Distributed Systems Security

Size: px
Start display at page:

Download "Distributed Systems Security"

Transcription

1 Distributed Systems Security Protocols (Application Layer) Prof. Dr. Stefan Fischer Institut für Telematik, Universität zu Lübeck https://www.itm.uni-luebeck.de/people/fischer

2 Overview Security on the Application Layer Mostly message-based security Example: Basics of (Format, MIME, SMTP) System Examples: PGP and S/MIME Example: XML Messaging / Web Service Security XML Encryption and XML Signature WS-Security Security - 07c Network and Transport Layer #2

3 SMTP and Security Basics Security - 04 Cryptology #3

4 Security - 04 Cryptology #4 SMTP Basics Mail client (MUA, mail user agent) sends a mail to its mail server (MSA, mail submission agent) MSA delivers mail to mail transfer agent (MTA) MTA look up the mail exchanger record (MX record) for the recipient's domain Forwards mail to destination MTA Destination MTA forwards mail to mail delivery agent (MDA) Saves the message in the recipients mailbox Clients use IMAP, POP, web interfaces, etc. to receive s MUA MSA MTA MTA MDA MUA SMTP SMTP POP, IMAP,...

5 Message Format Simple, text-based format Message comprised of headers and body Header Blank line Body From: Dennis Pfisterer To: Subject: HiWi Job zu vergeben Content-Type: text/plain; charset=iso Content-Transfer-Encoding: 8bit [...more headers...] Hallo allerseits, [...] Viele Grüße, Dennis Security - 04 Cryptology #5

6 Message Format: Issues Only supports 7-bit ASCII characters What about other characters? What about binary data? Traditional solution: Base64 encoding (increases size by ~30%) Solution: Multipurpose Internet Mail Extensions (MIME) Defined in RFC 5322 MIME extends the format to support Non-ASCII characters (body and headers) Message body comprised of multiple parts Security - 04 Cryptology #6

7 Security - 04 Cryptology #7 MIME Headers MIME defines new headers Inform receivers about the content type and format of messages Indication that the MIME format is used Header MIME-Version: 1.0 is present Identification of the content type Comprised of a type and subtype E.g. Content-type: text/plain; charset=iso Identification of the content encoding during transfer 7bit for standard SMTP or 8bit for extended SMTP quoted-printable : encodes non-printable characters (e.g., Universit=E4t zu L=FCbeck ) Base64 : content is Base64-encoded E.g., Content-Transfer-Encoding: quoted-printable

8 Security - 04 Cryptology #8 MIME Types RFC 2046 defines a set of major and minor types for different types of content Originally only intended for the Content-Type header field Today, the MIME-type is used in many different contexts File Extensions.htm.html.txt.gif.png.jpg.jpeg.gz.ai.eps.ps.exe.bin.zip.avi.pdf MIME Content Type text/html text/plain image/gif image/png image/jpeg application/x-gzip application/postscript application/octet-stream application/x-zip-compressed video/x-msvideo application/pdf Important major types Text, Image, Audio, Video Application Multipart Message.doc.docx application/msword.js text/javascript.qt.mov video/quicktime.mpeg.mpg.mpe video/mpeg.wav audio/x-wav.rtf application/rtf

9 Security - 04 Cryptology #9 MIME Type multipart Allow messages to be composed of several parts Major type multipart supports a variety of different minor types multipart/alternative Allows the same content to be represented in different formats (e.g., text/plain and text/html) Only the most suitable one is shown to the user multipart/digest Groups multiple text messages into one document multipart/mixed Allows an to be composed of multiple parts with different content types multipart/related Each part is a component of an aggregate whole E.g., HTML- (text/html) plus referenced images (text/jpg)

10 MIME Type multipart Parts are separated by boundaries Boundary ID specified in the contenttype header Individual parts are separated with boundary lines Start of a part: -- + Boundary ID After last part -- + Boundary ID + -- Multiparts may be nested MIME-Version: 1.0 From: Dennis Pfisterer To: Dennis Pfisterer Content-Type: multipart/alternative; boundary= boundary" This is a multi-part message in MIME format. --boundary Content-Type: text/plain; charset=iso ; format=flowed Content-Transfer-Encoding: 7bit Das ist eine Testmail. --boundary Content-Type: text/html; charset=iso Content-Transfer-Encoding: 7bit Example multipart/alternative on the first level to allow for non-html MUAs multipart/related on the second level to include images referenced in the HTML document <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso "> </head> <body bgcolor="#ffffff" text="#000000"> Das ist eine Testmail. </body> </html> --boundary-- Security - 04 Cryptology #10

11 Security - 04 Cryptology #11 Example: Nested multiparts From: Dennis Pfisterer MIME-Version: 1.0 To: Dennis Pfisterer Subject: Testmail mit Bild Content-Type: multipart/alternative; boundary= " This is a multi-part message in MIME format Content-Type: text/plain; charset=iso ; format=flowed Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=iso Content-Transfer-Encoding: 7bit <html><head><meta http-equiv="content-type" content="text/html; charset=iso "></head> <body bgcolor="#ffffff" text="#000000"> Das ist eine Testmail mit Bild. <br><br> <img </body> </html> Das ist eine Testmail mit Bild Content-Type: multipart/related; boundary= " [...] Content-Type: image/png; name="logoitm.png" Content-Transfer-Encoding: base64 Content-ID: Content-Disposition: inline; filename="logoitm.png" ivborw0kggoaaaansuheugaaasaaaabxcayaaack05hn AAAAAXNSR0IArs4c6QAAAAZiS0dE [...] +yygtayedap/dxjmkwtsbjanaaaaaelftksuqmcc

12 SMTP Protocol Text-based, human-readable protocol Client issues commands, server responds with status code and human-readable description Initially, the client sends a HELO command (e.g., HELO example.com) and server replies (e.g., 250 itm01.itm.uniluebeck.de) SMTP sessions consists of zero or more SMTP transactions Each transaction comprises a sequence of MAIL, one or more RCPT, and one DATA command After the DATA command, the is sent Finalized by a blank line with. Security - 04 Cryptology #12

13 SMTP Protocol Example Client initially performs a HELO handshake Client then communicates sender, recipient, and message 220 itm01.itm.uni-luebeck.de ESMTP Postfix (Debian/GNU) HELO example.com 250 itm01.itm.uni-luebeck.de MAIL FROM: Ok RCPT TO: Ok DATA 354 End data with <CR><LF>.<CR><LF> From: Dennis Pfisterer To: Subject: HiWi Job zu vergeben Content-Type: text/plain; charset=iso Content-Transfer-Encoding: 8bit Hallo allerseits, [...] Viele Grüße, Dennis Ok: queued as F8E1 quit Bye Security - 04 Cryptology #13

