypted version of a sensitive file on their hard disk. • Prevent unencrypted data from leaking into the swap/paging file. • Keep users from selecting a poor encrypting key. • Prevent keystroke-capturing software or hardware from stealing your encryption key and passing to someone else. • Prevent from someone nearby from using commercially available Van Eck radiation interceptor systems to capture users’ data. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 2 2 Electronic Mail Security What encryption won’t do • Hide the email connectivity of who is sending the encrypted file and to whom. • Hide the alerting fact that the file is encrypted. • Negate a hidden overhead camera aimed at users’ keyboard or screen. • Prevent the intended recipient of the encrypted file from publishing. • Protect users from compromising users encryption and decryption keys. From: M. Caloyannides, “Keeping Offline Computer Usage Private.” IEEE Security & Privacy. September/October 2003 PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 3 3 Electronic Mail Security Security Architecture • Network Security — Secures the ingress and egress points of the network and authenticates users and data. — Provides the first layer of infrastructure defense through traffic management and inspection devices, such as Ethernet switches, and routers with advanced functionality that can perform packet inspection. • Network-assisted Security functions — Enable security services to be customized to perform more thorough packet inspection of data traffic to detect security threats. Virtual private networks (VPNs) and devices that provide encryption, for example, serve this function. • Application Layer Security — Provides security to remote users and for traveling employees who must access data outside of the network perimeter. SSL Accelerators and Web switches provide content filtering. • Secure Access Management — Provides authentication for users with preset profiles. Access management may be employed to assign user specific network privileges and may segregate those privileges by user and by resource. • Security Policy Management — Ensures that the business objectives of the enterprise take precedence in the design of their communications infrastructure. • Network Management — Provides security policy management, as well as secure access and network management security. — Encompasses control of the network and must be securely integrated to ensure that network administrators are the only ones able to effect network configurations. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 4 4 Electronic Mail Security TCP/IP Stack and Security Related Protocols Application Layer Transport Layer Network Layer Data Layer PGP PGP Key Rings SMTP, Telnet, FTP, Gopher TCP IP RARP Ethernet, Token-Ring, FDDI, X.25, Wireless, Async, ATM, SNA...Data Layer PGP Implementation IPSec (ISAKMP) S-HTTP SET S/MIME PGP • SOCKS V5 • SSL, TLS UDP ARP • • • • • S/MIME • IPSec (AH, ESP) • Packet Filtering • Tunneling Protocols • PPP-EAP, IEEE 802.1X, CHAP, PAP, MS-CHAP S/MIME Content Types M. Mogollon – 01/08 - 5 • S/MIME and PGP are implemented at the application layer of the TCP/IP stack. 5 Electronic Mail Security Pretty Good Privacy • Designed by Philip R. Zimmerman. • PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. • There are no Key Certificate Authorities. All users generate and distribute their own public key. • Users can sign one another’s public key. Someone who signs another’s public key becomes an introducer for that person. • When a user receives a new public key and trusts one of the introducers, then he has reason to believe that the public key is valid. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 6 • PGP, developed by Phil Zimmermann, is a crypto system that uses data compression and symmetric and public-key cryptography. By compressing the data before it is encrypted, PGP strengthens cryptographic security because most cryptanalysis techniques use plaintext patterns to try to break the cipher. 6 Electronic Mail Security Why Is PGP Popular? • Available free on a variety of platforms. • Based on well known algorithms. • Has wide range of applicability • Not developed or controlled by governmental or standards organizations PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 7 7 Electronic Mail Security Operational Description • Consists of five services: — Authentication — Confidentiality — Compression — E-mail Compatibility — Segmentation PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 8 8 Electronic Mail Security PGP Authentication and Confidentiality Encipher Message Encryption Key RSA or ElGamal Cleartext Message Message Digital Signature Hash SHA-1 Hash Sender’s Private Key Compression ZIP Encipher Cast-128, IDEA or 3DES Recipient’s Public Key Digital Envelope Compressed Signed Cipher Message R A D I X 64 Digital Envelope Sender Encipher DSA / RSA Digital Signature Decipher Recipient’s RSA or ElGamal Private Key Decipher Message Encryption Key DSA / RSA Sender’s Public Key Hash SHA-1 Hash Digital Signature Deciphered Message • Decipher Cast-128, IDEA or 3DES Compressed Signed Cipher Message Hash Verification PGP Decompress ZIP PGP Key Rings Recipient Yes/No PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 9 The following steps describe the PGP encryption algorithm (Zimmermann, 2000): 1. The sender generates a session by entering a word or password in his/her computer using the keyboard or mouse. PGP uses the content and timing of user keystrokes and mouse movements to generate a random message encryption key. The message encryption key is a one-time secret key used to encipher the message by encrypting it with a symmetric encryption algorithm. 