Electronic mail security

Similar documents
Chapter 5 Electronic mail security

Summary of PGP Services

Cryptography and Network Security. Sixth Edition by William Stallings

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Pretty Good Privacy (PGP

Cryptography and Network Security

Pretty Good Privacy (PGP)

CS 356 Internet Security Protocols. Fall 2013

SMTP. George Porter CSE 124 February 12, 2015

Electronic Mail. Prof. Indranil Sen Gupta. Professor, Dept. of Computer Science & Engineering Indian Institute of Technology Kharagpur

Internet Security Enhanced Security Services for S/MIME. Thomas Göttlicher

Internet and Intranet Protocols and Applications

Key management. Pretty Good Privacy

Telemetry Data Sharing Using S/MIME

COMPARISON OF PGP AND S/MIME SECURITY STANDARDS FOR APPLICATION TO A LARGE ENTERPRISE

Simple Network Management Protocol (SNMP)

CSCE 813 Internet Security Secure Services I

CS 418 Web Programming Spring 2013 SENDING SCOTT G. AINSWORTH.

The MIME format. What is MIME?

Objectives CINS/F1-01

Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators

Electronic Mail (SMTP)

March 1996 MIME Security with Pretty Good Privacy (PGP) Status of this Memo

Sharing Secrets using Encryption Facility - Handson

Simple Network Management Protocol (SNMP)

How to make Secure Easier to use

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Network Encryption Methods

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Gestion et sécurité des réseaux informatiques. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:

FTP. FTP offers many facilities :

IBM Systems and Technology Group

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Applications & Application-Layer Protocols: FTP and (SMTP & POP)

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Internet Electronic Mail

S/MIME Security Services

CT30A8800 Secured communications

S/MIME Security Services

Application Layer Services Omer F. Rana. Networks and Data Communications 1

DANE Demonstration! Duane Wessels, Verisign! ICANN 49 DNSSEC Workshop! March 26, 2014!

Internet Technology. 03r. Application layer protocols: . Paul Krzyzanowski. Rutgers University. Spring 2016

Internet Engineering Task Force (IETF) Request for Comments: 6522 STD: 73 January 2012 Obsoletes: 3462 Category: Standards Track ISSN:

Information Security CS 526

Electronic mail, usually called , consists of simple text messages a piece of text sent to a recipient via the internet.

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

and Web Security

Ralph Durkee Independent Consultant Security Consulting, Security Training, Systems Administration, and Software Development

Application Inspection and Control for SMTP

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

User Authentication Principles and Methods

Internet Protocols. Robin Sharp

DirectLine for Business AS2 USER GUIDE

6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename

Debian/GNU Linux Mailing

Chapter 3: Securing applications

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Encryption. INST 346, Section 0201 April 3, 2018

Digital Certificates Demystified

WHITE PAPER. Authentication and Encryption Design

Network Applications Electronic Mail

Lecture 4: Cryptography III; Security. Course Administration

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

E. Rescorla. <draft-ietf-smime-x txt> October 1998 (Expires April 1999) Diffie-Hellman Key Agreement Method. Status of this Memo

SECARDEO. certbox. Help-Manual. Secardeo GmbH Release:

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Internet Architecture

Overview. Electronic mail. History Format of . Sending . Retrieving . RFC 822, MIME, addresses SMTP, DNS. POP, IMAP, Web-based

APPLICATION LAYER APPLICATION LAYER : DNS, HTTP, , SMTP, Telnet, FTP, Security-PGP-SSH.

Owner of the content within this article is Written by Marc Grote

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Network Working Group Request for Comments: 1844 Obsoletes: 1820 August 1995 Category: Informational

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

Displaying SSL Configuration Information and Statistics

Python easy mail library Documentation

Lecture 25. Tuesday, November 21 CS 475 Networks - Lecture 25 1

Debian/GNU Linux Mailing

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

APNIC elearning: Cryptography Basics

CSE 565 Computer Security Fall 2018

CipherMail encryption. CipherMail white paper

Overview. SSL Cryptography Overview CHAPTER 1

<OF1C8DBAB4.F6DD93FA ON852580F EA Mon, Mar 27, 2017 at 2:22 PM (Delivered after 239 seconds)

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Securing Communications

Cryptography and Network Security

10EC832: NETWORK SECURITY

Public Key Infrastructure

IBM i Version 7.2. Security Digital Certificate Manager IBM

CIT 470: Advanced Network and System Administration. Topics. Mail Policies.

ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

draft-ietf-smime-msg-06.txt December 14, 1998 Expires in six months S/MIME Version 3 Message Specification Status of this memo

PKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Reading Headers with MX Tool Box By Matt Flederbach

Configuration Guide. CompanyCRYPT v1.4.0

Cryptography. Cryptography is everywhere. German Lorenz cipher machine

E-commerce security: SSL/TLS, SET and others. 4.1

Implications of MIME for Internet Mail Gateways

Transcription:

Electronic mail security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Outline Pretty Good Privacy (PGP) S/MIME 2 1

Pretty Good Privacy Philip R. Zimmerman is the creator of PGP. PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. 3 Why Is PGP Popular? It is available free on a variety of platforms. Based on well known algorithms. Wide range of applicability Not developed or controlled by governmental or standards organizations Now however also standardized (RFC 3156) 4 2

Operational Description PGP consist of five services: Authentication Confidentiality Compression E-mail compatibility Segmentation 5 6 3

Compression PGP compresses the message after applying the signature but before encryption The placement of the compression algorithm is critical. The compression algorithm used is ZIP (described in appendix 5A) 7 E-mail Compatibility The scheme used is radix-64 conversion (see appendix 5B). The use of radix-64 expands the message by 33%. 8 4

Segmentation and Reassembly Often restricted to a maximum message length of 50,000 octets. Longer messages must be broken up into segments. PGP automatically subdivides a message that is to large. The receiver strip of all e-mail headers and reassemble the block. 9 Summary of PGP Services 10 5

11 Format of PGP Message 12 6

13 14 7

15 Obtaining trust How can we obtain trust in the the other parties public key? Certificate Getting the key personally PGP tries to give trust in a new way Web of trust 16 8

The Use of Trust The user maintains a data structure with certified keys together with the following fields Owner trust field, assigned by user Signature trust field, cached copies of respective owner trust fields Key legitimacy field, calculated by PGP Trust for each key us calculated as weighted sum of trust in signatures for this key 17 18 9

Revoking Public Keys The owner issue a key revocation certificate. Normal signature certificate with a revoke indicator. Corresponding private key is used to sign the certificate 19 Secure/Multipurpose Internet Mail Extension S/MIME S/MIME will probably emerge as the industry standard for companies and other large organisations. PGP for personal e-mail security 20 10

Simple Mail Transfer Protocol (SMTP, RFC 822) SMTP Limitations - Can not transmit, or has a problem with: executable files, or other binary files (jpeg image) national language characters (non-ascii) messages over a certain size ASCII to EBCDIC translation problems lines longer than a certain length (72 to 254 characters) 21 Header fields in MIME MIME-Version: Must be 1.0 -> RFC 2045, RFC 2046 Content-Type: More types being added by developers (application/word) Content-Transfer-Encoding: How message has been encoded (radix-64) Optional fields: Content-ID: Unique identifying character string. Content Description: Needed when content is not readable text (e.g. mpeg) 22 11

Header fields in MIME, Content-Type 23 Header fields in MIME, Content-Transfer-Encoding 24 12

Canonical Form An important concept in MIME is that of canonical form. Messages, especially those with attachments, should be in canonical form. The alternative is Native Form. Conversion into canonical form may include character set conversion, transformation of audio data, compression etc. 25 MIME Example Return-Path: <Ola.Flygt@msi.vxu.se> Received: from webt.msi.vxu.se (localhost [127.0.0.1]) by babbage (Cyrus v2.1.16) with LMTP; Wed, 13 Feb 2008 09:22:44 +0100 X-Sieve: CMU Sieve 2.2 Received: from mailinone.vxu.se (mailinone.vxu.se [194.47.65.80]) by webt.msi.vxu.se (8.12.10/8.12.10) with ESMTP id m1d8mgvg008161 for <Ola.Flygt@msi.vxu.se>; Wed, 13 Feb 2008 09:22:43 +0100 (MET) Received: from [194.47.95.160] by mailinone.vxu.se (Sun Java System Messaging Server 6.2-8.01 (built Nov 27 2006)) with ESMTPSA id <0JW600AJC4LTR420@mailinone.vxu.se> for Ola.Flygt@tcp_msi-daemon (ORCPT Ola.Flygt@msi.vxu.se); Wed, 13 Feb 2008 09:22:41 +0100 (MET) Date: Wed, 13 Feb 2008 09:22:39 +0100 From: Ola Flygt <Ola.Flygt@msi.vxu.se> Subject: A simple MIME example To: Ola Flygt <Ola.Flygt@msi.vxu.se> Message-id: <B3AE89DB-D637-43A3-8D2A-55C05311E661@msi.vxu.se> MIME-version: 1.0 (Apple Message framework v753) X-Mailer: Apple Mail (2.753) Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7bit X-Spam-Debug: msi.vxu.se 0 X-Spam-Report: msi.vxu.se 0 () X-Spam-Score: 0 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.49 on 194.47.94.71 <x-flowed>this is a simple text message. </x-flowed> 26 13

MIME Example 2 Return-Path: <Ola.Flygt@msi.vxu.se> Received: from webt.msi.vxu.se (localhost [127.0.0.1]) by babbage (Cyrus v2.1.16) with LMTP; Wed, 13 Feb 2008 09:24:08 +0100 X-Sieve: CMU Sieve 2.2 Received: from mailinone.vxu.se (mailinone.vxu.se [194.47.65.80]) by webt.msi.vxu.se (8.12.10/8.12.10) with ESMTP id m1d8o7vg009405 for <Ola.Flygt@msi.vxu.se>; Wed, 13 Feb 2008 09:24:07 +0100 (MET) Received: from [194.47.95.160] by mailinone.vxu.se (Sun Java System Messaging Server 6.2-8.01 (built Nov 27 2006)) with ESMTPSA id <0JW600AIM4O7R320@mailinone.vxu.se> for Ola.Flygt@tcp_msi-daemon (ORCPT Ola.Flygt@msi.vxu.se); Wed, 13 Feb 2008 09:24:07 +0100 (MET) Date: Wed, 13 Feb 2008 09:24:05 +0100 From: Ola Flygt <Ola.Flygt@msi.vxu.se> Subject: A HTML example To: Ola Flygt <Ola.Flygt@msi.vxu.se> Message-id: <64F18993-F609-4694-A85A-8BD5A3D007EB@msi.vxu.se> MIME-version: 1.0 X-Mailer: Apple Mail (2.753) Content-type: multipart/alternative; boundary=apple-mail-46--901936981 X-Spam-Debug: msi.vxu.se 0 X-Spam-Report: msi.vxu.se 0 () X-Spam-Score: 0 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.49 on 194.47.94.71 <x-html><!x-stuff-for-pete base="" src="" id="0" charset=""><html><body style="word-wrap: break-word; - webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><font class="apple-style-span" face="verdana">this is a mail using </font><font class="apple-style-span" face="verdana"><b>html</b></ font><font class="apple-style-span" face="verdana"> encoding of the text.</font> </body></html> 27 </x-html> From: Ola Flygt <ola.flygt@vxu.se> To: Ola Flygt <ola.flygt@vxu.se> Content-type: multipart/mixed; boundary=apple-mail-5--263420395 MIME-version: 1.0 (Apple Message framework v936) Subject: Ett meddelande med text och bild Date: Mon, 14 Sep 2009 11:48:06 +0200 --Apple-Mail-5--263420395 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Hejsan, detta =E4r en text. --Apple-Mail-5--263420395 Content-Disposition: inline; filename=new01.gif Content-Type: image/gif; x-unix-mode=0644; name="new01.gif" Content-Transfer-Encoding: base64 R0lGODlhIwAUALMIAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////yh5baeaaagalaaaaaajabqaqarzemljq724lra7+ivhcutmnmgwhshatu77mnftx2muwyep gr4oc9vbjwik304ynmyyz6v0sj09o7dlbvvlbzlcorfpfqjdnzthk/6bw1gedowku6r4vh6piaaa Ow== --Apple-Mail-5--263420395 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable MIME Example 3 F=F6re denna text =E4r det en gif-bild.= --Apple-Mail-5--263420395-- 28 14

S/MIME Functions Enveloped Data: Encrypted content and encrypted session keys for recipients. Signed Data: Message Digest encrypted with private key of the signer and then content + signature is encoded using base64 encoding. Clear-Signed Data: Signed but not encoded except the signature. Signed and Enveloped Data: Various orderings for encrypting and signing. 29 Algorithms Used Message Digesting: SHA-1 and MD5 Digital Signatures: DSS Secret-Key Encryption: Triple-DES, RC2/40 (exportable) Public-Private Key Encryption: RSA with key sizes of 512 and 1024 bits, and Diffie- Hellman (for session keys). 30 15

User Agent Role S/MIME uses Public-Key Certificates - X.509 version 3 signed by Certification Authority Functions: Key Generation - Diffie-Hellman, DSS, and RSA key-pairs. Registration - Public keys must be registered with X.509 CA. Certificate Storage - Local (as in browser application) for different services. 31 VeriSign Public-key Certificate Classes Depending on your demands on the trust you require for a certificate, you can get suitable classification for your certificate. Class-1: Buyer s email address confirmed by emailing vital info. Class-2: Postal address is confirmed as well, and data checked against directories. Class-3: Buyer must appear in person, or send notarized documents. 32 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback