Lecture 10: 1. Secure E mail E systems. Systems. Page 1



Similar documents
Prof. Sead Muftic Feng Zhang. Lecture 10: Secure Systems

4.1: Securing Applications Remote Login: Secure Shell (SSH) PEM/PGP. Chapter 5: Security Concepts for Networks

Electronic Mail Security

Electronic mail security. MHS (Message Handling System)

Chapter 6 Electronic Mail Security

Cryptography and Network Security Chapter 15

Network Security Essentials Chapter 7

Electronic Mail Security. Security. is one of the most widely used and regarded network services currently message contents are not secure

PGP from: Cryptography and Network Security

International Journal of Computer Trends and Technology- March to April Issue 2011

Electronic Mail Security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Managing and Securing Computer Networks. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:

Security. Issues:

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

A Noval Approach for S/MIME

Grid Computing - X.509

Category: Standards Track June 1999

What Your Mother Didn't Tell You About PEM, DER, PKCS. Eric Norman University of Wisconsin-Madison

Network Working Group. R. Levien University of California at Berkeley T. Roessler August 2001

security. Mag. iur. Dr. techn. Michael Sonntag

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

SIP Security. ENUM-Tag am 28. September in Frankfurt. Prof. Dr. Andreas Steffen. Agenda.

Cryptography and Network Security

Secure System for Cloud Portals

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

Understanding digital certificates

to hide away details from prying eyes. Pretty Good Privacy (PGP) utilizes many

Page 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file

EE 7376: Introduction to Computer Networks. Homework #3: Network Security, , Web, DNS, and Network Management. Maximum Points: 60


Cryptography and Security

Security. Why do we have to hide from the police, Daddy? Because we use PGP, son. They use S/MIME

GlobalSign Enterprise Solutions

Taxonomy of Security Protocol

The Electronic Postcard. By Daniel Herren

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

. MIME is the protocol that was devised to allow non-ascii encoded content in an and attached files to an .

Software and Cloud Security

Unifying Information Security. Implementing Encryption on the CLEARSWIFT SECURE Gateway

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Installing your Digital Certificate & Using on MS Out Look 2007.

Ciphermail for BlackBerry Reference Guide

Secure Client Applications

Savitribai Phule Pune University

DATEVe:secure MAIL V1.1. ISIS-MTT-Assessment Report

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

NetSec Exercise 8 Communication Mixes

PrivaSphere Gateway Certificate Authority (GW CA)

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Chapter 8. Network Security

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

IBM Client Security Solutions. Client Security User's Guide

PGP - Pretty Good Privacy

Options for encrypted communication with AUDI AG Version of: 31 May 2011

SubmitedBy: Name Reg No Address. Mirza Kashif Abrar T079 kasmir07 (at) student.hh.se

Number of relevant issues

Why you need secure

Ciphermail Gateway Administration Guide

Security: PGP (Pretty Good Privacy) & PEM (Privacy-Enhanced Mail)

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Chapter 10. Network Security

Lecture 9 - Network Security TDTS (ht1)

How To Encrypt With An Certificate On An From A Gmail Account On A Pc Or Mac Or Ipa (For A Pc) On A Microsoft Gmail (For An Ipa) Or Ipad (For Mac) On

Best Practices

CryptoNET: Security Management Protocols

Djigzo S/MIME setup guide

Ciphermail S/MIME Setup Guide

Electronic mail security. MHS (Message Handling System) on multi-user systems. Antonio Lioy - Politecnico di Torino ( ) 1

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate (Personal eid) WISeKey 2010 / Alinghi 2010 Smartcards

E-Commerce: Designing And Creating An Online Store

Public Key Infrastructure

Electronic mail security

CS549: Cryptography and Network Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Security. Michael E. Locasto University of Calgary

An Introduction to Cryptography as Applied to the Smart Grid

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

SECURE ANALYSIS OF EXISTING IMPLEMENTATIONS OF S/MIME & PGP. Final Specification

mod_ssl Cryptographic Techniques

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Secure Data Exchange Solution

Information Security

Network Security - ISA 656 Security

Electronic Mail

Standards and Products. Computer Security. Kerberos. Kerberos

Network Security Protocols

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Receiving Secure from Citi For External Customers and Business Partners

Chapter 32 Internet Security

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide

Is your data safe out there? -A white Paper on Online Security

TCS-CA. Outlook Express Configuration [VERSION 1.0] U S E R G U I D E

Federal S/MIME V3 Client Profile

IT Networks & Security CERT Luncheon Series: Cryptography

Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

Transcription:

1 2 Prof. Sead Matei Ciobanu Morogan Abdul Ghafoor Abbasi Lecture 10: Secure E-mailE Lecture 10 : Secure E mail E Subjects / opics : 1. Secure E mail E systems 2. Secure, rusted, Authorized and eliable E E Mail System 3. Secure applications based on secure E maile 3 4 Standard E-mail E system Lecture 10 : Secure E mail E Subjects / opics : 1. Secure E mail E systems 2. Secure, rusted, Authorized and eliable E E Mail System 3. Secure applications based on secure E maile Components of E-mail system are Mail Servers and User Agents (UA) 5 Internet E-mail E 6 FC 822 E-mail E format With a standard E-mail system a user creates an E-mail E letter at his/her workstation using UA Header B o d y o: sead@ dsv.su.se Dear Sead: Page 1 1

From: sead @ dsv.su.se o: APAEL @ ccvax.ucd.ie Date: 7-July-1993 Dear Ahmed: From: sead @ dsv.su.se o: APAEL @ ccvax.ucd.ie Date: 7-July-1993 Dear Ahmed: From: sead @ dsv.su.se o: APAEL @ ccvax.ucd.ie Date: 7-July-1993 Dear Ahmed: From: sead @ dsv.su.se o: APAEL @ ccvax.ucd.ie Date: 7-July-1993 Dear Ahmed: 7 ransmission - SMP (FC 821) 8 Internet E-mail E potential problems his implies the following problems: he of the letter may be read by anybody he correct contents of the received letter cannot be guaranteed he sender cannot be authenticated and verified he sender is not certain that the letter will be read only by the intended receiver he sender may repudiate sending the letter or its contents E-mail letters are transmitted in clear and during transmission stored at sending and receiving Mail Server 9 Secure Email - PEM 10 PEM principles Header B o d y Confidentiality Integrity (MIC) Sender s s Auth eceiver s s Auth Non-repudiation Header B o d y All security services and parameters are applied to the body of the letter 11 Format of PEM letter 12 ypes of PEM letters PEM header PEM letter he body of the PEM letter is divided in two parts: PEM header and PEM letter MIC - CLEA o: sead@ dsv.su.se Dear Sead: How are you? MIC - ONLY asdfegtylh uhgfdestgpl and ENCYPED o: sead@ dsv.su.se Page 2 2

13 MIC clear PEM letter 14 MIC only PEM letter Implements Data Integrity, Sender s s Authenticity and Non epudiation (letter contents guarantied) MIC - CLEA MIC - ONLY and ENCYPED Implements Data Integrity, Sender s s Authenticity and Non epudiation (letter contents guarantied) MIC - CLEA MIC - ONLY and ENCYPED o: sead@ dsv.su.se Dear John: How are you? asdfegtylh uhgfdestgpl Dear Sead: How are you? asdfegtylh uhgfdestgpl 15 ENCYPED PEM letter 16 Creating PEM letter Implements Data Integrity, Data Confidentiality, Sender s Authenticity, eceiver s s Authenticity and Non epudiation MIC - CLEA MIC - ONLY and ENCYPED Local Form Canonical Form April-1997 April-1997 April-1997 Cryptographic Processing Dear Sead: How are you? asdfegtylh uhgfdestgpl Base64 Encoding 17 Canonical form of a PEM letter 18 Cryptographic processing For MIC-ONLY and MIC-CLEA CLEA type of letters: ASCII character set <C><LF> line delimiters Calculate MIC (MD2 or MD5) on Canonical Form Sign MIC using Sender s s secret key Page 3 3