14 Security - 04 Cryptology #14 SMTP Protocol Example Example shows received message at the client Contains more / different headers than the original message Headers are modified by transit systems E.g., to support debugging or to add antispam headers Return-Path: X-Original-To: Delivered-To: Received: from example.com (localhost.localdomain [ ]) by itm01.itm.uni-luebeck.de (Postfix) with SMTP id F8E1 for Mon, 18 Jun :05: (CEST) From: Dennis Pfisterer To: Subject: HiWi Job zu vergeben Content-Type: text/plain; charset=iso Content-Transfer-Encoding: 8bit Message-Id: Date: Mon, 18 Jun :05: (CEST) Hallo allerseits, [...] Viele Grüße, Dennis

15 ESMTP Extensions Instead of sending HELO, clients send EHLO (Extended HELLO) Servers supporting ESMTP answer with a list of supported extensions ip2.rz.uni-luebeck.de EHLO example.com 250-ip2.rz.uni-luebeck.de 250-8BITMIME 250 SIZE itm01.itm.uni-luebeck.de EHLO example.com 250-itm01.itm.uni-luebeck.de 250-PIPELINING 250-SIZE VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Servers not supporting ESMTP answer with an error code Server not supporting ESMTP EHLO example.com Error: command not recognized Security - 04 Cryptology #15

16 ESMTP Extension: STARTTLS Generic extension to plain text protocols Method to upgrade existing, unsecured connections to TLS protected ones Allows offering the same service unencrypted and encrypted on the same port (e.g., 25 for mail) Protocol remains unchanged after the initial upgrade Defined for many well-known protocols SMTP (RFC 3207) IMAP and POP3 (RFC 2595) XMPP (RFC 3920) LDAP (RFC 2830) NNTP (RFC 4642) 220 mail.example.org ESMTP service EHLO example.org 250-mail.example.org welcomes you 250 STARTTLS STARTTLS 220 Go ahead <client and server TLS negotiation> EHLO example.org... Unmodified protocol over secure TLS connection Security - 04 Cryptology #16

17 ESMTP Extension: STARTTLS for SMTP Mostly used for MUA MTA interactions i.e., clients sending mail Due to spam issues, many MTAs only accept mail for the served domain or require clients to authenticate before relaying mail Often, authentication involves transmission of the password in plain text Requires a safe communication channel Often provided using TLS and the STARTTLS extension of SMTP Security - 04 Cryptology #17

18 Security: Motivation Data passed in plaintext between SMTP servers No protection of confidentiality, integrity, and authenticity Sender Often TLS secured and authenticated No confidentiality, no authenticated connections Data processed on untrusted systems Receiver Sender SMTP Organization Outgoing SMTP Intermediate SMTP Organization Incoming SMTP SPAM Filter Appliance Receiver SMTP Security - 04 Cryptology #18

19 Security Objectives for Which security objectives are important for ? Confidentiality? Authenticity? Integrity? Non-Repudiation? Access Control? Availability? Typically implemented security objectives Confidentiality End-to-end encryption Integrity Avoid undetected changes Authenticity Detect forged s Non-Repudiation Requires electronic signatures Security - 04 Cryptology #19

20 Pretty Good Privacy (PGP) Security - 04 Cryptology #20

21 Pretty Good Privacy Pretty Good Privacy (PGP) First Release by Phil Zimmermann (1991) For practical and simplified use of strong cryptography Designed for confidential and authenticated Extended for securing documents and network traffic... SET PGP Kerbero s HTTP IP / IPSec SMTP S/MIM E PGP initially limited to the US Due to laws limiting export of weapons Code published as a book and sold world-wide (freedom of speech) Text was scanned and OCRed by volunteers PGPi Since 1998 OpenPGP is standardized by the IETF [rfc ] An open source implementation of OpenPGP is Security - 07b Application Layer #21

22 Pretty Good Privacy A user owns one or multiple asymmetric key pairs Users claim to own a certain public key Public & Private Key Pair... Public & Private Key Pair PGP doesn t use a classical public key infrastructure to certify <identity, public-key> pairs + Public Key Requires a safe key distribution scheme Security - 04 Cryptology #22

23 Security - 04 Cryptology #23 PGP Key Distribution Physical exchange USB stick, CD,... Exchange via Internet Via , web pages, PGP key server,... Requires follow-up checks E.g., phone connection with verification of key fingerprint Alternative: web of trust Users digitally sign key of others

24 PGP Web of Trust Users sign <identity, public-key> pairs of others Forms a directed graph of signatures Different trust levels associated with the signature (depending on the types of checks performed) Unknown Not Trusted Marginal (some checks performed) Complete (full trust) Ultimate (own private key) Complete Alice Bob Peter Ultimate Marginal Carl Marginal Security - 04 Cryptology #24

25 PGP Web of Trust Signatory Trust Bob signs Carl s key; Alice trusts Bob Only complete or marginal signatures are used Alice assigns Carl s key the same trust level as Bob Key Legitimacy Trust in key authenticity is calculated from signatory trust Complete Marginal Alice Bob x: Number of signatures with signatory trust marginal y: same with complete X: Number of required marginal signatures for a key to be considered authentic (often 2) Y: same with complete signatures (often 1) Carl key_leg = (x/x) + (y/y) = 0: untrusted; < 1: partially authentic; >=1 fully authentic Security - 04 Cryptology #25

26 Security - 04 Cryptology #26 Figure source: PGP Key Signing Parties People meet in person to sign a number of keys They upload their signatures to a key server Improves web of trust by adding a lot of strongly verified keys

27 PGP: Authentication & Integrity PGP uses cryptographic hash values to protect integrity These are digitally signed to proof the authenticity of messages Algorithms Cryptographic hashes: RIPEMD-160, MD5, SHA-1, SHA-2, and Tiger Digital signatures algorithms: DSA and RSA M h(m) E KPriv,a (h(m)) M + signed hash Zip Zip -1 M + signed hash h(m) Compare D KPub,a (signed-hash) Security - 04 Cryptology #27

28 PGP: Confidentiality PGP uses hybrid encryption (asymmetric + symmetric) A temporary symmetric key is generated (session key) Message is encrypted symmetrically with the session key Session key is encrypted asymmetrically (one or more times and appended to the message ciphertext) Public keys used are those of the sender and all receivers Advantages of hybrid encryption Multiple recipients with only one message ciphertext (less bandwidth) Symmetric encryption is much faster Algorithms Block ciphers: CAST5, Camellia, Triple DES, AES, Blowfish, and Twofish Asymmetric-key ciphers: ElGamal and RSA Security - 04 Cryptology #28