2. The message is hashed using SHA-1 and signed using DSA or RSA with the sender’s private key creating a digital signature. 3. The cleartext message is concatenated with the digital signature, and the result is compressed using a compression package called ZIP. 4. The ZIP compressed cleartext message and digital signatures are enciphered with a symmetric algorithm (Cast-128, IDEA, or 3DES) using the one-time secret key generated previously by the sender. 5. The one-time message encryption key is enciphered with RSA or ElGamal using the recipient’s public key. 6. The enciphered message encryption key is concatenated with the compressed signed cipher message. 7. The enciphered message concatenated with the enciphered one-time message encryption key is converted to an 8-bit ASCII format using an encoding technique called RADIX-64 for compatibility with email applications. 8. To decipher and authenticate the message, the receiver reverses the above steps. 9 Electronic Mail Security E-mail Compatibility 6-bit Blocks 001000 110101 1110010 010001 8 53 50 17 I 1 y R • The scheme used is Radix-64 (base64) Encoding. • The use of Radix-64 expands the message by 33%. 01001001 00110001 01111001 8-bit ASCII Format 01010010 Radix-64 Conversion 6-bit Value Character Encoding 6-bit Value Character Encoding 6-bit Value Character Encoding 6-bit Value Character Encoding 0 A 16 Q 1 B 17 R 32 g 48 w 33 H 49 2 C 18 x S 34 I 50 y 8 I 24 9 J 25 Y 40 O 53 1 15 P 31 47 63 (Pad) PGP PGP Key Rings PGP Implementation Only the characters in the Character Encoding Table will appear in the encrypted email. = S/MIME S/MIME Content Types M. Mogollon – 01/08 - 10 • Email systems are designed with different formats and have limitations with regard to message size. To overcome these problems, PGP uses RADIX-64 to limit the encrypted message to ASCII characters and divides the message into blocks. • In secure digital communications, the ciphertext consist of bits, zeros and ones, without any format. Some encryption algorithms format the cipher text in blocks of 64-bits, in bytes (each byte is a sequence of eight bits treated as a single entity), or in words (each word is a group of 32 bits, with four bytes treated as single entity). • However, most email systems only allow the transmission and reception of 8-bit ASCII codes. PGP converts 6 bits of ciphertext to 8-bit printable ASCII characters using an encoding technique called RADIX-64. RADIX-64 is used in the Internet Privacy-Enhanced Mail (PEM) format, as well as the Internet MIME format. • This slide shows an example of ciphertext converted into 8-bit printable ASCII characters. The ciphertext is a group of blocks of 6-bits (8, 53, 50, and 7); using the Radix-64 conversion table, each 6-bit block is substituted by equivalent printable characters (I, 1, y, and R), and then converted to 8-bit ASCII codes. 10 Electronic Mail Security Segmentation and Reassembly • Email is often restricted to a maximum message length of 50,000 octets. • Longer messages must be broken up into segments. • PGP automatically subdivides a message that is too large. • The receiver strips of all e-mail headers and reassembles the message. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 11 • Most Internet email facilities do not allow sending messages that are more than 50000 or 65000 bytes long. PGP overcomes this problem by breaking the message up into blocks that can be mailed separately. The blocks are put into files named with extensions, .as1, .as2, .as3, etc. The recipient’s PGP software concatenates the files in their proper order before decrypting the message. 11 Electronic Mail Security Summary of PGP Services Function Algorithm Used Description Digital Signature DSA/SHA or RSA/SHA The message is hashed using SHA-1 and signed with DSA or RSA using sender’s private key, creating a digital signature. Compression ZIP The cleartext message is concatenated with the digital signature and the result is compressed using a compression package called ZIP. Message Encryption Algorithm (Symmetric Encryption) CAST, IDEA, 3DES (CFB mode), Blowfish, or AES. The ZIP compressed cleartext message and digital signatures are enciphered with a symmetric algorithms (Cast-128, IDEA, or 3DES) using the one-time secret key generated by the sender. Key Encryption Algorithm RSA or ElGamal The one-time message encrypting key is enciphered with RSA or ElGamal using the recipient’s public key. E-mail Compatibility Radix-64 conversion The enciphered message concatenated with the enciphered one-time message encryption key is converted to 8-bit printable ASCII characters using an encoding technique called RADIX-64 for compatibility with emails applications. Segmentation PGP To accommodate maximum message size limitations, PGP performs segmentation and reassembly. PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 12 • See next slide for a review of the CFB mode operation. 12 Electronic Mail Security Cipher Feedback (CFB) Mode Initialization Vector Input Block 2 (b-s) Bits s Bits Encrypt Input Block 1 Input Block n (b-s) Bits s Bits CIPHK CIPHK CIPHK Output Block 1 Output Block 2 Output Block n Select s Bits Plaintext 1 Select S Bits Discard (b–s) bits + Plaintext 2 Ciphertext 1 Discard (b–s ) bits Select s Bits + Plaintext n Ciphertext 2 Discard (b–s) bits + Ciphertext n Initialization Vector Input Block n (b-s) Bits s Bits Input Block 2 (b-s) Bits s Bits Input Block 1 Decrypt CIPHK CIPHK CIPHK Output Block 1 Output Block 2 Output Block 2 Select s Bits Ciphertext 1 Select s Bits Discard (b–s) bits + Ciphertext 2 Plaintext 1 PGP PGP Key Rings PGP Implementation Select s Bits Discard (b–s) bits + Plaintext 2 S/MIME Ciphertext n Discard (b–s) bits + Plaintext n S/MIME Content Types M. Mogollon – 01/08 - 13 • In Cipher Feedback (CFB) mode, Output Feedback (OFB) mode, and Counter (CTR) mode) the initialization vector is used as dummy plaintext. • The CFB mode is a stream method of encryption. In this method, the block cipher is used to generate pseudorandom bits that are XORed to binary plaintext to form ciphertext. • The plaintext and ciphertext consist of data units each containing s bits, such that (1 ≤ s ≥ b). The value of s is sometimes incorporated into the name of the mode, e.g., the 1-bit CFB mode, the 8bit CFB mode, the 64-bit CFB mode,, or the 128-bit CFB mode. • In CFB encryption, the first input block is the IV and the most significant s bits of the forward cipher function are XORed to the s-bit plaintext to produce a s-bit of ciphertext. The unused bits of the forward cipher function, b – s, are discarded. • The second input block is created by concatenating the b – s least significant bits of the IV with the s bits of the ciphertext. This is done by shifting the first input block s positions to the left, and then filling the empty bits with the s bits from the ciphertext. The process is repeated, and each successive ciphertext block is input into the next input block to form the new input block. • A one-bit error in any s-bit unit of ciphertext will affect the deciphering of succeeding ciphertexts until the bits in error have been shifted out of the CFB input block. This normally occurs x bits after the s-bit boundaries have been reestablished. The cipher feedback method does not pass data directly through the block encryption algorithm; instead, it uses the algorithm as a randomnumber generator. • The CFB turns into a self-synchronous stream cipher, one-bit error in the ciphertext causes a onebit error in the corresponding plaintext block and complete corruption of the following plaintext blocks; however, after several blocks it self-synchronizes and all subsequent plaintext blocks are decrypted normally. 13 Electronic Mail Security PGP Random Number Generation • True Random Numbers — Based on the content and timing of user keystrokes. — Used to generate RSA key pairs (public key and private key). — Provide initial seed for the pseudorandom number generator. — Contribute additional input during pseudorandom number generation. • Pseudorandom numbers — Used to generate message encryption keys. Message encryption keys are used only to encipher and decipher one message (one-time key). — Used to generate initialization vectors (IVs) for use with the message encryption key in the CFB mode encryption. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 14 14 Electronic Mail Security PGP Key IDs and Key Rings • Sender and Recipient may have multiple public/private key sets. • Sender needs to indicate which of his public keys and which of the recipient private keys were used. • PGP assigns a key ID to each public/private key. It consists of the least significant 64 bits of the sender’s or recipient’s public key. • Each node stores the information in two tables: — The Public Key Ring stores the public key of other users known to the node. — The Private Key Ring stores the public and private keys owned by the node. The private key is encrypted before being stored. A 160-bit hash code is generated from a pass phrase, which is used to encipher the private key using CAST-128, IDEA, or 3DES. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 15 • PGP uses public-key encryption to encipher the one-time message encryption key; to do so, it generates a key pair, the public key and the private key. Also, to be able to communicate with a recipient using public-key encryption, the PGP sender needs to have the recipient’s public key. • PGP stores the keys on the hard disk in two different folders, one named the private key ring, where the private keys are stored, and the other the public key ring where the public keys are stored. When senders add certified recipients to their certificates list, they will also adds the recipients’ public keys to their public key ring. If senders lose their private key ring, they will be unable to decrypt any previous information encrypted with the keys on that ring. • User can distribute their public key by (1) Making their public key available through a public key server; (2) Include their public key in an email message; (3) Export their public key or copy it to a text file. 15 Electronic Mail Security PGP Public and Private Keyrings Password Hash SHA-1 Sender Private-Key Ring Select IDA Public-Key Ring Decipher CAST-128, Encrypted IDEA, 3DES Private Key Sender’s Private Key Digital Signature Hash SHA-1 Select IDB Random Number Generator Recipient’s Public Key Message Encryption Key Encipher DSA / RSA Encipher RSA or ElGamal Key ID Digital Envelope Digital Signature Compression ZIP Key ID Message Clear Message PGP • PGP Key Rings PGP Implementation Encipher Cast-128, IDEA or 3DES S/MIME Compressed Signed Cipher Message R A D I X 64 S/MIME Content Types M. Mogollon – 01/08 - 16 The keys in the private-key ring are stored in encrypted form. When the user generates a key pair, PGP performs the following procedure: 1. Asks the user to enter a password to bind it to the key pair. 2. Uses SHA-1 to produce a 160-bit hash code of the password and then discards the password. 3. Encrypts the private key with CAST-128, IDEA, or 3DES, using the 160 bits of the hash function as the key and then discarding the hash code. 4. Stores the encrypted private key on the private-key ring. 16 Electronic Mail Security PGP Centric Models • In any digital certificate model, the digital signature needs to be signed and certified, by someone the user trusts. • In a centralized PGP environment, users get certified by a specific Certificate Authority (CA) whom everyone trusts. • In a decentralized environment PGP uses the user-centric trust model in which any user can act as a certifying authority and validate another PGP user’s public key certificate. • In the user-centric model, each user is directly responsible for deciding which certificates to accept and which ones to reject. Root CA Bob Alice Jason Sandra Rick’s Friend Root CA Rick PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 17 • PGP can operate equally well in either a decentralized or in a centralized environment. In a PGP decentralized environment, any user can act as a certifying authority and validate another PGP user’s public-key certificate. In a centralized PGP environment, users are certified by a specific certificate authority whom everyone trusts. Governments and some companies use trusted centralized certifying authorities, and no certificate is considered valid unless it has been attested to by that centralized CA. • In the PGP user-centric trust model, a decentralized environment, any user can act as a certifying authority and validate another PGP user’s public key certificate. In the user-centric model, each user is directly responsible for deciding which certificates to accept and which ones to reject. • In PGP, a trusted introducer is someone users trust to provide them with public-key certificates that are valid. For example, Jason asks Rick and Bob to be his introducers, and then sends them a copy of his public key with a request that they certify and return it. Jason can then include these certificates, the one from Rick and the one from Bob, on a public-key server. When a trusted introducer signs another person’s public key, it means that the public key he signed is valid, and other users do not need to verify the public key before using it. • A meta-introducer is a trusted introducer of trusted introducers. When Jason receives a certificate from Sandra, whom he doesn’t know, Jason will see that Sandra’s certificate is signed by Bob. Bob is a metaintroducer, and he introduced Sandra to Jason. A meta-introducer assumes the role of a root CA, and users explicitly trust a single meta-introducer’s (root) certificate. Users also trust any certificates carrying the meta-introducer's signature. Jason may decide to reject or accept Sandra’s certificate, depending on how much he trusts Bob being a good certificate authority. • However, a certificate generated by Rick’s friend, who may act as a CA, may not be accepted by Jason because Jason knows that Rick’s friend cannot be trusted as a CA. This illustrates that there are various levels of trusted authorities. Some people are good CAs, and others are not. So, when any user can act as a CA, whom do you trust? 17 Electronic Mail Security Adding PGP Public Keys to a Key Ring Create IDA Alice’s PublicKey Ring 1. Generate keys 3. Upload public key into server PGP Key Server Public Key 4. Download public key from server Alice’s PrivateKey Ring Private Key PGP Key Search Encipher 5. Import to local key ring. CAST-128, IDEA, 3DES 2. Enter Password Password PGP 6. Sign the key with Bob’s private key Hash SHA-1 PGP Key Rings Bob’s PublicKey Ring PGP Implementation S/MIME 7. Assign trust level: Complete, Marginal, No Trust. S/MIME Content Types M. Mogollon – 01/08 - 18 • As mentioned before, in a PGP decentralized environment, any user can act as a certifying authority and validate another PGP user’s public-key certificate. • Bob could get Alice’s public key in any of the following ways: 1. He can personally get Alice’s public key from Alice. 2. Alice can send her public key to Bob by email and tell him her public-key fingerprint. 3. Bob can get Alice’s public key from a trusted person called an introducer. 4. Alice can post her public key at a PGP Key Server and Bob can then download Alice’s public key from the server. 5. Once Bob downloads Alice’s public key, he imports the public key to his key ring, signs it with his private key, and assigns a trust level. See figure above steps 3 - 7. 18 Electronic Mail Security PGP Keys PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 19 • To download a public key from a server, the initiator goes to PGP Keys application, clicks on “Server” and then on Search. See top figure. • The PGP Key Search Window will open. Enter the name of the person to search for, right click the selected person’ public key, and select “Import to Local Key Ring.” The selected public-key will be added to the public key ring. See bottom figure. • The selected public key will be added to the Public Key Ring. 19 Electronic Mail Security Signing a PGP Key PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 20 • Right click on the public key that was added to the public ring and select “Sign.” The PGP Sign Key window will open, select the options to sign the public key and then click “OK.” • PGP will open the “Enter Passphrase” window; enter the passphrase to sign the public key. • The options to sign the public key are the following: • Non-exportable. The key is valid but the user doesn’t want others to rely on his/her certification. • Exportable. This is similar to a CA signing the public key. Others can rely on the signature and trust that the public key belongs to the person who claims to be the owner. • Meta-Introducer Non-Exportable. The owner of this public key is trusted, and any trusted introducers created by this key are also trusted. This signature is non-exportable. • Trusted Introducer Exportable. The owner of this key is trusted and keys validated by the trusted introducer will appear valid to others. The trusted introducer signature is exportable. • Once the public key is signed, then it is necessary to assign the level of trust to the owner of the public key so he/she can be trusted to sign other public-key certificates. In the PGP Key window, right click the public key and select “Properties.” 20 Electronic Mail Security PGP Key & Options PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 21 • A window with the properties will open. Move the bar Untrusted/Trusted either to the left (Untrusted), center (Marginal), or to the right (Trusted). The different levels mean the following: • Untrusted: The owner of this public key should not be trusted to introduce another; therefore, any occurrence of this key, such as a signature on another public key should be ignored. • Marginal: The owner of this public key can be trusted to introduce another public key, but it is uncertain whether the owner is fully trustworthy to do so. • Trusted: The owner of this public key is fully trusted to introduce another public key. 21 Electronic Mail Security PGP Trust Levels • Do you trust the validity of the public key? This level of trust is computed by PGP, and it is called key legitimacy field. • Complete: The user is confident that the public key is valid. • Marginal: The user do not completely trust the CA who issued the certificate. • Untrusted: The user cannot say whether the public key is valid or not. • Do you trust the signer to certify public keys? This level of trust is calculated by PGP and is called signature trust field. • Do you trust the owner of this public key to sign other public-key certificates? This level of trust is assigned by the user, and it is called owner trust field. • Full: The owner of this public key is fully trusted to introduce another public key. • Marginal: The owner of this public key can be trusted to introduce another public key, but, it is uncertain whether the owner is fully competent to do so. • Untrustworthy: The owner of this public-key should not be trusted to introduce another, therefore any occurrence of this key as a signature on another public-key should be ignored. • Don't know: There are no expressions of trust made about the owner of this public key. PGP • PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 22 In PGP, users have three convenient ways to determine levels of trust, and they are referred to as trust flag fields: 1. Do you trust the validity of the public key? This level of trust is computed by PGP, and it is called the key legitimacy field. • Complete: The user is confident that the public key is valid. • Marginal: The user does not completely trust the CA who issued the certificate. • Untrusted: The user cannot say whether the public key is valid or not. 2. Do you trust the signer to certify public keys? This level of trust is calculated by PGP and is called the signature trust field. 