This preview shows page 1. Sign up to view the full content.
Unformatted text preview: Electronic Mail Security Cryptography and Network Security
TECH 6350 Session 8
Electronic Mail Security
Graduate School of Management
University of Dallas 0 Electronic Mail Security Session 8 – Contents
• What encryption won’t do
• Pretty Good Privacy
• S/MIME PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 1 • Electronic mail enables users to exchange messages using computer communication facilities.
Today, email systems have made the transmission of electronic mail very easy, but sending an email message is like sending a postcard that anyone can read as it travels from post office to post
• When a company sends a document using regular mail, employees may go to the extreme to
safeguard the information by delivering the mail directly to the post office and using certified
delivery, or by using courier companies. However, employees do not hesitate to send highly
sensitive and confidential information, such as a business report or sales forecast, using email.
Email is the most used network-based application, but it is the least secure. Companies spend
millions of dollars in hardware and security intrusion software, but very few encipher their email
• To send and receive emails a user needs to be connected to an email server. When a message is
sent, the email server receives and stores the message, and then sends it to another email server
that does the same. Emails travel through many servers and each one keeps a copy of the
message. Users cannot erase the email on all those servers, so the copy of the email stays in the
server until the server owner decides to erase it. There are companies that have found a niche in
developing specialized software that supposedly erases email from all the servers where the
email has been archived.
• A way to protect email is by using writer-to-reader security in which the message is encrypted
using Privacy Enhanced Mail (PEM), MIME Object Security Services (MOSS), X.400, PGP,
and S/MIME. PGP, which is a specification and a product, and S/MIME, which is a protocol, are
compatible with Internet mail and work with Eudora email, Netscape Messenger, and Microsoft
Outlook. 1 Electronic Mail Security What encryption won’t do
• Prevent users from leaving an unencrypted version of a
sensitive file on their hard disk. • Prevent unencrypted data from leaking into the
swap/paging file. • Keep users from selecting a poor encrypting key.
• Prevent keystroke-capturing software or hardware from
stealing your encryption key and passing to someone
else. • Prevent from someone nearby from using commercially
available Van Eck radiation interceptor systems to
capture users’ data.
PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 2 2 Electronic Mail Security What encryption won’t do
• Hide the email connectivity of who is sending the
encrypted file and to whom. • Hide the alerting fact that the file is encrypted.
• Negate a hidden overhead camera aimed at users’
keyboard or screen. • Prevent the intended recipient of the encrypted file from
publishing. • Protect users from compromising users encryption and
M. Caloyannides, “Keeping Offline Computer Usage Private.” IEEE Security
& Privacy. September/October 2003
PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 3 3 Electronic Mail Security Security Architecture
• Network Security
— Secures the ingress and egress points of the network and authenticates users and data.
— Provides the first layer of infrastructure defense through traffic management and inspection devices,
such as Ethernet switches, and routers with advanced functionality that can perform packet
inspection. • Network-assisted Security functions
— Enable security services to be customized to perform more thorough packet inspection of data traffic
to detect security threats. Virtual private networks (VPNs) and devices that provide encryption, for
example, serve this function. • Application Layer Security
— Provides security to remote users and for traveling employees who must access data outside of the
network perimeter. SSL Accelerators and Web switches provide content filtering. • Secure Access Management
— Provides authentication for users with preset profiles. Access management may be employed to
assign user specific network privileges and may segregate those privileges by user and by resource. • Security Policy Management
— Ensures that the business objectives of the enterprise take precedence in the design of their
communications infrastructure. • Network Management
— Provides security policy management, as well as secure access and network management security.
— Encompasses control of the network and must be securely integrated to ensure that network
administrators are the only ones able to effect network configurations.
PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 4 4 Electronic Mail Security TCP/IP Stack and Security Related Protocols Application Layer Transport Layer Network Layer Data Layer PGP PGP Key Rings SMTP, Telnet, FTP, Gopher TCP IP RARP Ethernet, Token-Ring, FDDI,
X.25, Wireless, Async, ATM,
SNA...Data Layer PGP Implementation IPSec (ISAKMP)
PGP • SOCKS V5
• SSL, TLS UDP ARP •
• S/MIME • IPSec (AH, ESP)
• Packet Filtering
• Tunneling Protocols • PPP-EAP, IEEE
802.1X, CHAP, PAP,
S/MIME Content Types M. Mogollon – 01/08 - 5 • S/MIME and PGP are implemented at the application layer of the TCP/IP stack. 5 Electronic Mail Security Pretty Good Privacy
• Designed by Philip R. Zimmerman.