29 Security - 07b Application Layer #29 PGP: Confidentiality Sender Generates random session key K Message is compressed and symmetrically encrypted with K K is asymmetrically encrypted with receivers public key and appended to the message Receiver Uses its private key to decrypt K Decrypt message with K and decompress message Sender A Receiver B M Z M' E K E C D D K M' Z -1 M KUB KRB

30 PGP: Compatibility with PGP generates binary data Compressed and encrypted data Standard format only supports 7 bit data Solution could be to use MIME For compatibility, another solution has been chosen PGP encodes binary data with printable ASCII characters Uses Base64 algorithm with additional CRC appended This extension is called Radix-64 (see next slide) Application Data Add Signature Compress Encrypt Add KeyInfo Base64 + CRC Security - 07b Application Layer #30

31 Security - 04 Cryptology #31 Radix-64 Blocks of three bytes are encoded with four characters Replacement characters determined by 6 Bit value (0-63) Text length % 3!= 0: zero bits padded Number of padded characters indicated by one or two = characters at the end Additionally adds a CRC-24 value Polynomials specified in RFC2440 Properties Increases text size by ~30% Not even partially readable (cf. quoted printable) Byte #1 Byte #2 Byte # Character #1 Character #2 Character #3 Character #4 Value Char Value Char Value Char Value Char 0 A 16 Q 32 g 48 w 1 B 17 R 33 h 49 x 2 C 18 S 34 i 50 y 3 D 19 T 35 j 51 z 4 E 20 U 36 k F 21 V 37 l G 22 W 38 m H 23 X 39 n I 24 Y 40 o J 25 Z 41 p K 26 a 42 q L 27 b 43 r M 28 c 44 s N 29 d 45 t O 30 e 46 u P 31 f 47 v 63 /

32 PGP Standard Message Format Header Body From: Dennis Pfisterer MIME-Version: 1.0 To: Dennis Pfisterer Subject: Test message - PGP signed and encrypted Content-Type: text/plain; charset=iso Content-Transfer-Encoding: quoted-printable -----BEGIN PGP MESSAGE----- Charset: ISO Version: GnuPG v (MingW32) Comment: GnuPT v3.6.3 Comment: Using GnuPG with Mozilla - =20 hqioa00tjphncwtneagaqmlfk63y4seux5idrqo4acajerndurcwtpsxwprw ZQs4 [...] cysmpuqwdejdmggydy3mbo0b4ifi1kvbjqxnj1kvwzhvqjadvqdymbkcuttyn 6XG GCNce+M=3D =3DBKO END PGP MESSAGE----- Security - 07b Application Layer #32

33 Security - 07b Application Layer #33 PGP/MIME Message Format To: Dennis Pfisterer From: Dennis Pfisterer MIME-Version: 1.0 Subject: Test message - PGP signed and encrypted Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="enigf6545c92" This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156) --enigf6545c92 Content-Type: application/pgp-encrypted Content-Description: PGP/MIME version identification Version: 1 --enigf6545c92 Content-Type: application/octet-stream; name="encrypted.asc" Content-Description: OpenPGP encrypted message Content-Disposition: inline; filename="encrypted.asc" -----BEGIN PGP MESSAGE----- Version: GnuPG v (MingW32) hqioa00tjphncwtneagaz+vwfstebf/jd0tl5jtfq84m6ozpqkmjgmb4hymzmldw [...] =1JfL -----END PGP MESSAGE enigf6545c92--

34 Issues with PGP No infrastructure / PKI Users select trust level of keys Users must transitively trust others Hard to revoke compromised keys Privacy Private key contains personal data ( addresses) Web of Trust can be used to analyze relationships with other users Security - 07b Application Layer #34

35 Secure/Multipurpose Internet Mail Extensions (S/MIME) Security - 04 Cryptology #35

36 Secure/Multipurpose Internet Mail Extensions Standard for public key encryption and signing of MIME data Mostly used by organizations that operate and use a PKI Signatures based on X.509 certificates... SET PGP Kerbero s HTTP IP / IPSec SMTP S/MIM E Originally developed by RSA Data Security Inc. Now standardized by the IETF RFC 3850 (Certificate Handling) [rfc ] RFC 3851 (Message Specification) [rfc ] Initially used PKCS#7 as format Later changed to Cryptographic Message Syntax Specified in RFCs 3369, 3370 [rfc , rfc3370- Security - 04 Cryptology #36

37 S/MIME Definition of new MIME Content Types Enveloped Data Encrypted content of arbitrary (inner) type Use of hybrid encryption (just like PGP) Symmetric session key encrypted with public keys of sender and recipients Signed Data Message digest (cryptographic hash) of a MIME part are digitally signed with the private key of the sender Signed-and-Enveloped Data Combination of both Security - 04 Cryptology #37

38 Security - 07b Application Layer #38 S/MIME Entity: Enveloped (Encrypted) Data MIME entity K E KUB E Certs Key info C b64 S/MIME Header S/MIME body S/MIME envelope S/MIME entity

39 S/MIME Entity: Enveloped (Encrypted) Data From: Dennis Pfisterer MIME-Version: 1.0 To: Dennis Pfisterer Subject: S/MIME Test Content-Type: application/pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7m" Content-Description: S/MIME Encrypted Message MIAGCSqGSIb3DQEHA6CAMIACAQAxggGjMIIBnwIBADCBhjB7MQswCQYDVQQGEwJERT EgMB4G A1UEChMXVW5pdmVyc2l0YWV0IHp1IEx1ZWJlY2sxJzAlBgNVBAMTHkNBIGRlciBVbml2ZXJ z [ ] dko7r+9413cb/fcwgayjkozihvcnaqcbmbqgccqgsib3dqmhbagdlezkiy+2oqcabhiehjf j 134+krNo74glU1Ozungs9NMlBYL3Jx18Pvat/ENUV2MWkjGA85kYFYZigvG2+gbL0epJjfYm HPGgWmmwY93VFaTfm9ixbh9k5/IlP/CjISR9YDBkJVnKYiMdJqqTaW+6U/a0MIXXa/eQZ3c4 Security - 04 Cryptology #39

40 Security - 07b Application Layer #40 S/MIME Entity: Signed Data MIME entity H KRA E Certs Sig MIME entity b64 S/MIME Header S/MIME body S/MIME signed-data S/MIME entity