3. Do you trust the owner of this public key to sign other public-key certificates? This level of trust is assigned by the user, and it is called the owner trust field. • Full: The owner of this public key is fully trusted to introduce another public key. • Marginal: The owner of this public key can be trusted to introduce another public key, but it is uncertain whether the owner is fully competent to do so. • Untrustworthy: The owner of this public key should not be trusted to introduce another, therefore any occurrence of this key as a signature on another public key should be ignored. • Don't know: There are no expressions of trust made about the owner of this public key. 22 Electronic Mail Security S/MIME • The S/MIME specification consists of two documents: — S/MIME Message Specification V3 (RFC 3851). Describes a protocol for adding cryptographic signature and encryption services to MIME data. — S/MIME Certificate Handling V3 (RFC 3850). Describes the mechanisms S/MIME uses to create and validate keys using certificates. In order to validate the keys of a message sent to it, an S/MIME agent needs to certify that the key is valid. • Before using a public key to provide security services, the S/MIME agent MUST certify that the public key is valid. • S/MIME agents MUST use PKIX certificates to validate public keys as described in RFC 4325 “Internet X.509 Public Key Infrastructure (PKIX) Certificate and Certificate Revocation List (CRL) Profile.” • S/MIME agents MUST meet the certificate processing requirements documented in RFC 3850, S/MIME Version 3 Certificate Handling, in addition to those stated in RFC 4325. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 23 23 Electronic Mail Security S/MIME • S/MIME (Secure/Multipurpose Internet Mail Extensions) provides a method to send and receive secure MIME messages. • S/MIME provides the following cryptographic security services for electronic messaging applications: — Authentication — Message integrity and non-repudiation of origin (using digital signatures) — Privacy and data security (using encryption). • S/MIME uses symmetric encryption to encipher the message and public-key algorithm for key exchange (digital envelope). A public-key algorithm is also used for digital signatures. — — — — — • S/MIME uses Public-Key Certificates - X.509 version 3 signed by Certification Authority. PGP • Symmetric encryption algorithms: DES, 3DES, AES and RC2. Key Generation: Diffie-Hellman, DSS, and RSA key-pairs. Registration: Public keys must be registered with X.509 CA. Certificate Storage: Local (as in browser application) for different services. Signed and Enveloped Data: Various orderings for encrypting and signing. PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 24 The Multipurpose Internet Mail Extensions (MIME) RFC 2045 (Freed, & Borenstein, 1996) redefine the email format of messages to allow for the following: 1. Textual message bodies in character sets other than US-ASCII. 2. An extendable set of different formats for non-textual message bodies. 3. Multi-part message bodies. 4. Textual header information in character sets other than US-ASCII. • Secure MIME (S/MIME) refers to a specification (rather than to a product such as PGP) designed to add security to email messages that use the MIME format. S/MIME is not restricted to email, and it can be used with any transport mechanism that transports MIME data, for example: (1) HTTP; (2) Automated message transfer agents that use cryptographic security services that do not require any human intervention. • S/MIME Version 3.1 is specified in RFC 3851, “Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification.” Slide 25 shows the different algorithms used in S/MIME. • S/MIME uses digital signatures, data encryption, and hash functions to provide the following cryptographic security services for email applications: authentication, message integrity, nonrepudiation of origin and privacy, and data security. • The main difference between PGP and S/MIME is that PGP allows users to certify other users. Even thought PGP and S/MIME use X.509 certificates that are issued by certificate authorities and distributed by directory services, the two technologies do not interoperate because they used different protocols and message formats. 