19 Cryptographic processing 20 Printable encoding For ENCYPED type of letters: Only for MIC-ONLY and ENCYPED type of letters. Calculate MIC over Canonical Form Sign MIC using Sender s s secret key Generate random Data Encryption Key - DEK Encrypt the Canonical Form using DEK Encrypt MIC using DEK Protect DEK with eceiver s s public key Base64 coding: Coding to 6 bits per printable character Input 24 bits from 3 bytes are transformed to 24 bits in 4 bytes Output line length - 64 printable characters 21 PEM header FC 1421 22 Example of PEM letter Proc-ype: Content-Domain: DEK-Info: ENCYPED MIC-ONLY MIC-CLEA CL FC822 <algorithm id.>, <mode>, <parameters> Originator-ID ID-Asymmetric: Originator-Certificate: Issuer-Certificate: MIC-Info: Info: Id. of Sender and of Sender s key Sender s certificate Issuer s certificate <MIC alg. id.>, <signing alg. id.>, <protected MIC> ecipient-id ID-Asymmetric: Key-Info: Id. of eceiver and eceiver s key <protected DEK>, <protecting alg. id.> -----BEGIN PIVACY-ENHANCED MESSAGE----- Proc-ype:4,CL CL: MIHeMIGJMA0GCSqGSIb3DQEBAgUAMEgxjAJBgNVBAYAlNFMAsGA1UEChMEQ09 VDAsBgNVBAsJUxvdyBBc3N1cmFuY2UgQ2VydGlmaWNhdGlvbiBBdXob3JpdHkX Czk1MDMwMjA5MDJaFws5NA0MDIwOAyWjASMBACAQAXCzk1MDMwMjA4Mzha8yAw DQYJKoZIhvcNAQECBQADQQAolGV3ahJWeOSL7bFhOl9BIOmhiqtnIAIHjoInFdM1 NM6PjFZMdcE11nOFf8nnh24obKYm/q2y5ZMV8MKdF78B Originator-Certificate: MIIBgjCCASwCBQEXVNaqMA0GCSqGSIb3DQEBAgUAMFIxUDAJBgNVBAYAnVzMBcG A1UEChMQSW50ZXJuZXQgU29jaWV0eAqBgNVBAsI0ludGVybmV0IFBDQSBSZWdp c3yyxpb24gqxv0ag9yax5mboxczk1mdmwmja5mdjafws5njazmdiwoaywjbi MUYwCQYDVQQGEwJALBgNVBAoBENPU1QwLAYDVQQLEyVMb3cgQXNzdXJhbmNl IENlcnpZmljYXpb24gQXV0aG9yaX5MFowDQYJKoZIhvcNAQEBBQADSQAwgJB ALk7mQW6uHi9Buyhqk1rXpbWefB6eBlUuNZLrsV99puwroNeAt7udJnKfADY YSqzfGZi8cQBIjrZOcS+tZ0CAQMwDQYJKoZIhvcNAQECBQADQQAdwL4/0j829o +YGFDZq114hjKIOvrvJwj0eSiECk/JYMPPg7+/1Namu8lkV4/IjjDQhIDmZCeP steg28c9 -----END PIVACY-ENHANCED MESSAGE----- 23 Secure Email - Pretty Good Privacy (PGP) 24 Pretty Good Privacy (PGP) Plain uncertified document Digital signature added (MD5/SA) Document with signature compressed Session key used to encrypt file (IDEA) Session key used to decrypt file to compressed format File uncompressed and signature verified Page 4 4

25 PGP rust model 26 Secure Email - S/MIME YOU Features : - Based on PKCS #7 security services - Combination of MIME messages and PKCS objects A B C D E - Suitable for binary data (multimedia) F G H I? - Includes message formatting and certificate handling - International standard (interoperability) - Available with major browsers and mailers 27 S/MIME general format 28 S/MIME format example Content-ype: multipart/mixed; boundary=bar --bar Content-ype: /plain; charset=iso-8859-1 Content-ransfer-Encoding: quoted-printable Standard header PKCS-7 object PKCS-7 object A1Hola Michael! How do you like the new S/MIME standard? I agree. It's generally a good idea to encode lines that begin with From=20because some mail transport agents will insert a greaterthan (>) sign, thus invalidating the signature. Also, in some cases it might be desirable to encode any =20 trailing whitespace that occurs on lines in order to ensure =20 that the message signature is not invalidated when passing =20 a gateway that modifies such whitespace (like BINE). =20 --bar Content-ype: application/wally-wiggle iqcvawubmjrf2n9owbghpdjaqe9uqqatl7luvndbjrk4eqybib3h5qxix/lc// jjv5bnvkzigpicemi5ifd9boegvpirhtieeqlqkynobactfbzmh9gc3c041wgq umbrbxc+nis1ikla08rvi9ig/2yh7lfrk5ein57u/w72vgsxlhe/zhdfol9brn HOxEa44b+EI= =ndaj --bar-- 29 S/MIME file extensions 30 S/MIME signed message S/MIME ype application/pkcs7-mime (signeddata, envelopeddata) File Extension.p7m Content-type: application/mime; content-type="multipart/signed"; protocol="application/pkcs7-signature"; micalg=rsa-md5; name=smime.aps Content-disposition: attachment; filename=smime.aps Content-ype: multipart/signed; protocol="application/pkcs7-signature"; micalg=rsa-md5; boundary=boundary42 application/pkcs7-mime.p7c (degenerate signeddata "certs-only" message) application/pkcs7-signature.p7s application/pkcs10.p10 --boundary42 Content-ype: /plain his is a very short clear-signed message. However, at least you can read it! --boundary42 Content-ype: application/pkcs7-signature Content-ransfer-Encoding: base64 ghyhhhuujhjhjh77n8hhgrfvbnj756tbb9hg4vqpfyf467ghigfhfy6 4VQpfyF467GhIGfHfY6jH77n8HHGghyHhHUujhJh756tbB9HGrfvbnj n8hhgrfvhjhjh776tbb9hg4vqbnj7567ghigfhfy6ghyhhhuujpfyf4 7GhIGfHfY64VQbnj756 --boundary42-- Page 5 5

31 32 Problems in Current Email Lecture 10 : Secure E mail E Subjects / opics : 1. Secure E mail E systems 2. Secure, rusted, Authorized and eliable E E Mail System 3. Secure applications based on secure E maile Problems : Weak Authentication Protection of mail boxes and email letters on email server from SPAM email Unauthorized email (SPAM) Contents of address book Email confirmation E mail is main source for distribution of malicious and dangerous content 33 equirements for Secure Email 34 Layers: Secure Email equirements: Secure E-Mail Infrastructure Efficient Handling of attachments Current status of email letter (Confirmations) Handling of certificates Integration with smart cards Sending and receiving authorization Cross domain bilateral or multilateral arrangements Credential Server Secure E-Mail Server Secure E-Mail Client 35 Layer-1: Secure E-Mail E Client 36 Layer 2: Secure E Mail E Servers Standard Mailing Functions Handling of Certificates Standard Security Services Secure Address Book Confirmations Strong Authentication With SEM Server Handling of Attachments Management of Authorizarion Handling of Certificates Handling of Address Book Encryption Keys Confirmations Strong Authentication Handling of Attachments Management and Enforcement of Authorizations Page 6 6

37 Layer 3: Credentials Servers 38 Layer 4: PKI and SMI Servers Issuing PKI Server SAML Policy Server PKI Servers SMI Servers Federation Validation 39 Secure Email System: Design and Implementation 40 Graphical User Interface SMP/POP3 Standard Email Server A L I C S User I E Email user Interface O N E N S S Email Handler Strong Authentication Session management Message Handler Address book A N S P O E A N S P O E Strong Authentication Session management Message Handler Email Handler L A I S C User Interface E I N O Security E Server N S S Admin Address book Storage Symmetric Key SMIME Cert proto PKCS7 DistinguishedName Certificate Hash Storage Symmetric Key SMIME Cert proto PKCS7 DistinguishedName Certificate Hash Header SessionID Data(PKCS7) 41 Graphical User Interface 42 S/MIME Message: SignedAndEncrypted eturn-path: <aghafoor@130.237.158.247> Message-ID: <15206040.11225246288906.JavaMail.sead@sec-office> MIME-Version: 1.0 Delivered-o: aghafoor@130.237.158.247 eceived: from l884.dsv.su.se ([130.237.158.18]) by sec-office (JAMES SMP Server 2.3.1) with SMP ID 184 for <aghafoor@130.237.158.247>; ue, 28 Oct 2008 19:11:28-0700 (PD) Content-Disposition: attachment; filename="smime.p7m" Content-ype: application/x-pkcs7-mime; name="smime.p7m" Content-ransfer-Encoding: base64 From: aghafoor@130.237.158.247 o: aghafoor@130.237.158.247 Subject: Signed and encrypted message Date: ue, 28 Oct 2008 18:14:04 +0100 (CE) MIIoOwYJKoZIhvcNAQcDoIIoLDCCKCgCAQAxggE7MIIBNwIBADCBnzCBmELMAkGA1UEBhMCVVMx Page 7 7

43 S/MIME Message: Signed 44 MS Outlook Security Configuration eturn-path: <aghafoor@130.237.158.247> Delivered-o: agha@130.237.158.247 eceived: from l884.dsv.su.se ([130.237.158.18]) by sec-office (JAMES SMP Server 2.3.1) with SMP ID 175 for <agha@130.237.158.247>; ue, 28 Oct 2008 19:10:47-0700 (PD) Date: ue, 28 Oct 2008 18:13:23 +0100 (CE) From: aghafoor@130.237.158.247 o: agha@130.237.158.247 Message-ID: <31936094.11225214003474.JavaMail.aghafoor@L884> Subject: Signed message MIME-Version: 1.0 Content-ype: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------dsvseclab-sem-agent384282" Content-ransfer-Encoding: 7bit his is a cryptographically signed message in MIME format. --------------dsv-seclab-sem-agent384282 Content-ype: /plain; charset=iso-8859-1; format=flowed Content-ransfer-Encoding: 7bit his is a signed message from aghafoor to agha --------------dsv-seclab-sem-agent384282 MIME-Version: 1.0 Content-Disposition: attachment; filename="smime.p7m" Content-ype: application/x-pkcs7-mime; name="smime.p7m" Content-ransfer-Encoding: base64 MIIbcwYJKoZIhvcNAQcCoIIbZDCCG2ACAQExCzAJBgUrDgMCGgUAMEEGCSqGSIb3 45 46 Mozilla hunderbird Security Configuration Lecture 10 : Secure E mail E Subjects / opics : 1. Secure E mail E systems 2. Secure, rusted, Authorized and eliable E E Mail System 3. Secure applications based on secure E maile 47 Business applications based on secure E mail E 48 Questions? Demonstration Page 8 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information