• PGP provides a confidentiality and authentication
service that can be used for electronic mail and file
storage applications. • There are no Key Certificate Authorities. All users
generate and distribute their own public key. • Users can sign one another’s public key. Someone who
signs another’s public key becomes an introducer for
that person. • When a user receives a new public key and trusts one of
the introducers, then he has reason to believe that the
public key is valid.
PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 6 • PGP, developed by Phil Zimmermann, is a crypto system that uses data compression and
symmetric and public-key cryptography. By compressing the data before it is encrypted, PGP
strengthens cryptographic security because most cryptanalysis techniques use plaintext patterns
to try to break the cipher. 6 Electronic Mail Security Why Is PGP Popular?
• Available free on a variety of platforms.
• Based on well known algorithms.
• Has wide range of applicability
• Not developed or controlled by governmental or
standards organizations PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 7 7 Electronic Mail Security Operational Description
• Consists of five services:
— E-mail Compatibility
— Segmentation PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 8 8 Electronic Mail Security PGP Authentication and Confidentiality
Key RSA or
Message Message Digital
Private Key Compression
or 3DES Recipient’s
Public Key Digital Envelope
Cipher Message R
Envelope Sender Encipher
DSA / RSA Digital
Signature Decipher Recipient’s
ElGamal Private Key Decipher Message
Key DSA / RSA Sender’s
Message • Decipher
or 3DES Compressed
Verification PGP Decompress
ZIP PGP Key Rings Recipient Yes/No
S/MIME S/MIME Content Types M. Mogollon – 01/08 - 9 The following steps describe the PGP encryption algorithm (Zimmermann, 2000):
1. The sender generates a session by entering a word or password in his/her computer using
the keyboard or mouse. PGP uses the content and timing of user keystrokes and mouse
movements to generate a random message encryption key. The message encryption key is a
one-time secret key used to encipher the message by encrypting it with a symmetric
2. The message is hashed using SHA-1 and signed using DSA or RSA with the sender’s
private key creating a digital signature.
3. The cleartext message is concatenated with the digital signature, and the result is
compressed using a compression package called ZIP.
4. The ZIP compressed cleartext message and digital signatures are enciphered with a
symmetric algorithm (Cast-128, IDEA, or 3DES) using the one-time secret key generated
previously by the sender.
5. The one-time message encryption key is enciphered with RSA or ElGamal using the
recipient’s public key.
6. The enciphered message encryption key is concatenated with the compressed signed cipher
7. The enciphered message concatenated with the enciphered one-time message encryption
key is converted to an 8-bit ASCII format using an encoding technique called RADIX-64
for compatibility with email applications.
8. To decipher and authenticate the message, the receiver reverses the above steps. 9 Electronic Mail Security E-mail Compatibility 6-bit Blocks
001000 110101 1110010 010001 8 53 50 17 I 1 y R • The scheme used is Radix-64
(base64) Encoding. • The use of Radix-64 expands
the message by 33%. 01001001 00110001
8-bit ASCII Format 01010010 Radix-64 Conversion
Encoding 0 A 16 Q 1 B 17 R 32 g 48 w 33 H 49 2 C 18 x S 34 I 50 y 8 I 24 9 J 25 Y 40 O 53 1 15 P 31 47 63
(Pad) PGP PGP Key Rings PGP Implementation Only the characters in
Encoding Table will
appear in the
encrypted email. = S/MIME S/MIME Content Types M. Mogollon – 01/08 - 10 • Email systems are designed with different formats and have limitations with regard to message
size. To overcome these problems, PGP uses RADIX-64 to limit the encrypted message to
ASCII characters and divides the message into blocks.
• In secure digital communications, the ciphertext consist of bits, zeros and ones, without any
format. Some encryption algorithms format the cipher text in blocks of 64-bits, in bytes (each
byte is a sequence of eight bits treated as a single entity), or in words (each word is a group of 32
bits, with four bytes treated as single entity).
• However, most email systems only allow the transmission and reception of 8-bit ASCII codes.
PGP converts 6 bits of ciphertext to 8-bit printable ASCII characters using an encoding technique
called RADIX-64. RADIX-64 is used in the Internet Privacy-Enhanced Mail (PEM) format, as
well as the Internet MIME format.
• This slide shows an example of ciphertext converted into 8-bit printable ASCII characters. The
ciphertext is a group of blocks of 6-bits (8, 53, 50, and 7); using the Radix-64 conversion table,
each 6-bit block is substituted by equivalent printable characters (I, 1, y, and R), and then
converted to 8-bit ASCII codes. 10 Electronic Mail Security Segmentation and Reassembly
• Email is often restricted to a maximum message length
of 50,000 octets. • Longer messages must be broken up into segments.