24 Electronic Mail Security S/MIME V 3.1 Supported Algorithms Function Algorithm Used Digest Algorithm Description • Sending and receiving agents MUST support SHA-1. • Receiving agents SHOULD support MD5 for the purpose of providing backward compatibility with S/MIME v2. Signature Algorithms • Sending agents MUST support either DSA with SHA-1 or hash function with RSA. • Receiving agents MUST support DSA with SHA-1 and hash function with RSA. A user agent should generate RSA key pairs at a minimum key size of 768 bits. Key Encryption Algorithm • Sending and receiving agents must support RSA for key wrapping. A user agent should generate RSA key pairs at a minimum key size of 768 bits. • Sending and receiving agents should support DH using the ephemeral-static mode. Message Encryption • Sending and receiving agents must support encryption and decryption with 3DES CBC, and should support encryption and decryption with AES at a key size of 128, 192, and 256 bits. • A hash code of the message is created using SHA-1. • The message digest is encrypted to form the digital signature. • The message encryption key is encrypted for transmission with message. • The message is encrypted using a one-time key. • Receiving agents SHOULD support encryption and decryption using the RC2 with a key size of 40 bits. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 25 25 Electronic Mail Security S/MIME Content Types • Multipart/Signing Data: The message is signed to provide authentication, but it is not encrypted and it is not encoded with Radix 64. • Signed Data: The message digest is signed to provide integrity, it is encoded with Radix 64, but it is not encrypted. • Enveloped Data: The message is encrypted to provide confidentiality, but it is not signed. • Signed and Enveloped Data: The message is either encrypted first and then signed, or signed first and then encrypted. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 26 • In order to create S/MIME messages, an S/MIME agent has to follow specifications listed in the Cryptographic Message Syntax (CMS), RFC 3852 (Housley, 2004). CMS defines six content types: data, signed-data, enveloped-data, digested-data, encrypted-data, and authenticated-data. Of these, only the data, signed-data, and enveloped-data content types are currently used for S/MIME. Data, SignedData, and EnvelopedData are used as identifiers for data, signed-data, and enveloped-data content • Data Content: This content is intended for arbitrary data that may or may not have an internal structure. • SignedData Content: This content must be used by sending agents to apply a digital signature to a message or, in a case where there is no signature information, to determine a certificate. It should include all the required information such as algorithm identifier, certificates, certificate revocation lists, and other signer-related information. • EnvelopedData Content: This content type is used to apply privacy protection to a message. A sender needs to have access to a public key for each intended message recipient to use this service. This content type does not provide authentication. 26 Electronic Mail Security SMIME Multipart/Signing Outer MIME Format SignerInfo MIME Header MIME Body Hash SHA or MD5 Sender’s Private Key Encipher RSA • Signer’s public- key certificate • Identifier of the hash algorithm • Identifier of the algorithm used to encipher hash message C M S Encoded into base64 (Radix 64) Enciphered Message Digest (Digital Signature) Clear Content Cryptographic Message Syntax (CMS) consists of the concatenated form of SignerInfo and the digital signature. PGP PGP Key Rings PGP Implementation Message can be viewed by recipients without S/MIME capability S/MIME S/MIME Content Types M. Mogollon – 01/08 - 27 • Messages signed using the multipart/signed format can always be viewed by the receiver whether they have S/MIME software or not. In this context, "be viewed" means the ability to process the message essentially, as if it were not a signed message. The multipart/signed MIME type has two parts. The first part contains information about the MIME entity that is signed; the second part contains the “detached signature.” In general, the multipart/signed form is preferred for sending, and receiving agents should be able to handle both. • The procedure for a multipart/signing message is as follows: 1. Using a one-way hash function, SHA-1 or MD5, the sender generates a message digest. 2. The sender enciphers the message digest with his private key to create the digital signature. 3. The sender prepares a block of sender information known as SignerInfo that contains the sender’s public-key certificate, an identifier of the hash algorithm, an identifier of the encrypting algorithm used to encipher the message digest. 4. The SignerInfo and the digital signature are concatenated to form a Cryptographic Message Syntax (CMS) 5. The CMS is encoded using Radix 64. 6. The resulting MIME entity, which consists of the CMS and the message in cleartext, is encapsulated into an email and sent to the recipient. 27 Electronic Mail Security SMIME Signed Data Outer MIME Format SignerInfo MIME Header MIME Body Hash SHA or MD5 Sender’s Private Key Encipher RSA • Signer’s public- key certificate • Identifier of the hash algorithm • Identifier of the algorithm used to encipher hash message Encoded into base64 (Radix 64) Enciphered Message Digest (Digital Signature) Clear Content Message can only be viewed by a recipient with S/MIME capability PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 28 • In SignedData content, messages are signed and encoded using Radix-64; therefore, only users with S/MIME software are able to view the message. • The procedure for sending SignedData content is as follows (Ramsdell, 2004a): 1. The sender uses the same procedure indicated in steps 1 to 4 in the multipart/signing to generate a CMS. CMS is the digital signature concatenated with the SignerInfo. 