41 S/MIME Entity: Signed Data From: Dennis Pfisterer MIME-Version: 1.0 To: Dennis Pfisterer Subject: S/MIME signature test Content-Type: multipart/signed; protocol="application/pkcs7-signature ; micalg=sha1; boundary=" ms " This is a cryptographically signed message in MIME format ms Content-Type: text/plain; charset=iso Content-Transfer-Encoding: quoted-printable This is an S/MIME signature test ms Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOcjCC [...] byoqr9x22qplroaarhoqxacrpt5oqfnvbl5v48f1f/k84mnymrgjbovsf7aryqhqusdur8tb feu/aaaaaaaa ms Security - 04 Cryptology #41

42 Security - 04 Cryptology #42 S/MIME Entity: Signed Data with Attachment From: Dennis Pfisterer MIME-Version: 1.0 To: Dennis Pfisterer Subject: S/MIME attachment test Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=" ms " This is a cryptographically signed message in MIME format ms Content-Type: multipart/mixed; boundary=" " This is a multi-part message in MIME format Content-Type: text/plain; charset=iso Content-Transfer-Encoding: quoted-printable This is an S/MIME attachment test Content-Type: image/png; name="screenshot.png" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="screenshot.png" ivborw0kggoaaaansuheugaaa14aaanjcayaaac6pmubaaaaaxnsr0iars4c6qaaaarnqu1b [...] ig6uva24aaaaaelftksuqmcc ms Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOcjCC [...] QYkMtV8lI7ov6Hpm4YEoYPdSRASo1IFm57RQMS+quVsrz5DZ9GBcywmWmcVAsWn2ZZGTypoJ iwkwaaaaaaaa ms

43 Web Service Sicherheit Security - 04 Cryptology #43

44 Sicherheit Die Kombination von Authentifizierung und HTTPS schützt vor Mithören der Nachrichten Unbefugtem Zugriff auf die Ressourcen Einfache und trotzdem mächtige Kombination Trotzdem sind Verbesserungen nötig Schutz der Nachrichten vor Veränderungen Transportunabhängige Verschlüsselungen

45 Sicherheit auf Nachrichtenebene Deshalb setzt man oft auf Sicherheitsmechanismen, die auf Nachrichtenebene ansetzen. Aktuelle Ansätze: XML Encryption XML Signature XML Encryption: Verschlüsselung auch von Teilen einer Nachricht die Nachricht kann zwischen mehreren Stationen weiter vermittelt werden XML Signature: liefert Authentifizierung des Senders, Integrität der Nachricht, Zurechenbarkeit zu einer Person und Nicht- Anfechtbarkeit der Transaktion

46 XML Encryption Granularität der Verschlüsselung: Es kann ein komplettes Element verschlüsselt werden, also dessen Inhalt (der selbst wieder aus Kindelementen bestehen kann) und sein Name (Tag). Damit wird sowohl der eigentlich wichtige Inhalt als auch die Tatsache, dass ein Element dieses Typs übertragen wird, verschleiert. Es kann nur der Inhalt des Elements verschlüsselt werden. Dies ist eine sinnvolle Variante, wenn es keine Rolle spielt, ob die Tatsache der Übertragung eines bestimmten Elements bekannt wird. Schließlich kann auch ein ganzes XML-Dokument verschlüsselt werden. Unterschiedliche Teile eines Dokuments können für unterschiedliche Empfänger verschlüsselt werden. Es kann eine Vielzahl Verschlüsselungsverfahren eingesetzt und kombiniert werden. Je weniger verschlüsselt wird, desto schneller ist der Prozess.

47 Beispiel: Kreditkartennummer <soapenv:body> <ns1:buche xmlns:ns1="http://www. webair.de/buchung"> <flugnummer>wa417</flugnummer> <sitze>3</sitze> <datum> t12:00:00.000z</datum> <preis>eur 1399,00</preis> <karte> <typ>easycredit</typ> <nummer> </nummer> <besitzer>ws-reisen</besitzer> <gueltig-bis> </gueltig-bis> </karte> </ns1:buche> </soapenv:body>

48 Verschlüsselung <soapenv:body> <ns1:buche xmlns:ns1="http://www.web-air.de/buchung"> <flugnummer>wa417</flugnummer> <sitze>3</sitze> <datum> t12:00:00.000z</datum> <preis>eur 1399,00</preis> <EncryptedData Id="ed1" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/ xmlenc#rsa-1_5"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>Web Air</KeyName> </KeyInfo> <CipherData> <CipherValue>MEn/q Nc2OwS</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>aQgT RGOqoh5Y=</CipherValue> </CipherData> </EncryptedData> </ns1:buche> </soapenv:body>

49 XML Signature Realisierung von digitalen Signaturen für XML-Dokumente. Eine XML-Signatur kann auf drei verschiedene Arten mit dem unterschriebenen Objekt in Verbindung stehen. Sie kann selbst in das Objekt eingebettet sein, dann spricht man von einer Enveloped Signature. Das Objekt kann in die Signatur eingebettet sein, dann bezeichnet man dies als Enveloping Signature. Das Objekt kann sich an einem ganz anderen Ort befinden, der über eine URI referenziert wird, wobei man dann von einer Detached Signature spricht. Unterschiedliche Teile eines Dokuments können von unterschiedlichen Empfängern signiert werden. Es kann eine Vielzahl Signatur- und Normalisierungsverfahren eingesetzt und kombiniert werden.

50 XML-Normalisierung Problem: Logisch gleiche XML-Dokumente können aufgrund von Leerzeichen, Zeilenumbrüchen, etc. unterschiedlich serialisiert sein. Gleiche Dokumente können unterschiedliche Hash- Werte haben. Lösung: Normalisierung Transformation von XML-Dokumenten in eine XML- Teilmenge, die logisch gleiche Dokumente immer gleich serialisiert. Hash-verfahren können nun angewendet werden. XML Signature setzt Normalisierung voraus.

