Telemetry Data Sharing Using S/MIME

Similar documents
Cryptography and Network Security. Sixth Edition by William Stallings

Computers and Security

October 4, 2000 Expires in six months. SMTP Service Extension for Secure SMTP over TLS. Status of this Memo

Summary of PGP Services

Internet and Intranet Protocols and Applications

Category: Standards Track January 1999

Overview. SSL Cryptography Overview CHAPTER 1

CS 356 Internet Security Protocols. Fall 2013

Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

An Overview of the PKCS Standards

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Application: Electronic Mail

FTP. FTP offers many facilities :

Lecture 25. Tuesday, November 21 CS 475 Networks - Lecture 25 1

Internet Mail: The SMTP Model

Request for Comments: 1652

Experience in implementing an /web gateway

INTERNET & WORLD WIDE WEB (UNIT-1) MECHANISM OF INTERNET

Internet Technology. 03r. Application layer protocols: . Paul Krzyzanowski. Rutgers University. Spring 2016

PKCS #10 v1.7: Certification Request Syntax Standard (Final draft)

Configuring SSL. SSL Overview CHAPTER

Network Working Group. Obsoletes: 1342 September 1993 Category: Standards Track

Configuring SSL CHAPTER

Internet Engineering Task Force (IETF) Request for Comments: Obsoletes: 1652 Category: Standards Track

CS Computer Networks 1: Authentication

draft-ietf-smime-cert-06.txt December 14, 1998 Expires in six months S/MIME Version 3 Certificate Handling Status of this memo

Electronic Mail. Prof. Indranil Sen Gupta. Professor, Dept. of Computer Science & Engineering Indian Institute of Technology Kharagpur

Category: Informational June 2018 ISSN: The PKCS #8 EncryptedPrivateKeyInfo Media Type

Encryption. INST 346, Section 0201 April 3, 2018

6 Computer Networks 6.1. Foundations of Computer Science Cengage Learning

Kurose & Ross, Chapters (5 th ed.)

PKCS #3: Diffie-Hellman Key-Agreement

Internet Engineering Task Force (IETF) Request for Comments: 6522 STD: 73 January 2012 Obsoletes: 3462 Category: Standards Track ISSN:

Digital Certificates Demystified

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Network Working Group. Obsoletes: 1569 October 1994 Category: Informational

CSE 127: Computer Security Cryptography. Kirill Levchenko

PKCS #7: Cryptographic Message Syntax Standard

Cryptography and Network Security

PKCS #3: Diffie-Hellman Key- Agreement Standard

CSC 4900 Computer Networks:

Chapter 5 Electronic mail security

Electronic Mail Paradigm

APNIC elearning: Cryptography Basics

Cryptography (Overview)

IBM i Version 7.2. Security Digital Certificate Manager IBM

Configuring SSL. SSL Overview CHAPTER

Viability of Cryptography FINAL PROJECT

HP Instant Support Enterprise Edition (ISEE) Security overview

Computational Electronic Mail And Its Application In Library Automation

Chapter 20 SMTP. Slides from TCP/IP - Forouzan. User Agent (UA) Addressing Delayed Delivery Aliases Mail Transfer Agent (MTA) MIME POP.

Implementing Secure Socket Layer

1.264 Lecture 28. Cryptography: Asymmetric keys

How to make Secure Easier to use

13. Internet Applications 최양희서울대학교컴퓨터공학부

ISO/IEC INTERNATIONAL STANDARD

Applications FTP. FTP offers many facilities :

Network Working Group. A. Keromytis U. of Pennsylvania March DSA and RSA Key and Signature Encoding for the KeyNote Trust Management System

Pretty Good Privacy (PGP

Key Exchange. Secure Software Systems

Network Working Group Request for Comments: 1844 Obsoletes: 1820 August 1995 Category: Informational

Network Working Group Request for Comments: 2197 Obsoletes: 1854 September 1997 Category: Standards Track

CSE 565 Computer Security Fall 2018

Internet Engineering Task Force (IETF) Request for Comments: 7193 Category: Informational. J. Schaad Soaring Hawk Consulting April 2014

LECTURE 4: Cryptography

PKCS #15: Conformance Profile Specification

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

CCNA Security 1.1 Instructional Resource

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

APPLICATION LAYER APPLICATION LAYER : DNS, HTTP, , SMTP, Telnet, FTP, Security-PGP-SSH.

Internet Architecture

CS348: Computer Networks (SMTP, POP3, IMAP4); FTP

SMTP. George Porter CSE 124 February 12, 2015

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Application Inspection and Control for SMTP

CS 43: Computer Networks. 12: and SMTP September 28, 2018

Request for Comments: 3548 July 2003 Category: Informational

Networking. Layered Model. DoD Model. Application Layer. ISO/OSI Model

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

PKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore

CERN Certification Authority

Cryptographic Concepts

Request for Comments: 5402 Category: Informational February 2010 ISSN:

Public Key Infrastructure. What can it do for you?

April 24, 1998 Expires in six months. SMTP Service Extension for Secure SMTP over TLS. Status of this memo

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Computer Networks. Wenzhong Li. Nanjing University

Request for Comments: 5208 Category: Informational May 2008

Applications & Application-Layer Protocols: FTP and (SMTP & POP)

Network Working Group Request for Comments: 1049 March 1988 A CONTENT-TYPE HEADER FIELD FOR INTERNET MESSAGES

Security Digital Certificate Manager

Objectives CINS/F1-01

Project 3: Base64 Content-Transfer-Encoding

Deploying a New Hash Algorithm. Presented By Archana Viswanath

Network Security Issues and Cryptography

FLIGHT TERMINATION COMMAND AUTHENTICATION USING BLOCK ENCRYPTION

IBM. Security Digital Certificate Manager. IBM i 7.1

Network Applications and Protocols

Transcription:

Telemetry Data Sharing Using S/MIME Item Type text; Proceedings Authors Kalibjian, Jeffrey R. Publisher International Foundation for Telemetering Journal International Telemetering Conference Proceedings Rights Copyright International Foundation for Telemetering Download date 28/06/2018 11:16:11 Link to Item http://hdl.handle.net/10150/607596

Telemetry Data Sharing Using S/MIME Jeffrey R. Kalibjian CounterSign Software, Inc. Abstract Last year the design and implementation of a secure World Wide Web based data sharing tool which could enable geographically remote contractor teams to access flight and test telemetry data securely over the Internet was presented [1]. Key technologies facilitating this capability were the Hypertext Transfer Protocol (HTTP) and the Secure Sockets Layer (SSL) capable web browsers and web servers. This year the applicability of the Secure Multipurpose Internet Mail Extension (S/MIME) specification is being evaluated for the transport of telemetry data via secure E-mail. Keywords secure data sharing, E-mail, S/MIME, MIME, public key cryptography standards (PKCS). Introduction E-mail, based on the Simple Mail Transfer Protocol (SMTP), Request For Comment (RFC) 821, is the most ubiquitous communication mechanism used on the Internet today. However, the message representation format (RFC 822) left the message body restricted to simple ASCII text. In 1993 a standard was proposed known as Multipurpose Internet Mail Extensions (MIME, now known as RFC's 2045, 2046, 2047, 2048, 2049) that would allow multi-part textual and non-textual message bodies to be exchanged (e.g. binary data, etc.). S/MIME is a specification for secure electronic mail. It specifies the use of Public Key Cryptography Standards (PKCS #7 and PKCS #10) in mail messages employing the MIME format. After reviewing the SMTP, MIME, PKCS, cryptography, and S/MIME standards, this paper discusses the design and implementation of a secure E-mail based telemetry data disbursement system.

E-Mail (RFC 821, RFC 822) The Simple Mail Transfer Protocol [2] (RFC 821) defined a client/server protocol which allowed agents connected to a Transmission Control Protocol/Internet Protocol (TCP/IP) network to exchange formatted RFC 822 [3] (E-mail) documents. The RFC 821 and 822 specifications helped launch the first network "killer app:" E-mail. Several factors contributed to its popularity including meeting a need for asynchronous communication over a network, and being relatively simple to understand and implement. A message minimally needed three header lines comprised of 7 bit ASCII characters specifying a To:, From:, and Subject: headers; followed by a blank line followed by arbitrary 7 bit ASCII text (the message body). While the actual machine to machine protocol (RFC 821) required a little more effort to implement; it still basically involved implementation of a state machine which needed to process only eight commands (HELO, MAIL, RCPT, DATA, QUIT, RSET, VRFY, and NOOP). Multi-purpose Internal Mail Extensions (MIME) The major shortfall of the RFC 822 specification was that it did not provide a mechanism for transport of non 7 bit ASCII data; e.g. binary data. The Multi-Purpose Internet Mail Extensions [4] [5] [6] [7] [8] (RFCs 2045-2049) for RFC 822 E-mail remedied this situation. At the core, MIME requires a Content Type and Sub Type heading which describe the data attached in the E-mail message. MIME also specifies an encoding directive and encoding algorithms (e.g. base64) which specify how attached data has been encoded for transport (generally only 7 bit data may be successfully transported between mail gateways---thus, binary data must be specially encoded for successful mail transport). Mail clients recognizing the content data type and encoding may decode the data and launch helper applications to appropriately utilize the data. Table 1 shows the more popular encoding types used today. Content Type Sub-Type Description text plain Unformatted text image gif.gif images audio basic 8 bit ISDN micro-law fmt. application octet-stream Arbitrary binary data video mpeg.mpeg video multipart mixed Multiple body parts message rfc822 Another RFC822 message Table 1. Typical MIME Content Types and Sub-Types.