2. The SignerInfo and the digital signature are concatenated to form a Cryptographic Message Syntax (CMS) of type signed-data. 3. The CMS is concatenated with cleartext message and encoded using Radix 64. 4. The resulting MIME entity is encapsulated into an email and sent to the recipient. 28 Electronic Mail Security SMIME Enveloped Data Random Number Generator Recipient’s Public Key Message Encryption Key MIME Header MIME Body Encipher RC2/40 3DES, or AES Encipher RSA Outer MIME Format RecipientInfo • Identifier of the recipient’s publickey certificate (X.509). • Identifier of the enciphering algorithm used. • Encrypted message encryption key Encoded into base64 (Radix 64) Encrypted Content Data integrity (encryption) without signing the message PGP • PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 29 Enveloped-only MIME messages provide data integrity by enciphering the message without signing it. The procedure is as follows: 1. A pseudorandom one-time message encryption key is generated. 2. The MIME entity, the message, is enciphered with 3DES or RC/40, using the generated one-time message encryption key. 3. The generated one-time message encryption key is enciphered with RSA or DH, using the recipient’s public key. 4. A block, RecipientInfo, is created, which contains the sender’s public-key certificate, an identifier of the encryption algorithm used to encipher the one-time message encryption key, and the encrypted message encryption key. 5. The encrypted MIME entity, the message, and the RecipientInfo are concatenated to form a CMS object of type envelop-data, which is encoded it using Radix-64. 29 Electronic Mail Security S/MIME Certificate Processing • Hybrid between the strict X.509 certification hierarchy and PGP’s web of trust. — Users should maintain the certificates needed to verify incoming signatures and to encrypt outgoing messages. — Certificates are signed by Certification Authorities. • Certificate Authorities — VeriSign https://digitalid.verisign.com/cgi-bin/OEenroll.exe?name=&email= — GlobalSign http://www.globalsign.net/digital_certificate/ — British Telecom http://www.btignite.com/uk/products/trustservices/ — Thawte Certification http://www.thawte.com/html/COMMUNITY/personal/index.html • VeriSign Levels of Security for Public-key Certificates — Class-1: Buyer’s email address is confirmed by emailing vital info. — Class-2: Postal address is confirmed as well, and data checked against directories. — Class-3: Buyer must appear in person, or send notarized documents. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 30 30 Electronic Mail Security S/MIME RFCs • RFC 2311 S/MIME Version 2 Message Specification • http://www.ietf.org/rfc/rfc2311.txt • RFC 2312 S/MIME Version 2 Certificate Handling http://www.ietf.org/rfc/rfc3851.txt?num ber=3851 • http://www.ietf.org/rfc/rfc2312.txt • RFC 3852 Cryptographic Message Syntax http://www.ietf.org/rfc/rfc3852.txt?num ber=3852 • RFC 2631 Diffie-Hellman Key agreement Method http://www.ietf.org/rfc/rfc2631.txt?num ber=2631 • RFC 3850 S/MIME Version 3.1 Certificate Handling http://www.ietf.org/rfc/rfc3850.txt?num ber=3850 PGP PGP Key Rings RFC 3851 S/MIME Version 3.1 Message Specification RFC 5035 Enhanced Security Services for S/MIME http://www.ietf.org/rfc/rfc2634.txt?num ber=2634 • RFC 2984 Use of the CAST-128 Encryption Algorithm in CMS http://www.ietf.org/rfc/rfc2984.txt?num ber=2984 • RFC 4134 Examples of S/MIME Messages http://www.ietf.org/rfc/rfc4134.txt?num ber=4134 • PGP Implementation RFC 5008 Suite B in S/MIME http://www.ietf.org/rfc/rfc5008.txt?num ber=5008 S/MIME S/MIME Content Types M. Mogollon – 01/08 - 31 31 Electronic Mail Security To Probe Further • Atkins D., Stallings W., Zimmermann P. (1996). PGP Message Exchange Formats. RFC 1991. IETF. http://www.ietf.org/rfc/rfc1991.txt?number=1991 • Housley, R. (1999). Cryptographic Message Syntax, RFC 2630. • PGP 7.0 Windows 95/98/NT/2000 User's Guide. http://www.pgpi.org/doc/guide/7.0/en/win/ • Oppliger, R. (2001). Secure Messaging with PGP and S/MIME. Norwood, Massachusetts: Artech House, Inc. • Stallings, W. (2003) Network Security Essentials, Applications and Standards. Upper Saddle River, New Jersey: Prentice Hall. • Zimmermann, P. (2000). An introduction to Cryptography. http://www.pgpi.org/doc/guide/6.5/en/intro/ • • • • S/MIME Information at RSA http://www.rsasecurity.com/standards/smime/faq.html S/MIME Working Group Status http://www.ietf.org/proceedings/02jul/slides/smime-4/ http://www.dartmouth.edu/~pkilab/pages/Using_SMIME_e-mail.html The S/MIME specifications can be found linked off the IETF S/MIME workgroup page at: http://www.ietf.org/html.charters/smime-charter.html PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 32 32 ...
View Full Document

This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.

Ask a homework question - tutors are online