51 Beispiel <?xml version="1.0" encoding="utf-8"?> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo Id="2ndDecemberNewsItem"> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n "/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <Reference URI="http://www.news_company.com/news/2004/12_02_04.htm"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue> </Reference> <Reference URI="#AMadeUpTimeStamp" Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>k3453rvEPO0vKtMup4NbeVu8nk=</DigestValue> </Reference> </SignedInfo> <SignatureValue>MC0E~LE= </SignatureValue> <KeyInfo> <X509Data> <X509SubjectName> CN=News Items Inc., O=Today s News Items, C=USA </X509SubjectName> <X509Certificate> MIID5jCCA0+gA...lVN </X509Certificate> </X509Data> </KeyInfo> <Object> <SignatureProperties> <SignatureProperty Id="AMadeUpTimeStamp" Target="#2ndDecemberNewsItem"> <timestamp xmlns="http://www.ietf.org/rfcxxxx.txt"> <date> </date> <time>18:30</time> </timestamp> </SignatureProperty> </SignatureProperties> </Object> </Signature>

52 Web-Services-Sicherheitserweiterungen WS- SecureConversation WS-Federation WS-Authorization WS-SecurityPolicy WS-Trust WS-Privacy WS-Security SOAP XML-Signature XML-Encryption

53 WS-Security Spezifikation für XML-basierten Container für Sicherheitsmetadaten Ermöglicht die Verwendung/Anbindung von Vielzahl Sicherheitslösung an Webservice- Technologie (z.b. Kerberos) Schwerpunkt: Verwendung von XML Signature und XML Encryption in Webservice-Kommunikation

54 WS-Security structure

55 WS-SecurityPolicy Web Service Security Policy Language Erweiterung von WS-Policy um Möglichkeiten zur Beschreibung von Sicherheitsrichtlinien Definition von sicherheitsrelevanten Zusicherungen auf verschiedenen Ebenen: Transportebene Nachrichtenebene

56 Beispiel <definitions [ ]"> [ ] <ns8:policy xmlns:ns8="http://schemas.xmlsoap.org/ws/2004/09/policy" wsu:id="calculatorwsportbinding_add_input_policy"> <ns8:exactlyone> <ns8:all> <ns9:encryptedparts xmlns:ns9="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <ns9:body></ns9:body> </ns9:encryptedparts> <ns10:signedparts xmlns:ns10="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <ns10:body></ns10:body> <ns10:header Namespace="http://www.w3.org/2005/08/addressing" Name="ReplyTo"></ns10:Header> <ns10:header Namespace="http://www.w3.org/2005/08/addressing" Name="To"></ns10:Header> [...] </ns10:signedparts> </ns8:all> </ns8:exactlyone> </ns8:policy>

57 Beispiel (Fortsetzung) [...] <message name="add"> <part name="parameters" element="tns:add"></part> </message> [...] <porttype name="calculatorws"> <operation name="add"> <input message="tns:add"></input> <output message="tns:addresponse"></output> </operation> </porttype> <binding name="calculatorwsportbinding" type="tns:calculatorws"> <ns14:policyreference xmlns:ns14="http://schemas.xmlsoap.org/ws/2004/09/policy" URI="#CalculatorWSPortBindingPolicy"></ns14:PolicyReference> <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"></soap:binding> <operation name="add"> <soap:operation soapaction="add"></soap:operation> <input> <ns15:policyreference xmlns:ns15="http://schemas.xmlsoap.org/ws/2004/09/policy" URI="#CalculatorWSPortBinding_add_Input_Policy"></ns15:PolicyReference> <soap:body use="literal"></soap:body> </input> [...] </operation> </binding> [...] </definitions>

SMTP Basics. Email Message Format. Simple, text-based format. Message comprised of headers and body. Email Message Format: Issues

SMTP Basics. Email Message Format. Simple, text-based format. Message comprised of headers and body. Email Message Format: Issues Distributed Systems Security Protocols (Application Layer) Prof. Dr. Stefan Fischer Institut für Telematik, Universität zu Lübeck https://www.itm.uni-luebeck.de/people/fischer Overview Security on the

More information

Electronic Mail Security

Electronic Mail Security Electronic Mail Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Electronic mail security. MHS (Message Handling System)

Electronic mail security. MHS (Message Handling System) Electronic mail security Diana Berbecaru < diana.berbecaru @ polito.it> Politecnico di Torino Dip. Automatica e Informatica MHS (Message Handling System) MS MS MUA MUA (Message Transfer ) MS (Message Store)

More information

Prof. Sead Muftic Feng Zhang. Lecture 10: Secure E-mail Systems

Prof. Sead Muftic Feng Zhang. Lecture 10: Secure E-mail Systems Prof. Sead Muftic Feng Zhang Lecture 10: Secure E-mail Systems Lecture 10 : Secure E mail Systems Subjects / Topics : 1. Secure E mail systems 2. Secure, Trusted, Authorized and Reliable E Mail System

More information

4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks

4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.1:

More information

Email. MIME is the protocol that was devised to allow non-ascii encoded content in an email and attached files to an email.

Email. MIME is the protocol that was devised to allow non-ascii encoded content in an email and attached files to an email. Email Basics: Email protocols were developed even before there was an Internet, at a time when no one was anticipating widespread use of digital graphics or even rich text format (fonts, colors, etc.),

More information

Electronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure

Electronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by

More information

Cryptography and Network Security Chapter 15

Cryptography and Network Security Chapter 15 Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure

More information

Network Security Essentials Chapter 7

Network Security Essentials Chapter 7 Network Security Essentials Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 7 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,

More information

Chapter 6 Electronic Mail Security

Chapter 6 Electronic Mail Security Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,

More information

Email, SNMP, Securing the Web: SSL

Email, SNMP, Securing the Web: SSL Email, SNMP, Securing the Web: SSL 4 January 2015 Lecture 12 4 Jan 2015 SE 428: Advanced Computer Networks 1 Topics for Today Email (SMTP, POP) Network Management (SNMP) ASN.1 Secure Sockets Layer 4 Jan

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

PGP from: Cryptography and Network Security

PGP from: Cryptography and Network Security PGP from: Cryptography and Network Security Fifth Edition by William Stallings Lecture slides by Lawrie Brown (*) (*) adjusted by Fabrizio d'amore Electronic Mail Security Despite the refusal of VADM Poindexter

More information

Lecture 10: 1. Secure E mail E systems. Systems. Page 1

Lecture 10: 1. Secure E mail E systems. Systems. Page 1 1 2 Prof. Sead Matei Ciobanu Morogan Abdul Ghafoor Abbasi Lecture 10: Secure E-mailE Lecture 10 : Secure E mail E Subjects / opics : 1. Secure E mail E systems 2. Secure, rusted, Authorized and eliable

More information

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr.

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr. Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance

More information

Electronic Mail Security

Electronic Mail Security email 1 Electronic Mail Security Slide 1 Characteristics File transfer, except... sender, receiver may not be present at the same time diversity(charactersets, headers,...) not a transparent channel (8

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 11: Email security: PGP and S/MIME Ion Petre Department of IT, Åbo Akademi University February 14, 2012 1 Email

More information

19531 - Telematics. 13th Tutorial - Application Layer Protocols

19531 - Telematics. 13th Tutorial - Application Layer Protocols 19531 - Telematics 13th Tutorial - Application Layer Protocols Bastian Blywis Department of Mathematics and Computer Science Institute of Computer Science 03. February, 2011 Institute of Computer Science

More information

Networking Applications

Networking Applications Networking Dr. Ayman A. Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Electronic Mail 1 Outline Introduction SMTP MIME Mail Access

More information

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network. Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components

More information

Electronic Mail: SMTP

Electronic Mail: SMTP 1 Electronic Mail: SMTP Electronic mail Asynchronous exchange of data sender does not know when (if) data reaches receiver mail user agent (MUA) outgoing mail queue client message transfer agent (MTA)

More information

Communication Systems Network Applications - Electronic Mail

Communication Systems Network Applications - Electronic Mail Scope Communication Systems Network s - Electronic Mail Prof. Dr.-Ing. Lars Wolf TU Braunschweig Institut für Betriebssysteme und Rechnerverbund Mühlenpfordtstraße 23, 38106 Braunschweig, Germany Email:

More information

Network Services. Email SMTP, Internet Message Format. Johann Oberleitner SS 2006

Network Services. Email SMTP, Internet Message Format. Johann Oberleitner SS 2006 Network Services Email SMTP, Internet Message Format Johann Oberleitner SS 2006 Agenda Email SMTP Internet Message Format Email Protocols SMTP Send emails POP3/IMAPv4 Read Emails Administrate mailboxes

More information

Email Electronic Mail

Email Electronic Mail Email Electronic Mail Electronic mail paradigm Most heavily used application on any network Electronic version of paper-based office memo Quick, low-overhead written communication Dates back to time-sharing

More information

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used:

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used: Evolution of the WWW Communication in the WWW World Wide Web (WWW) Access to linked documents, which are distributed over several computers in the History of the WWW Origin 1989 in the nuclear research

More information

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,

More information

E-Mail Security. Raj Jain. Washington University in St. Louis

E-Mail Security. Raj Jain. Washington University in St. Louis E-Mail Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/

More information

CPSC 360 - Network Programming. Email, FTP, and NAT. http://www.cs.clemson.edu/~mweigle/courses/cpsc360

CPSC 360 - Network Programming. Email, FTP, and NAT. http://www.cs.clemson.edu/~mweigle/courses/cpsc360 CPSC 360 - Network Programming E, FTP, and NAT Michele Weigle Department of Computer Science Clemson University mweigle@cs.clemson.edu April 18, 2005 http://www.cs.clemson.edu/~mweigle/courses/cpsc360

More information

Internet Technology 2/13/2013

Internet Technology 2/13/2013 Internet Technology 03r. Application layer protocols: email Email: Paul Krzyzanowski Rutgers University Spring 2013 1 2 Simple Mail Transfer Protocol () Defined in RFC 2821 (April 2001) Original definition

More information

Electronic mail security. MHS (Message Handling System) E-mail on multi-user systems. Antonio Lioy - Politecnico di Torino (1995-2009) 1

Electronic mail security. MHS (Message Handling System) E-mail on multi-user systems. Antonio Lioy - Politecnico di Torino (1995-2009) 1 Electronic mail security Antonio Lioy < lioy @ polito.it> Politecnico di Torino Dip. Automatica e Informatica MHS (Message Handling System) MTA MSA MTA chain MTA MSA MS MS MUA MUA MUA (Message User Agent)

More information

This Working Paper provides an introduction to the web services security standards.

This Working Paper provides an introduction to the web services security standards. International Civil Aviation Organization ATNICG WG/8-WP/12 AERONAUTICAL TELECOMMUNICATION NETWORK IMPLEMENTATION COORDINATION GROUP EIGHTH WORKING GROUP MEETING (ATNICG WG/8) Christchurch New Zealand

More information

Electronic mail security

Electronic mail security Electronic mail security Antonio Lioy < lioy @ polito.it> Politecnico di Torino Dip. Automatica e Informatica MHS (Message Handling System) MTA MSA MTA chain MTA MSA MS MS MUA MUA MUA (Message User Agent)

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP - Message Format. The Client/Server model is used:

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP - Message Format. The Client/Server model is used: Evolution of the WWW Communication in the WWW World Wide Web (WWW) Access to linked documents, which are distributed over several computers in the History of the WWW Origin 1989 in the nuclear research

More information

E-Mail security. Mag. iur. Dr. techn. Michael Sonntag

E-Mail security. Mag. iur. Dr. techn. Michael Sonntag Mag. iur. Dr. techn. Michael Sonntag E-Mail security E-Mail: sonntag@fim.uni-linz.ac.at http://www.fim.uni-linz.ac.at/staff/sonntag.htm Institute for Information Processing and Microprocessor Technology

More information

2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET)

2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET) 2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET) There are three popular applications for exchanging information. Electronic mail exchanges information between people and file

More information

Standards and Products. Computer Security. Kerberos. Kerberos

Standards and Products. Computer Security. Kerberos. Kerberos 3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2

More information

Domain Name System (DNS)

Domain Name System (DNS) Application Layer Domain Name System Domain Name System (DNS) Problem Want to go to www.google.com, but don t know the IP address Solution DNS queries Name Servers to get correct IP address Essentially

More information

Introduction to Cryptography

Introduction to Cryptography Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication

More information

CS43: Computer Networks Email. Kevin Webb Swarthmore College September 24, 2015

CS43: Computer Networks Email. Kevin Webb Swarthmore College September 24, 2015 CS43: Computer Networks Email Kevin Webb Swarthmore College September 24, 2015 Three major components: mail (MUA) mail transfer (MTA) simple mail transfer protocol: SMTP User Agent a.k.a. mail reader composing,

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Table of Contents. Electronic mail. History of email (2) History of email (1) Email history. Basic concepts. Aka e-mail (or email according to Knuth)

Table of Contents. Electronic mail. History of email (2) History of email (1) Email history. Basic concepts. Aka e-mail (or email according to Knuth) Table of Contents Electronic mail Aka e-mail (or email according to Knuth) Karst Koymans / Jeroen van der Ham Informatics Institute University of Amsterdam Tuesday, September 25, 2011 Email history Basic

More information

Cryptography and Security

Cryptography and Security Cunsheng DING Version 3 Lecture 17: Electronic Mail Security Outline of this Lecture 1. Email security issues. 2. Detailed introduction of PGP. Page 1 Version 3 About Electronic Mail 1. In virtually all

More information

CS549: Cryptography and Network Security

CS549: Cryptography and Network Security CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared

More information

Enterprise Applikation Integration und Service-orientierte Architekturen. 10 Webservices Addons

Enterprise Applikation Integration und Service-orientierte Architekturen. 10 Webservices Addons Enterprise Applikation Integration und Service-orientierte Architekturen 10 Webservices Addons Überblick über die Spezifikationen http://www.ws-universe.com/index.html [28.04.2010] Prof. Dr. Holger Wache

More information

PGP - Pretty Good Privacy

PGP - Pretty Good Privacy I should be able to whisper something in your ear, even if your ear is 1000 miles away, and the government disagrees with that. -- Philip Zimmermann PGP - Pretty Good Privacy - services - message format

More information

Encryption, Signing and Compression in Financial Web Services

Encryption, Signing and Compression in Financial Web Services Danske Bank Encryption, Signing and Compression in Financial Web Services Details of how to call the Danske Bank financial web service Version 2.4.7 Encryption, Signing and Compression in Financial Web

More information

Mail system components. Electronic Mail MRA MUA MSA MAA. David Byers

Mail system components. Electronic Mail MRA MUA MSA MAA. David Byers Electronic Mail PRINCIPLES DNS ARCHITECTURES SPAM Mail system components () () David Byers MRA davby@ida.liu.se IDA/ADIT/IISLAB Mail User Agent Reads and writes e-mail Writes e-mail to using (usually)

More information

Email. Daniel Zappala. CS 460 Computer Networking Brigham Young University

Email. Daniel Zappala. CS 460 Computer Networking Brigham Young University Email Daniel Zappala CS 460 Computer Networking Brigham Young University How Email Works 3/25 Major Components user agents POP, IMAP, or HTTP to exchange mail mail transfer agents (MTAs) mailbox to hold

More information

2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET)

2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET) 2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET) There are three popular applications for exchanging information. Electronic mail exchanges information between people and file

More information

Ciphermail Gateway Administration Guide

Ciphermail Gateway Administration Guide CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Administration Guide September 23, 2014, Rev: 9112 Copyright 2008-2014, ciphermail.com. Acknowledgements: Thanks goes out to Andreas Hödle for feedback. CONTENTS

More information

XML Encryption Syntax and Processing. Duan,Limiao 07,12,2006

XML Encryption Syntax and Processing. Duan,Limiao 07,12,2006 XML Encryption Syntax and Processing Duan,Limiao 07,12,2006 Agenda Introduction Encryption Overview and Examples - An XML Element - XML Element Content (Elements) - XML Element Content (Character Data)

More information

Protocolo FTP. FTP: Active Mode. FTP: Active Mode. FTP: Active Mode. FTP: the file transfer protocol. Separate control, data connections

Protocolo FTP. FTP: Active Mode. FTP: Active Mode. FTP: Active Mode. FTP: the file transfer protocol. Separate control, data connections : the file transfer protocol Protocolo at host interface local file system file transfer remote file system utilizes two ports: - a 'data' port (usually port 20...) - a 'command' port (port 21) SISTEMAS

More information

Ciphermail Gateway Administration Guide

Ciphermail Gateway Administration Guide CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Administration Guide October 10, 2015, Rev: 10214 Copyright 2008-2015, ciphermail.com. Acknowledgements: Thanks goes out to Andreas Hödle for feedback. CONTENTS

More information

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security

More information

A Noval Approach for S/MIME

A Noval Approach for S/MIME Volume 1, Issue 7, December 2013 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com A Noval Approach for S/MIME K.Suganya

More information

What Your Mother Didn't Tell You About PEM, DER, PKCS. Eric Norman University of Wisconsin-Madison

What Your Mother Didn't Tell You About PEM, DER, PKCS. Eric Norman University of Wisconsin-Madison What Your Mother Didn't Tell You About PEM, DER, PKCS Eric Norman University of Wisconsin-Madison 1 Audience I'm nuts Some of you might want to bolt Who needs to know? Developers Support personnel diagnose

More information

Web Services. Web Service Security. Copyright 2010 Davide Cerri & Srdjan Komazec

Web Services. Web Service Security. Copyright 2010 Davide Cerri & Srdjan Komazec Web Services Web Service Security Copyright 2010 Davide Cerri & Srdjan Komazec 1 Where Are We? # Title 1 Distributed Information Systems 2 Middleware 3 Web Technologies 4 Web Services 5 Basic Web Service

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Electronic mail. Aka email (Knuth) dr. C. P. J. Koymans. Informatics Institute Universiteit van Amsterdam. November 20, 2007

Electronic mail. Aka email (Knuth) dr. C. P. J. Koymans. Informatics Institute Universiteit van Amsterdam. November 20, 2007 Electronic mail Aka email (Knuth) dr. C. P. J. Koymans Informatics Institute Universiteit van Amsterdam November 20, 2007 dr. C. P. J. Koymans (UvA) Electronic mail November 20, 2007 1 / 31 History of

More information

Managing and Securing Computer Networks. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:

Managing and Securing Computer Networks. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice: Managing and Securing Computer Networks Guy Leduc Chapter 3: Securing applications Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section 8.5)

More information

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures

More information

Sending MIME Messages in LISTSERV DISTRIBUTE Jobs

Sending MIME Messages in LISTSERV DISTRIBUTE Jobs Whitepaper Sending MIME Messages in LISTSERV DISTRIBUTE Jobs August 25, 2010 Copyright 2010 L-Soft international, Inc. Information in this document is subject to change without notice. Companies, names,

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

Internet, intranet and Web Lecture I

Internet, intranet and Web Lecture I Internet, intranet and Web Lecture I Technologies and protocols for application communications Marco Solieri marco.solieri@lipn.univ-paris13.fr Info et Réseaux en Apprentissage, Sup Galilée, Université

More information

Category: Standards Track June 1999

Category: Standards Track June 1999 Network Working Group P. Hoffman, Editor Request for Comments: 2634 Internet Mail Consortium Category: Standards Track June 1999 Status of this Memo Enhanced Security Services for S/MIME This document

More information

FTP and email. Computer Networks. FTP: the file transfer protocol

FTP and email. Computer Networks. FTP: the file transfer protocol Computer Networks and email Based on Computer Networking, 4 th Edition by Kurose and Ross : the file transfer protocol transfer file to/from remote host client/ model client: side that initiates transfer

More information

Securing Web Services with WS-Security

Securing Web Services with WS-Security Securing Web Services with WS-Security Demystifying WS-Security, WS-Policy, SAML, XML Signature and XML Encryption jothy Rosenberg David L. Remy SAMS Sams Publishing, 800 East 96th Street, Indianapolis,

More information

CipherMail Gateway Quick Setup Guide

CipherMail Gateway Quick Setup Guide CIPHERMAIL EMAIL ENCRYPTION CipherMail Gateway Quick Setup Guide October 10, 2015, Rev: 9537 Copyright 2015, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 4 2 Typical setups 4 2.1 Direct delivery............................

