Prof. Sead Muftic Feng Zhang. Lecture 10: Secure Systems

Transcription

1 Prof. Sead Muftic Feng Zhang Lecture 10: Secure Systems

2 Lecture 10 : Secure E mail Systems Subjects / Topics : 1. Secure E mail systems 2. Secure, Trusted, Authorized and Reliable E Mail System 3. Secure applications based on secure E mail

4 Standard system Components of system are Mail Servers and User Agents (UA)

5 Internet With a standard system a user creates an letter at his/her workstation using UA Header B o d y

6 RFC 822 format From: mit.edu To: sead@ dsv.su.se Subject: Normal letter Date: 10-April-2004 Dear Sead: How are you today? What are you doing?

7 Dear Ahmed: Transmission - SMTP (RFC 821) From: dsv.su.se To: ccvax.ucd.ie Subject: Normal letter Date: 7-July-1993 Dear Ahmed: How are you today? What are you doing? From: dsv.su.se To: ccvax.ucd.ie Subject: Normal letter Date: 7-July-1993 How are you today? What are you doing? From: dsv.su.se To: ccvax.ucd.ie Subject: Normal letter Date: 7-July-1993 Dear Ahmed: How are you today? What are you doing? From: dsv.su.se To: ccvax.ucd.ie Subject: Normal letter Date: 7-July-1993 Dear Ahmed: How are you today? What are you doing? letters are transmitted in clear and during transmission stored at sending and receiving Mail Server

8 Internet potential problems This implies the following problems: The text of the letter may be read by anybody The correct contents of the received letter cannot be guaranteed The sender cannot be authenticated and verified The sender is not certain that the letter will be read only by the intended receiver The sender may repudiate sending the letter or its contents

9 Secure - PEM Header B o d y Confidentiality Integrity (MIC) Sender s Auth Receiver s Auth Non-repudiation

10 PEM principles Header B o d y All security services and parameters are applied to the body of the letter

11 Format of PEM letter From: mit.edu To: dsv.su.se Subject: PEM letter Date: 10-April-2004 PEM header PEM letter text The body of the PEM letter is divided in two parts: PEM header and PEM letter text

12 Types of PEM letters MIC - CLEAR MIC - ONLY and ENCRYPTED From: mit.edu To: sead@ dsv.su.se Subject: PEM letter Date: 10-April-2004 From: mit.edu To: dsv.su.se Subject: PEM letter Date: 10-April-2004 From: mit.edu To: sead@ dsv.su.se Subject: PEM letter Date: 10-April-2004 PEM parameters PEM parameters PEM parameters Dear Sead: How are you? asdfegtylhtr uhgrfdestgpl

13 MIC clear PEM letter Implements Data Integrity, Sender s Authenticity and Non Repudiation (letter contents guarantied) MIC - CLEAR MIC - ONLY and ENCRYPTED From: mit.edu To: dsv.su.se Subject: PEM letter Date: 10-April-2004 From: mit.edu To: dsv.su.se Subject: PEM letter Date: 10-April-2004 From: mit.edu To: sead@ dsv.su.se Subject: PEM letter Date: 10-April-2004 PEM parameters PEM parameters PEM parameters Dear John: How are you? asdfegtylhtr uhgrfdestgpl

14 MIC only PEM letter Implements Data Integrity, Sender s Authenticity and Non Repudiation (letter contents guarantied) MIC - CLEAR MIC - ONLY and ENCRYPTED From: mit.edu To: dsv.su.se Subject: PEM letter Date: 10-April-2004 From: mit.edu To: dsv.su.se Subject: PEM letter Date: 10-April-2004 From: mit.edu To: dsv.su.se Subject: PEM letter Date: 10-April-2004 PEM parameters PEM parameters PEM parameters Dear Sead: How are you? asdfegtylhtr uhgrfdestgpl

15 ENCRYPTED PEM letter Implements Data Integrity, Data Confidentiality, Sender s Authenticity, Receiver s Authenticity and Non Repudiation MIC - CLEAR MIC - ONLY and ENCRYPTED From: mit.edu To: dsv.su.se Subject: PEM letter Date: 10-April-1997 From: mit.edu To: dsv.su.se Subject: PEM letter Date: 10-April-1997 From: mit.edu To: dsv.su.se Subject: PEM letter Date: 10-April-1997 PEM parameters PEM parameters PEM parameters Dear Sead: How are you? asdfegtylhtr uhgrfdestgpl

16 Creating PEM letter Local Form Canonical Form Cryptographic Processing Base64 Encoding

17 Canonical form of a PEM letter ASCII character set <CR><LF> line delimiters

18 Cryptographic processing For MIC-ONLY and MIC-CLEAR type of letters: Calculate MIC (MD2 or MD5) on Canonical Form Sign MIC using Sender s secret key

