Internet Security Enhanced Security Services for S/MIME. Thomas Göttlicher

Similar documents
Cryptography and Network Security. Sixth Edition by William Stallings

Chapter 5 Electronic mail security

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Cryptography and Network Security

Request for Comments: 7912 Category: Informational June 2016 ISSN:

Summary of PGP Services

S/MIME Security Services

S/MIME Security Services

CS 356 Internet Security Protocols. Fall 2013

Request for Comments: 5402 Category: Informational February 2010 ISSN:

Network Working Group. Updates: 2634 August 2007 Category: Standards Track

Security Using Digital Signatures & Encryption

Internet Engineering Task Force (IETF) Request for Comments: 7193 Category: Informational. J. Schaad Soaring Hawk Consulting April 2014

SECURE SYSTEM USING S/MIME AND IB-PKC

draft-ietf-smime-msg-06.txt December 14, 1998 Expires in six months S/MIME Version 3 Message Specification Status of this memo

Expires: August 2, 2003 February SIP Authenticated Identity Body (AIB) Format draft-ietf-sip-authid-body-01. Status of this Memo

Lotus Protector Interop Guide. Mail Encryption Mail Security Version 1.4

PKCS #7: Cryptographic Message Syntax Standard

Internet Engineering Task Force (IETF) Request for Comments: 6032 Category: Standards Track. December 2010

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Digital Certificates Demystified

Deploying a New Hash Algorithm. Presented By Archana Viswanath

draft-ietf-smime-cert-06.txt December 14, 1998 Expires in six months S/MIME Version 3 Certificate Handling Status of this memo

Network Working Group Request for Comments: 5275 Category: Standards Track June 2008

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

ISO/IEC Common Criteria. Threat Categories

Obsoletes: 3369 July 2004 Category: Standards Track

Cryptography and Network Security Chapter 1

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

Electronic mail security

How to make Secure Easier to use

PIDX PIP Specification. P22: Send Invoice Response. Version 1.0

PIDX PIP Specification. P11: Send Field Ticket. Version 1.0

Configuring SSL CHAPTER

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Obsoletes: 2630, 3211 August 2002 Category: Standards Track

Configuring SSL. SSL Overview CHAPTER

Public-key Cryptography: Theory and Practice

Configuring SSL. SSL Overview CHAPTER

October 4, 2000 Expires in six months. SMTP Service Extension for Secure SMTP over TLS. Status of this Memo

CT30A8800 Secured communications

Telemetry Data Sharing Using S/MIME

Schema for Gmail logs in BigQuery

Using digital certificates in Microsoft Outlook

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Security PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India

Objectives CINS/F1-01

Lecture 13 Page 1. Lecture 13 Page 3

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

CS Computer Networks 1: Authentication

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Key Management and Distribution

Internet Engineering Task Force (IETF) Request for Comments: 6403 Category: Informational ISSN: M. Peck November 2011

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Network Security and Cryptography. 2 September Marking Scheme

Gestion et sécurité des réseaux informatiques. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:

Ralph Durkee Independent Consultant Security Consulting, Security Training, Systems Administration, and Software Development

How to Configure S/MIME for WorxMail

Security Digital Certificate Manager

IBM. Security Digital Certificate Manager. IBM i 7.1

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Operating Systems Design Exam 3 Review: Spring 2011

Pretty Good Privacy (PGP

Category: Standards Track Drummond Group C. Shih Gartner Group September 2002

Chapter 8 Web Security

Using Cryptography CMSC 414. October 16, 2017

PKCS #10 v1.7: Certification Request Syntax Standard (Final draft)

14. Internet Security (J. Kurose)

Lecture 12 Page 1. Lecture 12 Page 3

Uses of Cryptography

Encrypted Object Extension

Network Working Group Request for Comments: 3892 Category: Standards Track September The Session Initiation Protocol (SIP) Referred-By Mechanism

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Chapter 3: Securing applications

UNIT - IV Cryptographic Hash Function 31.1

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

IBM i Version 7.2. Security Digital Certificate Manager IBM

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

DNSSEC Trust tree: (A) ---dnslab.org. (DS keytag: 9247 dig (DNSKEY keytag. ---org. (DS keytag: d

IP Security. Cunsheng Ding HKUST, Kong Kong, China

Category: Standards Track January 1999

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Scribe Notes -- October 31st, 2017

Lesson 13 Securing Web Services (WS-Security, SAML)

Managing Certificates

Overview. SSL Cryptography Overview CHAPTER 1

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Internet Engineering Task Force (IETF) Request for Comments: 5959 Category: Standards Track August 2010 ISSN:

Based on material produced by among others: Sanjay Pol, Ashok Ramaswami, Jim Fenton and Eric Allman

CSCE 813 Internet Security Secure Services I

ETSI TS V1.2.1 ( ) Technical Specification

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Transcription:

Internet Security Enhanced Security Services for S/MIME Thomas Göttlicher April 20, 2004