• PGP automatically subdivides a message that is too
large. • The receiver strips of all e-mail headers and
reassembles the message. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 11 • Most Internet email facilities do not allow sending messages that are more than 50000 or 65000
bytes long. PGP overcomes this problem by breaking the message up into blocks that can be
mailed separately. The blocks are put into files named with extensions, .as1, .as2, .as3, etc. The
recipient’s PGP software concatenates the files in their proper order before decrypting the
message. 11 Electronic Mail Security Summary of PGP Services
Function Algorithm Used Description Digital Signature DSA/SHA or
RSA/SHA The message is hashed using SHA-1 and signed with DSA or
RSA using sender’s private key, creating a digital signature. Compression ZIP The cleartext message is concatenated with the digital
signature and the result is compressed using a compression
package called ZIP. Message Encryption
Encryption) CAST, IDEA, 3DES
Blowfish, or AES. The ZIP compressed cleartext message and digital
signatures are enciphered with a symmetric algorithms
(Cast-128, IDEA, or 3DES) using the one-time secret key
generated by the sender. Key Encryption
Algorithm RSA or ElGamal The one-time message encrypting key is enciphered with
RSA or ElGamal using the recipient’s public key. E-mail Compatibility Radix-64 conversion The enciphered message concatenated with the enciphered
one-time message encryption key is converted to 8-bit
printable ASCII characters using an encoding technique
called RADIX-64 for compatibility with emails applications. Segmentation PGP To accommodate maximum message size limitations, PGP
performs segmentation and reassembly. PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 12 • See next slide for a review of the CFB mode operation. 12 Electronic Mail Security Cipher Feedback (CFB) Mode
Vector Input Block 2
(b-s) Bits s Bits Encrypt Input Block 1 Input Block n
(b-s) Bits s Bits CIPHK CIPHK CIPHK Output Block 1 Output Block 2 Output Block n Select
s Bits Plaintext 1 Select
S Bits Discard
(b–s) bits + Plaintext 2 Ciphertext 1 Discard
(b–s ) bits Select
s Bits + Plaintext n Ciphertext 2 Discard
(b–s) bits +
Ciphertext n Initialization
Input Block n
(b-s) Bits s Bits Input Block 2
(b-s) Bits s Bits Input Block 1 Decrypt CIPHK CIPHK CIPHK Output Block 1 Output Block 2 Output Block 2 Select
s Bits Ciphertext 1 Select
s Bits Discard
(b–s) bits + Ciphertext 2 Plaintext 1 PGP PGP Key Rings PGP Implementation Select
s Bits Discard
(b–s) bits +
Plaintext 2 S/MIME Ciphertext n Discard
(b–s) bits +
Plaintext n S/MIME Content Types M. Mogollon – 01/08 - 13 • In Cipher Feedback (CFB) mode, Output Feedback (OFB) mode, and Counter (CTR) mode) the
initialization vector is used as dummy plaintext.
• The CFB mode is a stream method of encryption. In this method, the block cipher is used to
generate pseudorandom bits that are XORed to binary plaintext to form ciphertext.
• The plaintext and ciphertext consist of data units each containing s bits, such that (1 ≤ s ≥ b). The
value of s is sometimes incorporated into the name of the mode, e.g., the 1-bit CFB mode, the 8bit CFB mode, the 64-bit CFB mode,, or the 128-bit CFB mode.
• In CFB encryption, the first input block is the IV and the most significant s bits of the forward
cipher function are XORed to the s-bit plaintext to produce a s-bit of ciphertext. The unused bits
of the forward cipher function, b – s, are discarded.
• The second input block is created by concatenating the b – s least significant bits of the IV with
the s bits of the ciphertext. This is done by shifting the first input block s positions to the left, and
then filling the empty bits with the s bits from the ciphertext. The process is repeated, and each
successive ciphertext block is input into the next input block to form the new input block.
• A one-bit error in any s-bit unit of ciphertext will affect the deciphering of succeeding ciphertexts
until the bits in error have been shifted out of the CFB input block. This normally occurs x bits
after the s-bit boundaries have been reestablished. The cipher feedback method does not pass
data directly through the block encryption algorithm; instead, it uses the algorithm as a randomnumber generator.
• The CFB turns into a self-synchronous stream cipher, one-bit error in the ciphertext causes a onebit error in the corresponding plaintext block and complete corruption of the following plaintext
blocks; however, after several blocks it self-synchronizes and all subsequent plaintext blocks are
decrypted normally. 13 Electronic Mail Security PGP Random Number Generation
• True Random Numbers
— Based on the content and timing of user keystrokes.