Public Key Cryptography Standards There are currently 12 Public Key Cryptography Standards (PKCS). They are numbered from 1 to 12. Their purpose is to specify the syntax for exchange of cryptographic information (e.g. key agreement, certification, etc., see Cryptography section below) generated on differing computer systems (possibly using different implementations of cryptographic algorithms). Thus, PKCS facilitates cryptographic message exchange between organizations using different computer platforms and software. Of particular interest are PKCS #7 [9] which describes the format for exchange of cryptographically enhanced messages and PKCS #10 [10] which describes a format for request to place a public key into an X.509 certificate (certification). PKCS is defined using ASN.1 [11] data types. ASN.1 is a modeling language which is used to represent the composition of formatted data streams. It can be coded into a form suitable for transmission between computers (series of octets) using either Basic Encoding Rules (BER) [12] or Distinguished Encoding Rules (DER). Cryptography The science of cryptography [13] seeks to disguise data and offer a mechanism for data recovery. A cipher algorithm can be used to both encrypt (disguise) or decrypt (undisguise) data. The input to the cipher is usually the data (ciphered data or clear data) and a "key." Ciphers which can decrypt or encrypt data with the same key are known as symmetric key ciphers. There is another type of cipher that uses two keys. This type of cryptography is known as dual asymmetric key cryptography (also known as public key cryptography [14]). Here a public/private key pair is generated. The keys have a reciprocal relationship; that is, if one key is used to encrypt data, only the other can decrypt the data. Typically, one key is given to the public and one is kept private. The most popular public key algorithm is the RSA [15] algorithm. An example will illustrate the public/private key concept. If Person A wishes to send a private message to Person B; Person A uses Person B's public key to encrypt the data to be sent to Person B. Person B would then have to use her private key to decrypt the data. She is the only person who could decrypt the data. If Person B sought to authenticate that Person A did indeed generate the message; she can request that Person A run a checksum of the encrypted message before transmission; then encrypt the checksum with his (Person A's) private key. If Person B can decrypt the checksum with Person A's public key (and the checksum matches Person B's generated checksum of the message); she can be assured herself that Person A truly did send the message; and further that it had not been tampered with.

Public key encryption algorithms are computationally very expensive; while symmetric key algorithms are quite fast. Thus, in practice a symmetric key is generated and used to bulk encrypt data to be disguised. The symmetric key is then encrypted using a public key algorithm. Public Key Cryptography Standards (discussed above) provide a syntax for organizing these data elements (e.g. the bulk encrypted data, the encrypted symmetric key, etc.) so they may be exchanged and understood by differing software implementations (conforming to the PKCS standards) running on dissimilar computer systems. It should be noted that individuals typically don't release "raw" public keys to the public. Instead, they use a certification authority (CA) to imbed their public key into an X.509 [16] public key certificate. As part of this process the certification authority signs the certificate with its private key. If the certification authority can distribute its public key to a wide audience, users may validate public keys of individuals they do not directly know by verifying the CA's signature on a certificate. Secure/Multipurpose E-mail Extensions Secure/Multipurpose Internet E-mail Extensions (S/MIME) [17] rely on PKCS #7, and #10 Three new content encoding sub-types are defined; specifically: x-pkcs7-mime, which represent cryptographically enhanced messages defined in PKCS #7. x-pkcs7-signature, which represents an associated digital signature for a clear text message. x-pkcs10, which represent certification requests. Observe that the sub-type x-pkcs7-mime has the word mime in it. This implies that the entity which is being pkcs7ed is already a MIME body part (i.e. a legal MIME entity). Thus, once PKCS operations are complete; the output can be passed directly to a MIME agent for further processing. A simple example will illustrate how RFC822, MIME, PKCS, and ASN.1 are used to create a S/MIME message. Assume Person A wishes to send Person B a text message. After the message is composed, a MIME header (MIME-Version: 1.0; Content-Type: text/plain; Content-Transfer-Encoding: 7bit) is placed at the beginning of the message. Assuming Person A wishes to both encrypt and sign the message, she will submit Person B s public key and her private key, along with the MIME body part, to the PKCS #7 engine. The output of the PKCS engine will be a BER encoded PKCS #7 entity. Recall the BER data is represented as octets; which don t often transfer well between different E- mail systems; thus, they would have to be encoded into 7 bit values (e.g. base64ed ) before being transported via E-mail. After the base64 encoding, a new MIME header is

placed on the entity (MIME-Version: 1.0; Content-Type: application/x-pkcs7-mime; Content-Transfer-Encoding: base64), then this body is placed inside an RFC 822 message (e.g. To: Person B@company_X.com; From: Person_A@company_Y.com...). The message could then be sent to Person B using standard SMTP mail. Assuming Person B has Person A s public key; once the message was received by Person B, he could authenticate and decrypt the message. A S/MIME based Telemetry Disbursement System A system utilizing S/MIME technology could be deployed to securely share telemetry data products. The general principal of the Secure File Sharing Disbursement System (SFSDS) is to have telemetry data quickly (and securely) sent out to experiment collaborators as soon as (test or mission) data is available. Central to this concept is the establishment of secure exchange directories on (Internet) networked collaborator computer systems. Each directory has a configuration file indicating whether files placed in that directory are to be treated as files to be sent out (output directory) or files to be read in (input directory). If the directory is an output directory, the configuration file needs to specify the MIME type of the data which will be typically placed in the directory, in addition to the common name of the organization (or person) the data should be sent to. It also needs to contain the common name of the sender (along with his encrypted password to access his private key) and the type of security to utilize when sending the data (e.g. signed, encrypted, or signed and encrypted). Input directories need only specify the common name of the intended receiver, and the encrypted password to access E-mail messages waiting on the recipient s mail server. SFSDS Operation SFSDS will scan the secure exchange directories at specified intervals. Each file found in an output directory will be processed into an S/MIME message as described in the S/MIME section above. Each message will be delivered to a SMTP server via utilization of the POP [18] (Post Office Protocol, RFC 1725) communication protocol. The SMTP server will then deliver the S/MIME message to the intended recipient. When SFSDS encounters an input directory, it reads the configuration file so it can contact (via POP) the SMTP mail server and look for any messages for the specified recipient. Messages are copied to the input directory; whereupon, each is processed as a general MIME body. S/MIME messages found are sent to a PKCS engine for processing. The (possibly decrypted, possibly authenticated) data is then ready to be viewed or post processed with telemetry analysis software.

Conclusion The MIME enhancement for RFC 822 has made it possible for arbitrary binary data to be easily transported using SMTP mail over TCP/IP networks. PKCS #7, and PKCS #10 have facilitated interoperable cryptographic applications which allow for message privacy, authentication, and integrity. BER encoded PKCS data has been given a MIME Sub-Type tag of x-pkcs7-mime; otherwise known as S/MIME. The SFSDS system utilizes S/MIME technology to facilitate automated, secure transport of telemetry or other data products. It is intended to aid telemetry analysis for missions which are supported by large contractor teams that are not co-located. References [1] J. R. Kalibjian, Group Telemetry Analysis Using the World Wide Web, ITC/USA 1996 Proceedings, October 1996. [2] J. B. Postel, Simple Mail Transfer Protocol, RFC 821, August 1982. [3] D. H. Crocker, Standard for the Format of ARPA Internet Text Messages, RFC 822, August 1982. [4] N. Freed, N. Borenstein, Multipurpose Internet Mail Extensions Part One: Format of Internet Message Bodies, RFC 2045, November 1996. [5] N. Freed, N. Borenstein, Multipurpose Internet Mail Extensions Part Two: Media Types, RFC 2046, November 1996. [6] K. Moore, Multipurpose Internet Mail Extensions Part Three: Message Header Extensions for Non-ASCII Text, RFC 2047, November 1996. [7] N. Freed, J. Klensin, J. Postel, Multipurpose Internet Mail Extensions Part Four: Registration Procedures, RFC 2048, November 1996. [8] N. Freed, N. Borenstein, Multipurpose Internet Mail Extensions Part Five: Conformance Criteria and Examples, RFC 2049, November 1996. [9] RSA Laboratories, PKCS #7: Cryptographic Message Syntax Standard. Version 1.5, PKCS #7, November 1993. [10] RSA Laboratories, PKCS #10: Certification Request Syntax Standard. Version 1.0, PKCS #10, November 1993.

[11] X.208 CCITT, Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1), 1988. [12] X.209 CCITT, Recommendation X.209: Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1), 1988. [13] B. Schneier, Applied Cryptography, John Wiley & Sons, Inc., 1993. [14] W. Diffie and M.E. Helman, New Directions in Cryptography, IEEE Transactions on Information Theory, v. IT-22, n. 6, Nov. 1976, pp. 644-654. [15] R. Rivest, A. Shamir, and L. Adelman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, v. 21, n. 2, Feb. 1978, pp. 120-126. [16] X.509 CCITT, Recommendation X.509: The Directory--Authentication Framework, 1988. [17] S. Dusse, S/MIME Message Specification: PKCS Security Services for MIME, Internet Draft, September 1996. [18] J. Myers, M. Rose, Post Office Protocol - Version 3, RFC 1725, November 1994.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback