Lecture 10: 1. Secure E mail E systems. Systems. Page 1

(1)

S. Muftic / M. Ciobanu Morogan Computer Networks Secu

S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 11

Lecture 10:

Secure E

-

mail

Systems

Prof. Sead Muftic

Matei Ciobanu Morogan

Abdul Ghafoor Abbasi

Lecture 10 :

Secure E

–

mail Systems

Subjects / Topics :

1. Secure E

–

mail systems

2.

2. Secure, Trusted, Authorized and Reliable E

Secure, Trusted, Authorized and Reliable E

–

Mail System

3. Secure applications based on secure E

–

mail

Lecture 10 :

Secure E

–

mail Systems

Subjects / Topics :

1. Secure E

–

mail systems

2.

2. Secure, Trusted, Authorized and Reliable E

Secure, Trusted, Authorized and Reliable E

–

Mail System

3. Secure applications based on secure E

–

mail

Components of E-mail system are

Mail Servers and User Agents (UA)

Standard E

-

mail system

Header

B o d y

With a standard

E

E-

-mail system

mail system

a user creates

an E

an E-

-mail letter

mail letter

at his/her

workstation

using UA

Internet E

-

mail

Dear Sead:

How are you today ?

What are you doing ?

From:

john @

john @ mit.edu

mit.edu

To:

sead@ dsv.su.se

Subject:

Normal letter

Date:

10-

10 -April

April-

-2004

2004

RFC 822 E

(2)

Dear Ahmed: How are you today ? What are you doing ? From: From: sead @ dsv.su.se sead @ dsv.su.se To: To: Subject: Subject: APATEL @ APATEL @ Normal letter Normal letter ccvax.ucd.ieccvax.ucd.ie

Date: Date: 77--JulyJuly--1993 1993

Dear Ahmed: How are you today ?What are you doing ? From: From: sead @ dsv.su.se sead @ dsv.su.se To: To: APATEL @ APATEL @ ccvax.ucd.ieccvax.ucd.ie Subject: Subject: Date: Date: Normal letter Normal letter 77--JulyJuly--1993 1993

E-mail letters are transmitted in clear and during transmission

stored at sending and receiving Mail Server

Transmission

-

SMTP (RFC 821)

This implies the following problems:

The text of the letter may be read by anybody

The correct contents of the received letter

cannot be guaranteed

The sender cannot be authenticated and verified

The sender is not certain that the letter will be

read only by the intended receiver

The sender may repudiate sending the letter

or its contents

Internet E

-

mail

–

potential problems

•

• Confidentiality

Confidentiality

•

• Integrity (MIC)

Integrity (MIC)

•

• Sender

Sender

’

s Auth

•

• Receiver

Receiver

’

s Auth

•

• Non

Non

-

repudiation

Header

B o d y

Secure Email

-

PEM

S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 1010

All security

services and

parameters

are applied

to the body

of the letter

Header

B o d y

PEM principles

The body of

the PEM letter is

divided in two parts:

PEM header

and

From:

From: john @

john @

mit.edu

To:

To: sead @ dsv.su.se

sead @ dsv.su.se

Subject:

Subject: PEM letter

PEM letter

Date:

Date: 10

10 -

-

April

-

2004

PEM header

Format of PEM letter

PEM parameters

and ENCRYPTED

PEM parameters

MIC

-

ONLY

PEM parameters

MIC

-

CLEAR

From:

From: john @ john @ mit.edumit.edu

To:

To: sead@ dsv.su.se sead@ dsv.su.se

Subject:

Subject: PEM letter PEM letter

Date:

Date: 1010--AprilApril--20042004

From:

To:

To: sead @ dsv.su.se sead @ dsv.su.se

Subject:

Date:

Date: 1010--AprilApril--2004 2004

From:

To:

Subject:

Date:

Date: 1010--AprilApril--20042004

Types of PEM letters

(3)

PEM parameters

⌧

and ENCRYPTED

PEM parameters

aSDfegtylhTR

uhGRfDestGPL

MIC

-

ONLY

PEM parameters

Dear John:

How are you ?

MIC

-

CLEAR

From:

To:

Subject:

Date:

Date: 1010--AprilApril--2004 2004

From:

To:

Subject:

Date:

Date: 1010--AprilApril--2004 2004

From:

To:

Subject:

Date:

Date: 1010--AprilApril--2004 2004

Implements Data Integrity, Sender

’

s Authenticity

and Non Repudiation (letter contents guarantied)

MIC

–

clear PEM letter

PEM parameters

⌧

and ENCRYPTED

PEM parameters

aSDfegtylhTR

uhGRfDestGPL

MIC

-

ONLY

PEM parameters

Dear Sead:

How are you ?

MIC

-

CLEAR

From:

To:

Subject:

Date:

Date: 1010--AprilApril--2004 2004

From:

To:

Subject:

Date:

Date: 1010--AprilApril--20042004

From:

To:

Subject:

Date:

Date: 1010--AprilApril--2004 2004

Implements Data Integrity, Sender

’

s Authenticity

and Non Repudiation (letter contents guarantied)

MIC

–

only PEM letter

⌧

and ENCRYPTED

PEM parameters

aSDfegtylhTR

uhGRfDestGPL

MIC

-

ONLY

PEM parameters

Dear Sead:

How are you ?

MIC

-

CLEAR

PEM parameters

From:

To:

Subject:

Date:

Date: 1010--AprilApril--1997 1997

From:

To:

Subject:

Date:

Date: 1010--AprilApril--1997 1997

From:

To:

Subject:

Date:

Date: 1010--AprilApril--1997 1997

Implements Data Integrity, Data Confidentiality, Sender

’

s

Authenticity, Receiver

’

s Authenticity and Non Repudiation

ENCRYPTED PEM letter

Local Form

Canonical Form

Cryptographic Processing

Base64 Encoding

Creating PEM letter

•

• ASCII character set

ASCII character set

•

• <CR><LF> line delimiters

<CR><LF> line delimiters

Canonical form of a PEM letter

For MIC

-

ONLY and MIC

-

CLEAR type of letters:

•

• Calculate MIC (MD2 or MD5) on Canonical Form

Calculate MIC (MD2 or MD5) on Canonical Form

•

• Sign MIC using Sender

Sign MIC using Sender

’

s secret key

Cryptographic processing

(4)

For ENCRYPTED type of letters:

•

• Calculate MIC over Canonical Form

Calculate MIC over Canonical Form

•

• Sign MIC using Sender

Sign MIC using Sender

’

s secret key

•

• Generate random Data Encryption Key

Generate random Data Encryption Key

-

DEK

•

• Encrypt the Canonical Form using DEK

Encrypt the Canonical Form using DEK

•

• Encrypt MIC using DEK

Encrypt MIC using DEK

•

• Protect DEK with Receiver

Protect DEK with Receiver

’

s public key

Cryptographic processing

Base64 coding:

•

• Coding to 6 bits per printable character

Coding to 6 bits per printable character

•

• Input 24 bits from 3 bytes are transformed

Input 24 bits from 3 bytes are transformed

to 24 bits in 4 bytes

•

• Output line length

Output line length

-

64 printable characters

Only for MIC

-

ONLY and ENCRYPTED type of letters.

Printable encoding

Proc

-

Type:

ENCRYPTED | MIC-ONLY | MIC-CLEAR | CRL

Content

-

Domain:

RFC822

DEK

-

Info:

<algorithm id.>, <mode>, <parameters>

Originator

-

ID

-

Asymmetric:

Id. of Sender and of Sender’s key

Originator

-

Certificate:

Sender’s certificate

Issuer

-

Certificate:

Issuer’s certificate

MIC

-

Info:

<MIC alg. id.>, <signing alg. id.>, <protected MIC>

Recipient

-

ID

-

Asymmetric:

Id. of Receiver and Receiver’s key

Key

-

Info:

<protected DEK>, <protecting alg. id.>

PEM header

–

RFC 1421

---BEGIN PRIVACY-ENHANCED MESSAGE---Proc-Type:4,CRL CRL: MIHeMIGJMA0GCSqGSIb3DQEBAgUAMEgxRjAJBgNVBAYTAlNFMAsGA1UEChMEQ09T VDAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkX Czk1MDMwMjA5MDJaFws5NTA0MDIwOTAyWjASMBACAQAXCzk1MDMwMjA4Mzha8yAw DQYJKoZIhvcNAQECBQADQQAolGV3ahJWeOSL7bFhOl9BIOmhiqtnIAIHjoInFdM1 NM6PjFZMdcE11nOFf8nnh24obKYm/q2y5ZMV8MKdF78B Originator-Certificate: MIIBgjCCASwCBQEXVNaqMA0GCSqGSIb3DQEBAgUAMFIxUDAJBgNVBAYTAnVzMBcG A1UEChMQSW50ZXJuZXQgU29jaWV0eTAqBgNVBAsTI0ludGVybmV0IFBDQSBSZWdp c3RyYXRpb24gQXV0aG9yaXR5MBoXCzk1MDMwMjA5MDJaFws5NjAzMDIwOTAyWjBI MUYwCQYDVQQGEwJTRTALBgNVBAoTBENPU1QwLAYDVQQLEyVMb3cgQXNzdXJhbmNl IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MFowDQYJKoZIhvcNAQEBBQADSQAwRgJB ALk7mQW6uHi9BuyhqTk1rXRpbWefB6eBlUuNZTLrsV99puwroTNeAt7udJnKfADY YSqzfGZi8cQBIjrZOcS+tZ0CAQMwDQYJKoZIhvcNAQECBQADQQAdwL4R/R0j829o +YTGFDZq114hjKIOvrvJwj0eSiECk/JTYMPPg7+/1Namu8lkV4/IjjDQhIDmZCeP stEG28C9

---END PRIVACY-ENHANCED

MESSAGE---Example of PEM letter

Example of PEM letter

Some

text

Muftic

Document

with

Digital

signature

Plaintext

uncertified

Some

text

Some

text

Some

text

Session key

used to

Muftic Muftic

Secure Email

-

Pretty Good Privacy (PGP)

File uncompressed

and signature

Some

text

Some

text

Some

text

Session key used to

decrypt file to

Muftic

_Muftic

Pretty Good Privacy (PGP)

(5)

?

YOU

A

G

F

E

D

C

B

I

H

PGP Trust model

- Based on PKCS #7 security services

- Combination of MIME messages and PKCS objects

- Suitable for binary data (multimedia)

- Includes message formatting and certificate handling

- International standard (interoperability)

- Available with major browsers and mailers

Secure Email

-

S/MIME

Features :

Standard header

PKCS-7 object

S/MIME general format

Content-Type: multipart/mixed; boundary=bar

--bar

Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable

A1Hola Michael!

How do you like the new S/MIME standard?

I agree. It's generally a good idea to encode lines that begin with From=20because some mail transport agents will insert a than (>) sign, thus invalidating the signature.

Also, in some cases it might be desirable to encode any =20 trailing whitespace that occurs on lines in order to ensure =20 that the message signature is not invalidated when passing =20 a gateway that modifies such whitespace (like BITNET). =20

--bar Content-Type: application/wally-wiggle iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn HOxEa44b+EI= =ndaj

--bar--S/MIME format

S/MIME format

–

example

S/MIME Type File Extension

application/pkcs7-mime .p7m

(signedData, envelopedData)

application/pkcs7-mime .p7c

(degenerate signedData

"certs-only" message)

application/pkcs7-signature .p7s

application/pkcs10 .p10

S/MIME

–

file extensions

Content-type: application/mime; content-type="multipart/signed"; protocol="application/pkcs7-signature";

micalg=rsa-md5; name=smime.aps

Content-disposition: attachment; filename=smime.aps

Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=rsa-md5; boundary=boundary42

--boundary42 Content-Type: text/plain

This is a very short clear-signed message. However, at least you can read it!

--boundary42 Content-Type: application/pkcs7-signature Content-Transfer-Encoding: base64 ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756

--boundary42--S/MIME

(6)

Lecture 10 :

Secure E

–

mail Systems

Subjects / Topics :

1. Secure E

–

mail systems

2.

2. Secure, Trusted, Authorized and Reliable E

Secure, Trusted, Authorized and Reliable E

–

Mail System

3. Secure applications based on secure E

–

mail

Problems in Current Email Systems

− Weak Authentication

− Protection of mail boxes and email letters on email

server from SPAM email

− Unauthorized email (SPAM)

− Contents of address book

− Email confirmation

− E–mail is main source for distribution of malicious

and dangerous content

Problems :

Requirements for Secure Email

− Efficient Handling of attachments

− Current status of email letter (Confirmations)

− Handling of certificates

− Integration with smart cards

− Sending and receiving authorization

− Cross–domain bilateral or multilateral arrangements

Requirements:

Layers: Secure Email Systems

Secure E-Mail Infrastructure

Credential Server

Secure E-Mail Server

Secure E-Mail Client

Layer

-

1: Secure E

-

Mail Client

•

• Standard Mailing Functions

Standard Mailing Functions

•

• Confirmations

Confirmations

•

• Strong Authentication With

Strong Authentication With

Layer 2: Secure E

–

Mail Servers

•

(7)

Layer 3: Credentials Servers

•

• Issuing PKI Server

Issuing PKI Server

•

• SAML Policy Server

SAML Policy Server

Layer 4: PKI and SMI Servers

•

• PKI Servers

PKI Servers

•

• SMI Servers

SMI Servers

• Federation

• Validation

Secure Email System:

Design and Implementation

Email user User Interface L I S T E N E R S Address book Manager Email Handler Storage Manager Strong Authentication Message Handler Session management A C T I O N S User Interface L I S T E N E R S Address book Manager Email Handler Storage Manager Strong Authentication Message Handler Session management Server Admin A C T I O N S Security Manager Standard Email Server SMTP/POP3 Header|SessionID|Data(PKCS7) Header|SessionID|Data(PKCS7) T R A N S P O R T E R T R A N S P O R T E R Cert proto Hash Symmetric Key SMIME DistinguishedNameCertificate PKCS7

Cert proto Hash Symmetric Key SMIME DistinguishedNameCertificate PKCS7

Graphical User Interface

S/MIME Message:

S/MIME Message: SignedAndEncrypted

SignedAndEncrypted

Return-Path: <aghafoor@130.237.158.247>

Message-ID: <15206040.11225246288906.JavaMail.sead@sec-office> MIME-Version: 1.0

Delivered-To: aghafoor@130.237.158.247 Received: from l884.dsv.su.se ([130.237.158.18])

by sec-office (JAMES SMTP Server 2.3.1) with SMTP ID 184 for <aghafoor@130.237.158.247>;

Tue, 28 Oct 2008 19:11:28 -0700 (PDT) Content-Disposition: attachment; filename="smime.p7m" Content-Type: application/x-pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64

From: aghafoor@130.237.158.247 To: aghafoor@130.237.158.247 Subject: Signed and encrypted message Date: Tue, 28 Oct 2008 18:14:04 +0100 (CET)

(8)

Return-Path: <aghafoor@130.237.158.247> Delivered-To: agha@130.237.158.247 Received: from l884.dsv.su.se ([130.237.158.18])

by sec-office (JAMES SMTP Server 2.3.1) with SMTP ID 175 for <agha@130.237.158.247>;

Tue, 28 Oct 2008 19:10:47 -0700 (PDT) Date: Tue, 28 Oct 2008 18:13:23 +0100 (CET) From: aghafoor@130.237.158.247 To: agha@130.237.158.247

Message-ID: <31936094.11225214003474.JavaMail.aghafoor@L884> Subject: Signed message

MIME-Version: 1.0

Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="---dsv-seclab-sem-agent384282"

Content-Transfer-Encoding: 7bit

This is a cryptographically signed message in MIME format. ---dsv-seclab-sem-agent384282 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit

This is a signed message from aghafoor to agha

---dsv-seclab-sem-agent384282 MIME-Version: 1.0

Content-Disposition: attachment; filename="smime.p7m" Content-Type: application/x-pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64