— Used to generate RSA key pairs (public key and private key).
— Provide initial seed for the pseudorandom number generator.
— Contribute additional input during pseudorandom number generation. • Pseudorandom numbers
— Used to generate message encryption keys. Message encryption
keys are used only to encipher and decipher one message (one-time
— Used to generate initialization vectors (IVs) for use with the message
encryption key in the CFB mode encryption. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 14 14 Electronic Mail Security PGP Key IDs and Key Rings
• Sender and Recipient may have multiple public/private
key sets. • Sender needs to indicate which of his public keys and
which of the recipient private keys were used. • PGP assigns a key ID to each public/private key. It
consists of the least significant 64 bits of the sender’s
or recipient’s public key. • Each node stores the information in two tables:
— The Public Key Ring stores the public key of other users known to
— The Private Key Ring stores the public and private keys owned by
the node. The private key is encrypted before being stored. A 160-bit
hash code is generated from a pass phrase, which is used to
encipher the private key using CAST-128, IDEA, or 3DES.
PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 15 • PGP uses public-key encryption to encipher the one-time message encryption key; to do so, it
generates a key pair, the public key and the private key. Also, to be able to communicate with a
recipient using public-key encryption, the PGP sender needs to have the recipient’s public key.
• PGP stores the keys on the hard disk in two different folders, one named the private key ring,
where the private keys are stored, and the other the public key ring where the public keys are
stored. When senders add certified recipients to their certificates list, they will also adds the
recipients’ public keys to their public key ring. If senders lose their private key ring, they will be
unable to decrypt any previous information encrypted with the keys on that ring.
• User can distribute their public key by (1) Making their public key available through a public key
server; (2) Include their public key in an email message; (3) Export their public key or copy it to
a text file. 15 Electronic Mail Security PGP Public and Private Keyrings
SHA-1 Sender Private-Key Ring
Select IDA Public-Key Ring Decipher
Encrypted IDEA, 3DES
SHA-1 Select IDB Random
DSA / RSA Encipher
ElGamal Key ID
ZIP Key ID
PGP • PGP Key Rings PGP Implementation Encipher
or 3DES S/MIME Compressed
64 S/MIME Content Types M. Mogollon – 01/08 - 16 The keys in the private-key ring are stored in encrypted form. When the user generates a key
pair, PGP performs the following procedure:
1. Asks the user to enter a password to bind it to the key pair.
2. Uses SHA-1 to produce a 160-bit hash code of the password and then discards the
3. Encrypts the private key with CAST-128, IDEA, or 3DES, using the 160 bits of the hash
function as the key and then discarding the hash code.
4. Stores the encrypted private key on the private-key ring. 16 Electronic Mail Security PGP Centric Models
• In any digital certificate model,
the digital signature needs to be
signed and certified, by
someone the user trusts. • In a centralized PGP
environment, users get certified
by a specific Certificate
Authority (CA) whom everyone
trusts. • In a decentralized environment
PGP uses the user-centric trust
model in which any user can act
as a certifying authority and
validate another PGP user’s
public key certificate. • In the user-centric model, each
user is directly responsible for
deciding which certificates to
accept and which ones to reject. Root CA
Bob Alice Jason
Rick PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 17 • PGP can operate equally well in either a decentralized or in a centralized environment. In a PGP
decentralized environment, any user can act as a certifying authority and validate another PGP user’s
public-key certificate. In a centralized PGP environment, users are certified by a specific certificate
authority whom everyone trusts. Governments and some companies use trusted centralized certifying
authorities, and no certificate is considered valid unless it has been attested to by that centralized CA.
• In the PGP user-centric trust model, a decentralized environment, any user can act as a certifying authority
and validate another PGP user’s public key certificate. In the user-centric model, each user is directly
responsible for deciding which certificates to accept and which ones to reject.
• In PGP, a trusted introducer is someone users trust to provide them with public-key certificates that are
valid. For example, Jason asks Rick and Bob to be his introducers, and then sends them a copy of his
public key with a request that they certify and return it. Jason can then include these certificates, the one
from Rick and the one from Bob, on a public-key server. When a trusted introducer signs another person’s
public key, it means that the public key he signed is valid, and other users do not need to verify the public
key before using it.
• A meta-introducer is a trusted introducer of trusted introducers. When Jason receives a certificate from
Sandra, whom he doesn’t know, Jason will see that Sandra’s certificate is signed by Bob. Bob is a metaintroducer, and he introduced Sandra to Jason. A meta-introducer assumes the role of a root CA, and users
explicitly trust a single meta-introducer’s (root) certificate. Users also trust any certificates carrying the
meta-introducer's signature. Jason may decide to reject or accept Sandra’s certificate, depending on how
much he trusts Bob being a good certificate authority.
• However, a certificate generated by Rick’s friend, who may act as a CA, may not be accepted by Jason
because Jason knows that Rick’s friend cannot be trusted as a CA. This illustrates that there are various
levels of trusted authorities. Some people are good CAs, and others are not. So, when any user can act as a
CA, whom do you trust? 17 Electronic Mail Security Adding PGP Public Keys to a Key Ring
Create IDA Alice’s PublicKey Ring 1. Generate keys 3. Upload public
key into server PGP Key
Key 4. Download
public key from
server Alice’s PrivateKey Ring Private
Key PGP Key
Search Encipher 5. Import to local
key ring. CAST-128,
2. Enter Password Password PGP 6. Sign the key
private key Hash
SHA-1 PGP Key Rings Bob’s PublicKey Ring PGP Implementation S/MIME 7. Assign trust
Trust. S/MIME Content Types M. Mogollon – 01/08 - 18 • As mentioned before, in a PGP decentralized environment, any user can act as a certifying
authority and validate another PGP user’s public-key certificate. • Bob could get Alice’s public key in any of the following ways:
1. He can personally get Alice’s public key from Alice.
2. Alice can send her public key to Bob by email and tell him her public-key fingerprint.
3. Bob can get Alice’s public key from a trusted person called an introducer.
4. Alice can post her public key at a PGP Key Server and Bob can then download Alice’s
public key from the server.
5. Once Bob downloads Alice’s public key, he imports the public key to his key ring, signs it
with his private key, and assigns a trust level. See figure above steps 3 - 7. 18 Electronic Mail Security PGP Keys PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 19 • To download a public key from a server, the initiator goes to PGP Keys application, clicks on
“Server” and then on Search. See top figure.
• The PGP Key Search Window will open. Enter the name of the person to search for, right click
the selected person’ public key, and select “Import to Local Key Ring.” The selected public-key
will be added to the public key ring. See bottom figure.
• The selected public key will be added to the Public Key Ring. 19 Electronic Mail Security Signing a PGP Key PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 20 • Right click on the public key that was added to the public ring and select “Sign.” The PGP Sign
Key window will open, select the options to sign the public key and then click “OK.”
• PGP will open the “Enter Passphrase” window; enter the passphrase to sign the public key.
• The options to sign the public key are the following:
• Non-exportable. The key is valid but the user doesn’t want others to rely on his/her
• Exportable. This is similar to a CA signing the public key. Others can rely on the signature
and trust that the public key belongs to the person who claims to be the owner.
• Meta-Introducer Non-Exportable. The owner of this public key is trusted, and any trusted
introducers created by this key are also trusted. This signature is non-exportable.
• Trusted Introducer Exportable. The owner of this key is trusted and keys validated by the
trusted introducer will appear valid to others. The trusted introducer signature is exportable.
• Once the public key is signed, then it is necessary to assign the level of trust to the owner of the
public key so he/she can be trusted to sign other public-key certificates. In the PGP Key window,
right click the public key and select “Properties.” 20 Electronic Mail Security PGP Key & Options PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 21 • A window with the properties will open. Move the bar Untrusted/Trusted either to the left
(Untrusted), center (Marginal), or to the right (Trusted). The different levels mean the following:
• Untrusted: The owner of this public key should not be trusted to introduce another; therefore,
any occurrence of this key, such as a signature on another public key should be ignored.
• Marginal: The owner of this public key can be trusted to introduce another public key, but it
is uncertain whether the owner is fully trustworthy to do so.
• Trusted: The owner of this public key is fully trusted to introduce another public key. 21 Electronic Mail Security PGP Trust Levels
• Do you trust the validity of the public key? This level of trust is computed
by PGP, and it is called key legitimacy field.
• Complete: The user is confident that the public key is valid.
• Marginal: The user do not completely trust the CA who issued the certificate.
• Untrusted: The user cannot say whether the public key is valid or not. • Do you trust the signer to certify public keys? This level of trust is
calculated by PGP and is called signature trust field. • Do you trust the owner of this public key to sign other public-key
certificates? This level of trust is assigned by the user, and it is called
owner trust field.
• Full: The owner of this public key is fully trusted to introduce another public key.
• Marginal: The owner of this public key can be trusted to introduce another public key,
but, it is uncertain whether the owner is fully competent to do so.
• Untrustworthy: The owner of this public-key should not be trusted to introduce
another, therefore any occurrence of this key as a signature on another public-key
should be ignored.
• Don't know: There are no expressions of trust made about the owner of this public
key. PGP • PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 22 In PGP, users have three convenient ways to determine levels of trust, and they are referred to
as trust flag fields:
1. Do you trust the validity of the public key? This level of trust is computed by PGP, and it is
called the key legitimacy field.
• Complete: The user is confident that the public key is valid. • Marginal: The user does not completely trust the CA who issued the certificate. • Untrusted: The user cannot say whether the public key is valid or not. 2. Do you trust the signer to certify public keys? This level of trust is calculated by PGP and
is called the signature trust field.
3. Do you trust the owner of this public key to sign other public-key certificates? This level of
trust is assigned by the user, and it is called the owner trust field.
• Full: The owner of this public key is fully trusted to introduce another public key. • Marginal: The owner of this public key can be trusted to introduce another public key,
but it is uncertain whether the owner is fully competent to do so. • Untrustworthy: The owner of this public key should not be trusted to introduce another,
therefore any occurrence of this key as a signature on another public key should be
ignored. • Don't know: There are no expressions of trust made about the owner of this public key. 22 Electronic Mail Security S/MIME
• The S/MIME specification consists of two documents:
— S/MIME Message Specification V3 (RFC 3851). Describes a protocol for
adding cryptographic signature and encryption services to MIME data.
— S/MIME Certificate Handling V3 (RFC 3850). Describes the mechanisms
S/MIME uses to create and validate keys using certificates. In order to
validate the keys of a message sent to it, an S/MIME agent needs to certify
that the key is valid. • Before using a public key to provide security services, the S/MIME
agent MUST certify that the public key is valid. • S/MIME agents MUST use PKIX certificates to validate public keys
as described in RFC 4325 “Internet X.509 Public Key Infrastructure
(PKIX) Certificate and Certificate Revocation List (CRL) Profile.” • S/MIME agents MUST meet the certificate processing requirements
documented in RFC 3850, S/MIME Version 3 Certificate Handling, in
addition to those stated in RFC 4325.
PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 23 23 Electronic Mail Security S/MIME
• S/MIME (Secure/Multipurpose Internet Mail Extensions) provides a method
to send and receive secure MIME messages. • S/MIME provides the following cryptographic security services for
electronic messaging applications:
— Message integrity and non-repudiation of origin (using digital signatures)
— Privacy and data security (using encryption). • S/MIME uses symmetric encryption to encipher the message and public-key
algorithm for key exchange (digital envelope). A public-key algorithm is
also used for digital signatures.
— • S/MIME uses Public-Key Certificates - X.509 version 3 signed by
Certification Authority. PGP • Symmetric encryption algorithms: DES, 3DES, AES and RC2.
Key Generation: Diffie-Hellman, DSS, and RSA key-pairs.
Registration: Public keys must be registered with X.509 CA.
Certificate Storage: Local (as in browser application) for different services.
Signed and Enveloped Data: Various orderings for encrypting and signing. PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 24 The Multipurpose Internet Mail Extensions (MIME) RFC 2045 (Freed, & Borenstein, 1996)
redefine the email format of messages to allow for the following:
1. Textual message bodies in character sets other than US-ASCII.
2. An extendable set of different formats for non-textual message bodies.
3. Multi-part message bodies.
4. Textual header information in character sets other than US-ASCII. • Secure MIME (S/MIME) refers to a specification (rather than to a product such as PGP)
designed to add security to email messages that use the MIME format. S/MIME is not restricted
to email, and it can be used with any transport mechanism that transports MIME data, for
example: (1) HTTP; (2) Automated message transfer agents that use cryptographic security
services that do not require any human intervention. • S/MIME Version 3.1 is specified in RFC 3851, “Secure/Multipurpose Internet Mail Extensions
(S/MIME) Version 3.1 Message Specification.” Slide 25 shows the different algorithms used in
S/MIME. • S/MIME uses digital signatures, data encryption, and hash functions to provide the following
cryptographic security services for email applications: authentication, message integrity, nonrepudiation of origin and privacy, and data security. • The main difference between PGP and S/MIME is that PGP allows users to certify other users.
Even thought PGP and S/MIME use X.509 certificates that are issued by certificate authorities
and distributed by directory services, the two technologies do not interoperate because they
used different protocols and message formats. 24 Electronic Mail Security S/MIME V 3.1 Supported Algorithms
Function Algorithm Used
Algorithm Description • Sending and receiving agents MUST support SHA-1.
• Receiving agents SHOULD support MD5 for the purpose of
providing backward compatibility with S/MIME v2. Signature
Algorithms • Sending agents MUST support either DSA with SHA-1 or hash
function with RSA. • Receiving agents MUST support DSA with SHA-1 and hash
function with RSA. A user agent should generate RSA key pairs
at a minimum key size of 768 bits.
Algorithm • Sending and receiving agents must support RSA for key
wrapping. A user agent should generate RSA key pairs at a
minimum key size of 768 bits. • Sending and receiving agents should support DH using the
Encryption • Sending and receiving agents must support encryption and
decryption with 3DES CBC, and should support encryption and
decryption with AES at a key size of 128, 192, and 256 bits. • A hash code of
the message is
SHA-1. • The message
form the digital
signature. • The message
is encrypted for
with message. • The message is
a one-time key. • Receiving agents SHOULD support encryption and decryption
using the RC2 with a key size of 40 bits.
PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 25 25 Electronic Mail Security S/MIME Content Types
• Multipart/Signing Data: The message is signed to provide
authentication, but it is not encrypted and it is not encoded
with Radix 64. • Signed Data: The message digest is signed to provide
integrity, it is encoded with Radix 64, but it is not encrypted. • Enveloped Data: The message is encrypted to provide
confidentiality, but it is not signed. • Signed and Enveloped Data: The message is either
encrypted first and then signed, or signed first and then
encrypted. PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 26 • In order to create S/MIME messages, an S/MIME agent has to follow specifications listed in the
Cryptographic Message Syntax (CMS), RFC 3852 (Housley, 2004). CMS defines six content
types: data, signed-data, enveloped-data, digested-data, encrypted-data, and authenticated-data.
Of these, only the data, signed-data, and enveloped-data content types are currently used for
S/MIME. Data, SignedData, and EnvelopedData are used as identifiers for data, signed-data, and
• Data Content: This content is intended for arbitrary data that may or may not have an internal
• SignedData Content: This content must be used by sending agents to apply a digital signature
to a message or, in a case where there is no signature information, to determine a certificate.
It should include all the required information such as algorithm identifier, certificates,
certificate revocation lists, and other signer-related information.
• EnvelopedData Content: This content type is used to apply privacy protection to a message.
A sender needs to have access to a public key for each intended message recipient to use this
service. This content type does not provide authentication. 26 Electronic Mail Security SMIME Multipart/Signing
Format SignerInfo MIME Header
MIME Body Hash
RSA • Signer’s public- key
• Identifier of the hash
• Identifier of the
algorithm used to
encipher hash message C
(Radix 64) Enciphered Message
Digest (Digital Signature)
Content Cryptographic Message Syntax (CMS)
consists of the concatenated form of
SignerInfo and the digital signature. PGP PGP Key Rings PGP Implementation Message can be viewed by
recipients without S/MIME capability S/MIME S/MIME Content Types M. Mogollon – 01/08 - 27 • Messages signed using the multipart/signed format can always be viewed by the receiver
whether they have S/MIME software or not. In this context, "be viewed" means the ability to
process the message essentially, as if it were not a signed message. The multipart/signed MIME
type has two parts. The first part contains information about the MIME entity that is signed; the
second part contains the “detached signature.” In general, the multipart/signed form is preferred
for sending, and receiving agents should be able to handle both. • The procedure for a multipart/signing message is as follows:
1. Using a one-way hash function, SHA-1 or MD5, the sender generates a message digest.
2. The sender enciphers the message digest with his private key to create the digital signature.
3. The sender prepares a block of sender information known as SignerInfo that contains the
sender’s public-key certificate, an identifier of the hash algorithm, an identifier of the
encrypting algorithm used to encipher the message digest.
4. The SignerInfo and the digital signature are concatenated to form a Cryptographic Message
5. The CMS is encoded using Radix 64.
6. The resulting MIME entity, which consists of the CMS and the message in cleartext, is
encapsulated into an email and sent to the recipient. 27 Electronic Mail Security SMIME Signed Data
Format SignerInfo MIME Header
MIME Body Hash
RSA • Signer’s public- key
• Identifier of the hash
• Identifier of the
algorithm used to
encipher hash message Encoded
(Radix 64) Enciphered Message
Digest (Digital Signature)
Clear Content Message can only be viewed by a
recipient with S/MIME capability PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 28 • In SignedData content, messages are signed and encoded using Radix-64; therefore, only users
with S/MIME software are able to view the message. • The procedure for sending SignedData content is as follows (Ramsdell, 2004a):
1. The sender uses the same procedure indicated in steps 1 to 4 in the multipart/signing to
generate a CMS. CMS is the digital signature concatenated with the SignerInfo.
2. The SignerInfo and the digital signature are concatenated to form a Cryptographic
Message Syntax (CMS) of type signed-data.
3. The CMS is concatenated with cleartext message and encoded using Radix 64.
4. The resulting MIME entity is encapsulated into an email and sent to the recipient. 28 Electronic Mail Security SMIME Enveloped Data
Public Key Message
Key MIME Header
MIME Body Encipher
RSA Outer MIME
• Identifier of the recipient’s publickey certificate (X.509).
• Identifier of the enciphering
• Encrypted message encryption
(Radix 64) Encrypted Content Data integrity (encryption) without signing the message PGP • PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 29 Enveloped-only MIME messages provide data integrity by enciphering the message without
signing it. The procedure is as follows:
1. A pseudorandom one-time message encryption key is generated.
2. The MIME entity, the message, is enciphered with 3DES or RC/40, using the generated
one-time message encryption key.
3. The generated one-time message encryption key is enciphered with RSA or DH, using
the recipient’s public key.
4. A block, RecipientInfo, is created, which contains the sender’s public-key certificate, an
identifier of the encryption algorithm used to encipher the one-time message encryption
key, and the encrypted message encryption key.
5. The encrypted MIME entity, the message, and the RecipientInfo are concatenated to form
a CMS object of type envelop-data, which is encoded it using Radix-64. 29 Electronic Mail Security S/MIME Certificate Processing
• Hybrid between the strict X.509 certification hierarchy and PGP’s web of trust.
— Users should maintain the certificates needed to verify incoming signatures and to
encrypt outgoing messages.
— Certificates are signed by Certification Authorities. • Certificate Authorities
— VeriSign https://digitalid.verisign.com/cgi-bin/OEenroll.exe?name=&email=
— GlobalSign http://www.globalsign.net/digital_certificate/
— British Telecom http://www.btignite.com/uk/products/trustservices/
— Thawte Certification
http://www.thawte.com/html/COMMUNITY/personal/index.html • VeriSign Levels of Security for Public-key Certificates
— Class-1: Buyer’s email address is confirmed by emailing vital info.
— Class-2: Postal address is confirmed as well, and data checked against
— Class-3: Buyer must appear in person, or send notarized documents.
PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 30 30 Electronic Mail Security S/MIME RFCs
• RFC 2311 S/MIME Version 2 Message
Specification • http://www.ietf.org/rfc/rfc2311.txt • RFC 2312 S/MIME Version 2 Certificate
ber=3851 • http://www.ietf.org/rfc/rfc2312.txt • RFC 3852 Cryptographic Message
ber=3852 • RFC 2631 Diffie-Hellman Key
ber=2631 • RFC 3850 S/MIME Version 3.1
ber=3850 PGP PGP Key Rings RFC 3851 S/MIME Version 3.1 Message
Specification RFC 5035 Enhanced Security Services
ber=2634 • RFC 2984 Use of the CAST-128
Encryption Algorithm in CMS
ber=2984 • RFC 4134 Examples of S/MIME
ber=4134 • PGP Implementation RFC 5008 Suite B in S/MIME
S/MIME S/MIME Content Types M. Mogollon – 01/08 - 31 31 Electronic Mail Security To Probe Further
• Atkins D., Stallings W., Zimmermann P. (1996). PGP Message Exchange Formats. RFC
1991. IETF. http://www.ietf.org/rfc/rfc1991.txt?number=1991 • Housley, R. (1999). Cryptographic Message Syntax, RFC 2630.
• PGP 7.0 Windows 95/98/NT/2000 User's Guide.
http://www.pgpi.org/doc/guide/7.0/en/win/ • Oppliger, R. (2001). Secure Messaging with PGP and S/MIME. Norwood,
Massachusetts: Artech House, Inc. • Stallings, W. (2003) Network Security Essentials, Applications and Standards. Upper
Saddle River, New Jersey: Prentice Hall. • Zimmermann, P. (2000). An introduction to Cryptography.
• S/MIME Information at RSA http://www.rsasecurity.com/standards/smime/faq.html
S/MIME Working Group Status http://www.ietf.org/proceedings/02jul/slides/smime-4/
The S/MIME specifications can be found linked off the IETF S/MIME workgroup page
at: http://www.ietf.org/html.charters/smime-charter.html PGP PGP Key Rings PGP Implementation S/MIME S/MIME Content Types M. Mogollon – 01/08 - 32 32 ...
View Full Document
This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.
- Spring '10