More information

SIP Security. ENUM-Tag am 28. September in Frankfurt. Prof. Dr. Andreas Steffen. Agenda. andreas.steffen@zhwin.ch

SIP Security. ENUM-Tag am 28. September in Frankfurt. Prof. Dr. Andreas Steffen. Agenda. andreas.steffen@zhwin.ch ENUM-Tag am 28. September in Frankfurt SIP Security Prof. Dr. Andreas Steffen andreas.steffen@zhwin.ch Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 1 Agenda SIP The Session Initiation Protocol Securing the

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Message authentication and. digital signatures

Message authentication and. digital signatures Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation

More information

Communication Systems SSL

Communication Systems SSL Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security

More information

SECURITY FOR XML MESSAGES

SECURITY FOR XML MESSAGES EAN UCC Implementation Guidelines ebmethodology Group Working Group 4 - WG4 DOCUMENT STATUS: DISCUSSION DRAFT DOCUMENT 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

More information

EE 7376: Introduction to Computer Networks. Homework #3: Network Security, Email, Web, DNS, and Network Management. Maximum Points: 60

EE 7376: Introduction to Computer Networks. Homework #3: Network Security, Email, Web, DNS, and Network Management. Maximum Points: 60 EE 7376: Introduction to Computer Networks Homework #3: Network Security, Email, Web, DNS, and Network Management Maximum Points: 60 1. Network security attacks that have to do with eavesdropping on, or

More information

02267: Software Development of Web Services

02267: Software Development of Web Services 02267: Software Development of Web Services Week 11 Hubert Baumeister huba@dtu.dk Department of Applied Mathematics and Computer Science Technical University of Denmark Fall 2015 1 Contents WS-Policy Web

More information

Simple Mail Transfer Protocol

Simple Mail Transfer Protocol Page 1 of 6 Home : Network Programming Simple Mail Transfer Protocol Contents What is SMTP? Basics of SMTP SMTP Commands Relaying of Messages Time Stamps and Return Path in Message Header Mail Exchangers

More information

Grid Computing - X.509

Grid Computing - X.509 Grid Computing - X.509 Sylva Girtelschmid October 20, 2009 Public Key Infrastructure - PKI PKI Digital Certificates IT infrastructure that provides means for private and secure data exchange By using cryptographic

More information

Specifying the content and formal specifications of document formats for QES

Specifying the content and formal specifications of document formats for QES NATIONAL SECURITY AUTHORITY Version 1.0 Specifying the content and formal specifications of document formats for QES 24 July 2007 No.: 3198/2007/IBEP-013 NSA Page 1/14 This English version of the Slovak

More information

International Journal of Computer Trends and Technology- March to April Issue 2011

International Journal of Computer Trends and Technology- March to April Issue 2011 EMAIL SECURITY PROTOCOL Sunny gill 1, Gaurav Rupnar 1, Vaibhav Ramteke 1,PROF. Dipti Patil 2, Vijay M.Wadhai 3 1 Computer Engineering Department, MIT College of Engineering,Pune 2 Assistant Professor,

More information

Transport Level Security

Transport Level Security Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Ciphire Mail. Abstract

Ciphire Mail. Abstract Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the

More information

CIPHERMAIL EMAIL ENCRYPTION. CipherMail white paper

CIPHERMAIL EMAIL ENCRYPTION. CipherMail white paper CIPHERMAIL EMAIL ENCRYPTION CipherMail white paper Copyright 2009-2014, ciphermail.com. Introduction Most email is sent as plain text. This means that anyone who can intercept email messages, either in

More information

A Guide E-Mail Systems and Security. Brian Donadio. East Carolina University

A Guide E-Mail Systems and Security. Brian Donadio. East Carolina University E-Mail Security 1 A Guide E-Mail Systems and Security Brian Donadio East Carolina University E-Mail Security 2 Abstract Electronic Mail is quite arguably the most important application for personal and

More information

Elements of Security

Elements of Security Elements of Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 15, 2015 Slideset 8: 1 Some Poetry Mary had a little key (It s all she could export)

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013 USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security

More information

Application Example: WWW. Communication in the WWW. WWW, HTML, URL and HTTP. Loading of Web Pages. The Client/Server model is used in the WWW

Application Example: WWW. Communication in the WWW. WWW, HTML, URL and HTTP. Loading of Web Pages. The Client/Server model is used in the WWW Application Example WWW Communication in the WWW In the following application protocol examples for WWW and E-Mail World Wide Web (WWW) Access to linked documents, which are distributed over several computers

More information

Email Security. Issues:

Email Security. Issues: Email Security Email Security Issues: Not real time, can afford to use public key cryptosystems more. Certification of keys is much harder because anyone can send anyone else some mail Strictly end to

More information

Ciphire Mail Email Encryption and Authentication

Ciphire Mail Email Encryption and Authentication Ciphire Mail Email Encryption and Authentication Lars Eilebrecht Ciphire Labs le@ciphirelabs.com Abstract. Ciphire Mail is cryptographic software that provides email encryption and digital signatures.

More information

Internet Technologies Internet Protocols and Services

Internet Technologies Internet Protocols and Services QAFQAZ UNIVERSITY Computer Engineering Department Internet Technologies Internet Protocols and Services Dr. Abzetdin ADAMOV Chair of Computer Engineering Department aadamov@qu.edu.az http://ce.qu.edu.az/~aadamov

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

Computer System Management: Hosting Servers, Miscellaneous

Computer System Management: Hosting Servers, Miscellaneous Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation

More information

Web Services Security SOAP Messages with Attachments (SwA) Profile 1.1

Web Services Security SOAP Messages with Attachments (SwA) Profile 1.1 1 2 3 4 Web Services Security SOAP Messages with Attachments (SwA) Profile 1.1 OASIS Standard, 1 February 2006 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Document identifier:

More information

An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

More information

Unifying Information Security. Implementing Encryption on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing Encryption on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing Encryption on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 4 2 Encryption Options... 5 3 Basics of Encryption... 7 3.1 Public Key... 7 3.2 Private

More information

7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

More information