19 Cryptographic processing For ENCRYPTED type of letters: Calculate MIC over Canonical Form Sign MIC using Sender s secret key Generate random Data Encryption Key - DEK Encrypt the Canonical Form using DEK Encrypt MIC using DEK Protect DEK with Receiver s public key

20 Printable encoding Only for MIC-ONLY and ENCRYPTED type of letters. Base64 coding: Coding to 6 bits per printable character Input 24 bits from 3 bytes are transformed to 24 bits in 4 bytes Output line length - 64 printable characters

21 PEM header RFC 1421 Proc-Type: Content-Domain: DEK-Info: ENCRYPTED MIC-ONLY MIC-CLEAR CRL RFC822 <algorithm id.>, <mode>, <parameters> Originator-ID-Asymmetric: Originator-Certificate: Issuer-Certificate: MIC-Info: Id. of Sender and of Sender s key Sender s certificate Issuer s certificate <MIC alg. id.>, <signing alg. id.>, <protected MIC> Recipient-ID-Asymmetric: Key-Info: Id. of Receiver and Receiver s key <protected DEK>, <protecting alg. id.>

22 Example of PEM letter -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type:4,CRL CRL: MIHeMIGJMA0GCSqGSIb3DQEBAgUAMEgxRjAJBgNVBAYTAlNFMAsGA1UEChMEQ09T VDAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkX Czk1MDMwMjA5MDJaFws5NTA0MDIwOTAyWjASMBACAQAXCzk1MDMwMjA4Mzha8yAw DQYJKoZIhvcNAQECBQADQQAolGV3ahJWeOSL7bFhOl9BIOmhiqtnIAIHjoInFdM1 NM6PjFZMdcE11nOFf8nnh24obKYm/q2y5ZMV8MKdF78B Originator-Certificate: MIIBgjCCASwCBQEXVNaqMA0GCSqGSIb3DQEBAgUAMFIxUDAJBgNVBAYTAnVzMBcG A1UEChMQSW50ZXJuZXQgU29jaWV0eTAqBgNVBAsTI0ludGVybmV0IFBDQSBSZWdp c3ryyxrpb24gqxv0ag9yaxr5mboxczk1mdmwmja5mdjafws5njazmdiwotaywjbi MUYwCQYDVQQGEwJTRTALBgNVBAoTBENPU1QwLAYDVQQLEyVMb3cgQXNzdXJhbmNl IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MFowDQYJKoZIhvcNAQEBBQADSQAwRgJB ALk7mQW6uHi9BuyhqTk1rXRpbWefB6eBlUuNZTLrsV99puwroTNeAt7udJnKfADY YSqzfGZi8cQBIjrZOcS+tZ0CAQMwDQYJKoZIhvcNAQECBQADQQAdwL4R/R0j829o +YTGFDZq114hjKIOvrvJwj0eSiECk/JTYMPPg7+/1Namu8lkV4/IjjDQhIDmZCeP steg28c END PRIVACY-ENHANCED MESSAGE-----

23 Secure - Pretty Good Privacy (PGP) Some text Some text Some text Some text Muftic Muftic Muftic Plaintext uncertified document Digital signature added (MD5/RSA) Document with signature compressed Session key used to encrypt file (IDEA)

24 Pretty Good Privacy (PGP) Some text Muftic Some text Muftic Some text Muftic Session key used to decrypt file to compressed format File uncompressed and signature verified

25 PGP Trust model YOU A B C D E? F G H I

26 Secure - S/MIME Features : - Based on PKCS #7 security services - Combination of MIME messages and PKCS objects - Suitable for binary data (multimedia) - Includes message formatting and certificate handling - International standard (interoperability) - Available with major browsers and mailers

27 S/MIME general format Standard header PKCS-7 object PKCS-7 object

28 S/MIME format example Content-Type: multipart/mixed; boundary=bar --bar Content-Type: text/plain; charset=iso Content-Transfer-Encoding: quoted-printable A1Hola Michael! How do you like the new S/MIME standard? I agree. It's generally a good idea to encode lines that begin with From=20because some mail transport agents will insert a greaterthan (>) sign, thus invalidating the signature. Also, in some cases it might be desirable to encode any =20 trailing whitespace that occurs on lines in order to ensure =20 that the message signature is not invalidated when passing =20 a gateway that modifies such whitespace (like BITNET). =20 --bar Content-Type: application/wally-wiggle iqcvawubmjrrf2n9owbghpdjaqe9uqqatl7lurvndbjrk4eqybib3h5qxix/lc// jjv5bnvkzigpicemi5ifd9boegvpirhtireeqlqrkynobactfbzmh9gc3c041wgq umbrbxc+nis1tikla08rvi9ig/2yh7lfrk5ein57u/w72vgsxlhe/zhdfolt9brn HOxEa44b+EI= =ndaj --bar--

29 S/MIME file extensions S/MIME Type application/pkcs7-mime (signeddata, envelopeddata) application/pkcs7-mime (degenerate signeddata "certs-only" message) application/pkcs7-signature File Extension.p7m.p7c.p7s application/pkcs10.p10

30 S/MIME signed message Content-type: application/mime; content-type="multipart/signed"; protocol="application/pkcs7-signature"; micalg=rsa-md5; name=smime.aps Content-disposition: attachment; filename=smime.aps Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=rsa-md5; boundary=boundary42 --boundary42 Content-Type: text/plain This is a very short clear-signed message. However, at least you can read it! --boundary42 Content-Type: application/pkcs7-signature Content-Transfer-Encoding: base64 ghyhhhuujhjhjh77n8hhgtrfvbnj756tbb9hg4vqpfyf467ghigfhfyt6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8hhgtrfvhjhjh776tbb9hg4vqbnj7567ghigfhfyt6ghyhhhuujpfyf4 7GhIGfHfYT64VQbnj756 --boundary42--

32 Problems in Current Systems Problems : Weak Authentication Protection of mail boxes and letters on server from SPAM Unauthorized (SPAM) Contents of address book confirmation E mail is main source for distribution of malicious and dangerous content

33 Requirements for Secure Requirements: Efficient Handling of attachments Current status of letter (Confirmations) Handling of certificates Integration with smart cards Sending and receiving authorization Cross domain bilateral or multilateral arrangements

34 Layers: Secure Systems Secure Infrastructure Credential Server Secure Server Secure Client

35 Layer-1: Secure Client Standard Mailing Functions Handling of Certificates Standard Security Services Secure Address Book Confirmations Strong Authentication With SEM Server Handling of Attachments Management of Authorizarion

36 Layer 2: Secure E Mail Servers Handling of Certificates Handling of Address Book Encryption Keys Confirmations Strong Authentication Handling of Attachments Management and Enforcement of Authorizations

37 Issuing PKI Server SAML Policy Server Layer 3: Credentials Servers

38 Layer 4: PKI and SMI Servers PKI Servers SMI Servers Federation Validation

39 Secure System: Design and Implementation SMTP/POP3 Standard Server user User Interface A C T I O N S Handler L I S T E N E R S Strong Authentication Session management Message Handler Address book Manager T R A N S P O R T E R T R A N S P O R T E R Strong Authentication Session management Message Handler Handler L I S T E N E R S A C T I O N S User Interface Server Admin Address book Manager Security Manager Storage Manager Symmetric Key SMIME Cert proto PKCS7 DistinguishedName Certificate Hash Storage Manager Symmetric Key SMIME Cert proto PKCS7 DistinguishedName Certificate Hash Header SessionID Data(PKCS7)

40 Graphical User Interface

41 Graphical User Interface

42 S/MIME Message: SignedAndEncrypted Return-Path: Message-ID: MIME-Version: 1.0 Delivered-To: Received: from l884.dsv.su.se ([ ]) by sec-office (JAMES SMTP Server 2.3.1) with SMTP ID 184 for Tue, 28 Oct :11: (PDT) Content-Disposition: attachment; filename="smime.p7m" Content-Type: application/x-pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64 From: To: Subject: Signed and encrypted message Date: Tue, 28 Oct :14: (CET) MIIoOwYJKoZIhvcNAQcDoIIoLDCCKCgCAQAxggE7MIIBNwIBADCBnzCBmTELMAkGA1UEBhMCVVMx

43 S/MIME Message: Signed Return-Path: Delivered-To: Received: from l884.dsv.su.se ([ ]) by sec-office (JAMES SMTP Server 2.3.1) with SMTP ID 175 for Tue, 28 Oct :10: (PDT) Date: Tue, 28 Oct :13: (CET) From: To: Message-ID: Subject: Signed message MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary=" dsvseclab-sem-agent384282" Content-Transfer-Encoding: 7bit This is a cryptographically signed message in MIME format dsv-seclab-sem-agent Content-Type: text/plain; charset=iso ; format=flowed Content-Transfer-Encoding: 7bit This is a signed message from aghafoor to agha dsv-seclab-sem-agent MIME-Version: 1.0 Content-Disposition: attachment; filename="smime.p7m" Content-Type: application/x-pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64 MIIbcwYJKoZIhvcNAQcCoIIbZDCCG2ACAQExCzAJBgUrDgMCGgUAMEEGCSqGSIb3

44 MS Outlook Security Configuration

45 Mozilla Thunderbird Security Configuration

47 Business applications based on secure E mail

48 Questions Demonstration