Contents 1 Introduction 3 2 Technical 4 2.1 Internet Layer........................... 4 2.2 Compatibility........................... 4 2.3 Triple Wrapping.......................... 5 3 Signed Receipts 7 4 Security Labels 8 5 Secure Mailing Lists 9 5.1 Mail Loops............................ 9 5.2 Receipts.............................. 10 6 Signed Certificates 11 6.1 Attacks.............................. 11 6.1.1 Substitution Attack.................... 11 6.1.2 Re-issue of Certificate Attack.............. 12 6.1.3 Duplicate Certificate Authority Attack......... 12 6.2 Attack Responses......................... 12 6.2.1 Response to the Substitution Attack.......... 12 6.2.2 Response to the Re-issue of Certificate Attack..... 12 6.2.3 Response to the Duplicate Certificate Authority Attack 12 1

7 Security Considerations 13 7.1 Signed Receipts.......................... 13 7.2 Security Labels.......................... 13 7.3 Mailing lists............................ 14 2

Chapter 1 Introduction S/MIME stands for Secure/Multipurpose Internet Mail Extensions. S/MIME provides a consistent way to send and receive secure MIME data. Based on the popular Internet MIME standard, S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin and privacy and data security. S/MIME is a security enhanced version of the MIME internet email standard. Compared with PGP, the S/MIME format is more fixed. S/MIME can be used by traditional mail user agents to add cryptographic security services to mail sent, and to interpret cryptographic security services in mail received. Furthermore, S/MIME can be used in automated message transfer agents that use cryptographic security services that do not require any human intervention. This paper deals with additional security services for S/MIME, which are described in RFC 2634 dealing with signed receipts, security labels, secure mailing lists and signing certificates and their depending techniques. 3

Chapter 2 Technical 2.1 Internet Layer Figure 2.1: S/MIME s position at the internet stack Figure 2.1 shows S/MIME s position at the internet stack. S/MIME is at the application layer. Users who want to use S/MIME and the enhanced security services for S/MIME only need an application that supports these features. There are is no need for changes or special requirements at the internet protocol. 2.2 Compatibility Anyone who wants to use the enhanced security services for S/MIME, needs an email client, supporting S/MIME version 3. Users of the S/MIME version 4

3 are able to read message from a S/MIME version 2 sender, whereas users of the S/MIME version 2 cannot read messages from a S/MIME version sender. 2.3 Triple Wrapping This section deals with a technique called triple wrapping. Triple wrapping is used when a message has to be signed, encrypted and signed again. Outer attributes may be added and signed by the message originator or intermediate agents e.g. a mail list agent. The inside signature is used for content integrity and the encryption provides privacy. The body contains confidential information including confidential attributes. This is used by the S/MIME extensions which will be mentioned in the following chapters. Steps for Triple Wrapping These steps are needed to create a triple wrapped message: 1. Start with a message, called original content. 2. Encapsulate the original content with the MIME Content-type headers. 3. Sign the result of step 2. 4. Add an MIME construct to the signed message from 3. The result is called the inside signature. 5. Encrypt the result of step 4. This is called the encrypted body. 6. Add the appropriate MIME headers. 7. Sign the result of step 6 as a single block. 8. Add the appropriate MIME headers. This is called the triple wrapped message. 5

Example Content-type: multipart/signed; protocol="application/pkcs7-signature"; boundary=outerboundary --outerboundary Content-type: application/pkcs7-mime; ) smime-type=enveloped-data ) ) Content-type: multipart/signed;! ) protocol="application/pkcs7-signature";! ) boundary=innerboundary! )! ) --innerboundary! ) Content-type: text/plain %! ) %! ) Original content %! )! ) --innerboundary! ) Content-type: application/pkcs7-signature! )! ) inner SignedData block (econtent is missing)! )! ) --innerboundary--! ) --outerboundary Content-type: application/pkcs7-signature outer SignedData block (econtent is missing) --outerboundary-- This example shows a triple wrapped message. The inner signature is computed over lines marked with a %. Lines with a! are encrypted and the outer signature is computed over lines with a ). 6

Chapter 3 Signed Receipts Signed receipts are used to confirm the delivery of an email. The originator of the email will be informed by a message when the mail is received. The sender can request receipts either from all recipients, from a specific list of recipients or from all recipients that did not receive the message as members of a mailing list. Senders can indicate the receipts not only to be sent back to him but also to somebody else. It is likely that not even the sender gets a receipt. When a receipt is requested, the receiving agent software should automatically create a receipt. The receiving agent must verify the signature of the message, before it processes a receipt-request. If the signature is invalid a receipt must not be sent. In case that a receipt is requested more then once for the same message, each recipient should only return one signed receipt. The receiving agent must not request a signed receipt for a signed receipt, because this can create infinity loops. 7

Chapter 4 Security Labels Security Labels are a set of security information regarding the sensitivity of the content that is protected by the S/MIME encapsulation. The security labels are used for access control. The receiving agent software examines the security labels and determines whether the recipient is allowed to see the contents of the message or not. Security Labels must be signed attributes. Before processing a security label, the signature must be verified and the signature hast to be valid. Basically these classifications are defined as: unmarked, unclassified, restricted, confidential, secret and top-secret. Other values can be defined by any organization. Equivalent-Labels Since organizations have been allowed to define their own security policies, many different security policies exist. Cooperating organizations want to define equivalences between their different security policies. The sending agent can send a list of equivalent security levels, called Equivalent-Labels attribute. The receiving agent has the option to process Equivalent-Labels attributes. It will only proceeds the EquivalentLables if it trusts the signer. If the receiving agent understands the original security label, it has to ignore all Equivalent-Labels. 8

Chapter 5 Secure Mailing Lists This chapter deals with secure mailing lists and their purposes. Sending agents must create recipient-specific data structures for each recipient of an encrypted message. When sending a message to a large number of recipients, the sending agent needs a lot resources. Mail list agents can take a single message and perform the recipientspecific encryption. 5.1 Mail Loops When dealing with mailing lists we have an issue called mail loop : One mailing list is member of a second mailing list and reverse, the second is a member of the first. Mailing list agents have to prevent mail loops. Each time a mail list agent expands a message, it adds its own identifier to the message history. If the mailing list agent finds its own unique identifier in the history, a mail loop has happened. The mail list agent must not send the message to the list again. A human mail list administrator is to be notified, to solve the problem. 9

5.2 Receipts When a message is send to a mailing list and a signed receipt is requested, the mailing list agent has to process the request by applying the local receipt policy. So the mailing list agent often needs to propagate forward the receipt policy, and to do so it adds insteadof, inadditionto, none to the history. Only the last recipient needs to process the receipt policy by reading the history. If the originator has not requested a receipt, he must not get a receipt even if the mailing list says so. The mailing list agent may inform the originator if he requested a receipt and but the mailing list agent substitutes the request. 10

Chapter 6 Signed Certificates A signed certificate binds a name to a public key with a digital signature. At this sensitive part hackers might take the offensive. This chapter deals with different attacks and how to prevent them. 6.1 Attacks 6.1.1 Substitution Attack The substitution attack is a simple substitution of one certificate for another. The issuer and serial number in the SignerInfo is modified to refer to a new certificate. Version 1 Version 1 of the substitution attack is a simple DoS-Attack where an invalid certificate is substituted for the valid. As a result, the message is unverifiable, as the public key no longer matches the public key used to sign. Version 2 The second substitutes a valid certificate for the original valid certificate where the public keys match. Thus, the message is validated under different constraints as the originator intended. 11

6.1.2 Re-issue of Certificate Attack This attack deals with a certificate authority re-issuing a signing certificate. It may become more frequent as certificate authorities re-issue their own root certificates. 6.1.3 Duplicate Certificate Authority Attack A rogue entity sets up a certificate authority that tries to duplicate the structure of an existing certificate authority and issues a new certificate with the same public key the signer uses. 6.2 Attack Responses 6.2.1 Response to the Substitution Attack The denial of service attack cannot be prevented. There is no way to automatically identify the attack because it is indistinguishable from a message corruption. There is no practical way to prevent users from getting new certificates with the same public key. 6.2.2 Response to the Re-issue of Certificate Attack A certificate authority should never re-issue a certificate with different attributes. 6.2.3 Response to the Duplicate Certificate Authority Attack The only way to prevent the duplicate is never to trust a duplicated certificate authority! 12

Chapter 7 Security Considerations The last chapter considers some security issues concerning signed receipts, security labels and mailing lists. 7.1 Signed Receipts A recipient must not send back a reply if it cannot validate the signature. The reason for this is that an attacker could get information about the host and its software by reading the receipt. Senders should encrypt receipts to prevent a passive attacker from gleaning information. 7.2 Security Labels Senders must not rely on recipients processing software to process security labels correctly. Some S/MIME clients may not understand security labels but display a labeled message. For example an error response is sent to the originator and that error bounces back. It is unlike that the bounce message will have a proper security label. The S/MIME mail client would show the confidential content. 13

7.3 Mailing lists Mailing lists that encrypt its content may be targets for DoS-Attacks if they do not prevent Mail-Loops. Using simple RFC822-Header spoofing, it is easy to subscribe one encrypted mailing list to another, thereby setting up an infinite loop. If a mailing list agent receives a large number of undecryptable messages it shall notify an admin, because it may be a ciphertext attack. 14

Bibliography [1] RFC 822 Standard for the Format of ARPA Internet Text Messages [2] RFC 2311 S/MIME Version 2 Message Specification [3] RFC 2315 PKCS #7: Cryptographic Message Syntax Version 1.5 [4] RFC 2630 Cryptographic Message Syntax [5] RFC 2632 S/MIME Version 3 Certificate Handling [6] RFC 2633 S/MIME Version 3 Message Specification [7] RFC 2634 Enhanced Security Services for S/MIME 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback