S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 11
Lecture 10:
Lecture 10:
Secure E
Secure E
-
-
Systems
Systems
Prof. Sead Muftic
Prof. Sead Muftic
Matei Ciobanu Morogan
Matei Ciobanu Morogan
Abdul Ghafoor Abbasi
Abdul Ghafoor Abbasi
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 22
Lecture 10 :
Lecture 10 :
Secure E
Secure E
–
–
mail Systems
mail Systems
Subjects / Topics :
Subjects / Topics :
1. Secure E
1. Secure E
–
–
mail systems
mail systems
2.
2.
Secure, Trusted, Authorized and Reliable E
Secure, Trusted, Authorized and Reliable E
–
–
Mail System
Mail System
3. Secure applications based on secure E
3. Secure applications based on secure E
–
–
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 33
Lecture 10 :
Lecture 10 :
Secure E
Secure E
–
–
mail Systems
mail Systems
Subjects / Topics :
Subjects / Topics :
1. Secure E
1. Secure E
–
–
mail systems
mail systems
2.
2.
Secure, Trusted, Authorized and Reliable E
Secure, Trusted, Authorized and Reliable E
–
–
Mail System
Mail System
3. Secure applications based on secure E
3. Secure applications based on secure E
–
–
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 44
Components of E-mail system are
Mail Servers and User Agents (UA)
Standard E
Standard E
-
-
mail system
mail system
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 55
Header
Header
B o d y
B o d y
With a standard
With a standard
E
E-
-mail system
mail system
a user creates
a user creates
an E
an E-
-mail letter
mail letter
at his/her
at his/her
workstation
workstation
using UA
using UA
Internet E
Internet E
-
-
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 66
Dear Sead:
How are you today ?
What are you doing ?
From:
From:
john @
john @ mit.edu
mit.edu
To:
To:
sead@ dsv.su.se
sead@ dsv.su.se
Subject:
Subject:
Normal letter
Normal letter
Date:
Date:
10-
10
-April
April-
-2004
2004
RFC 822 E
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 77
Dear Ahmed: How are you today ? What are you doing ? From: From: sead @ dsv.su.se sead @ dsv.su.se To: To: Subject: Subject: APATEL @ APATEL @ Normal letter Normal letter ccvax.ucd.ieccvax.ucd.ie
Date: Date: 77--JulyJuly--1993 1993
Dear Ahmed: How are you today ? What are you doing ? From: From: sead @ dsv.su.se sead @ dsv.su.se To: To: Subject: Subject: APATEL @ APATEL @ Normal letter Normal letter ccvax.ucd.ieccvax.ucd.ie
Date: Date: 77--JulyJuly--1993 1993
Dear Ahmed: How are you today ?What are you doing ? From: From: sead @ dsv.su.se sead @ dsv.su.se To: To: APATEL @ APATEL @ ccvax.ucd.ieccvax.ucd.ie Subject: Subject: Date: Date: Normal letter Normal letter 77--JulyJuly--1993 1993
E-mail letters are transmitted in clear and during transmission
stored at sending and receiving Mail Server
Dear Ahmed: How are you today ? What are you doing ? From: From: sead @ dsv.su.se sead @ dsv.su.se To: To: Subject: Subject: APATEL @ APATEL @ Normal letter Normal letter ccvax.ucd.ieccvax.ucd.ie
Date: Date: 77--JulyJuly--1993 1993
Transmission
Transmission
-
-
SMTP (RFC 821)
SMTP (RFC 821)
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 88
This implies the following problems:
The text of the letter may be read by anybody
The text of the letter may be read by anybody
The correct contents of the received letter
The correct contents of the received letter
cannot be guaranteed
cannot be guaranteed
The sender cannot be authenticated and verified
The sender cannot be authenticated and verified
The sender is not certain that the letter will be
The sender is not certain that the letter will be
read only by the intended receiver
read only by the intended receiver
The sender may repudiate sending the letter
The sender may repudiate sending the letter
or its contents
or its contents
Internet E
Internet E
-
-
–
–
potential problems
potential problems
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 99
•
•
Confidentiality
Confidentiality
•
•
Integrity (MIC)
Integrity (MIC)
•
•
Sender
Sender
’
’
s Auth
s Auth
•
•
Receiver
Receiver
’
’
s Auth
s Auth
•
•
Non
Non
-
-
repudiation
repudiation
Header
Header
B o d y
B o d y
Secure Email
Secure Email
-
-
PEM
PEM
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 1010
All security
All security
services and
services and
parameters
parameters
are applied
are applied
to the body
to the body
of the letter
of the letter
Header
Header
B o d y
B o d y
PEM principles
PEM principles
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 1111
The body of
The body of
the PEM letter is
the PEM letter is
divided in two parts:
divided in two parts:
PEM header
PEM header
and
and
From:
From: john @
john @
mit.edu
mit.edu
To:
To: sead @ dsv.su.se
sead @ dsv.su.se
Subject:
Subject: PEM letter
PEM letter
Date:
Date: 10
10
-
-
April
April
-
-
2004
2004
PEM header
PEM header
Format of PEM letter
Format of PEM letter
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 1212
PEM parameters
PEM parameters
and ENCRYPTED
and ENCRYPTED
PEM parameters
PEM parameters
MIC
MIC
-
-
ONLY
ONLY
PEM parameters
PEM parameters
MIC
MIC
-
-
CLEAR
CLEAR
From:
From: john @ john @ mit.edumit.edu
To:
To: sead@ dsv.su.se sead@ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--20042004
From:
From: john @ john @ mit.edumit.edu
To:
To: sead @ dsv.su.se sead @ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--2004 2004
From:
From: john @ john @ mit.edumit.edu
To:
To: sead@ dsv.su.se sead@ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--20042004
Types of PEM letters
Types of PEM letters
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 1313
PEM parameters
PEM parameters
⌧
⌧
and ENCRYPTED
and ENCRYPTED
PEM parameters
PEM parameters
aSDfegtylhTR
aSDfegtylhTR
uhGRfDestGPL
uhGRfDestGPL
MIC
MIC
-
-
ONLY
ONLY
PEM parameters
PEM parameters
Dear John:
Dear John:
How are you ?
How are you ?
MIC
MIC
-
-
CLEAR
CLEAR
From:
From: john @ john @ mit.edumit.edu
To:
To: sead @ dsv.su.se sead @ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--2004 2004
From:
From: john @ john @ mit.edumit.edu
To:
To: sead@ dsv.su.se sead@ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--2004 2004
From:
From: john @ john @ mit.edumit.edu
To:
To: sead @ dsv.su.se sead @ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--2004 2004
Implements Data Integrity, Sender
Implements Data Integrity, Sender
’
’
s Authenticity
s Authenticity
and Non Repudiation (letter contents guarantied)
and Non Repudiation (letter contents guarantied)
MIC
MIC
–
–
clear PEM letter
clear PEM letter
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 1414
PEM parameters
PEM parameters
⌧
⌧
and ENCRYPTED
and ENCRYPTED
PEM parameters
PEM parameters
aSDfegtylhTR
aSDfegtylhTR
uhGRfDestGPL
uhGRfDestGPL
MIC
MIC
-
-
ONLY
ONLY
PEM parameters
PEM parameters
Dear Sead:
Dear Sead:
How are you ?
How are you ?
MIC
MIC
-
-
CLEAR
CLEAR
From:
From: john @ john @ mit.edumit.edu
To:
To: sead @ dsv.su.se sead @ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--2004 2004
From:
From: john @ john @ mit.edumit.edu
To:
To: sead @ dsv.su.se sead @ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--20042004
From:
From: john @ john @ mit.edumit.edu
To:
To: sead @ dsv.su.se sead @ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--2004 2004
Implements Data Integrity, Sender
Implements Data Integrity, Sender
’
’
s Authenticity
s Authenticity
and Non Repudiation (letter contents guarantied)
and Non Repudiation (letter contents guarantied)
MIC
MIC
–
–
only PEM letter
only PEM letter
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 1515
⌧
⌧
and ENCRYPTED
and ENCRYPTED
PEM parameters
PEM parameters
aSDfegtylhTR
aSDfegtylhTR
uhGRfDestGPL
uhGRfDestGPL
MIC
MIC
-
-
ONLY
ONLY
PEM parameters
PEM parameters
Dear Sead:
Dear Sead:
How are you ?
How are you ?
MIC
MIC
-
-
CLEAR
CLEAR
PEM parameters
PEM parameters
From:From: john @ john @ mit.edumit.edu
To:
To: sead @ dsv.su.se sead @ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--1997 1997
From:
From: john @ john @ mit.edumit.edu
To:
To: sead @ dsv.su.se sead @ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--1997 1997
From:
From: john @ john @ mit.edumit.edu
To:
To: sead @ dsv.su.se sead @ dsv.su.se
Subject:
Subject: PEM letter PEM letter
Date:
Date: 1010--AprilApril--1997 1997
Implements Data Integrity, Data Confidentiality, Sender
Implements Data Integrity, Data Confidentiality, Sender
’
’
s
s
Authenticity, Receiver
Authenticity, Receiver
’
’
s Authenticity and Non Repudiation
s Authenticity and Non Repudiation
ENCRYPTED PEM letter
ENCRYPTED PEM letter
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 1616
Local Form
Canonical Form
Cryptographic Processing
Base64 Encoding
Creating PEM letter
Creating PEM letter
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 1717
•
•
ASCII character set
ASCII character set
•
•
<CR><LF> line delimiters
<CR><LF> line delimiters
Canonical form of a PEM letter
Canonical form of a PEM letter
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 1818
For MIC
For MIC
-
-
ONLY and MIC
ONLY and MIC
-
-
CLEAR type of letters:
CLEAR type of letters:
•
•
Calculate MIC (MD2 or MD5) on Canonical Form
Calculate MIC (MD2 or MD5) on Canonical Form
•
•
Sign MIC using Sender
Sign MIC using Sender
’
’
s secret key
s secret key
Cryptographic processing
Cryptographic processing
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 1919
For ENCRYPTED type of letters:
For ENCRYPTED type of letters:
•
•
Calculate MIC over Canonical Form
Calculate MIC over Canonical Form
•
•
Sign MIC using Sender
Sign MIC using Sender
’
’
s secret key
s secret key
•
•
Generate random Data Encryption Key
Generate random Data Encryption Key
-
-
DEK
DEK
•
•
Encrypt the Canonical Form using DEK
Encrypt the Canonical Form using DEK
•
•
Encrypt MIC using DEK
Encrypt MIC using DEK
•
•
Protect DEK with Receiver
Protect DEK with Receiver
’
’
s public key
s public key
Cryptographic processing
Cryptographic processing
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 2020
Base64 coding:
Base64 coding:
•
•
Coding to 6 bits per printable character
Coding to 6 bits per printable character
•
•
Input 24 bits from 3 bytes are transformed
Input 24 bits from 3 bytes are transformed
to 24 bits in 4 bytes
to 24 bits in 4 bytes
•
•
Output line length
Output line length
-
-
64 printable characters
64 printable characters
Only for MIC
Only for MIC
-
-
ONLY and ENCRYPTED type of letters.
ONLY and ENCRYPTED type of letters.
Printable encoding
Printable encoding
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 2121
Proc
Proc
-
-
Type:
Type:
ENCRYPTED | MIC-ONLY | MIC-CLEAR | CRL
Content
Content
-
-
Domain:
Domain:
RFC822
DEK
DEK
-
-
Info:
Info:
<algorithm id.>, <mode>, <parameters>
Originator
Originator
-
-
ID
ID
-
-
Asymmetric:
Asymmetric:
Id. of Sender and of Sender’s key
Originator
Originator
-
-
Certificate:
Certificate:
Sender’s certificate
Issuer
Issuer
-
-
Certificate:
Certificate:
Issuer’s certificate
MIC
MIC
-
-
Info:
Info:
<MIC alg. id.>, <signing alg. id.>, <protected MIC>
Recipient
Recipient
-
-
ID
ID
-
-
Asymmetric:
Asymmetric:
Id. of Receiver and Receiver’s key
Key
Key
-
-
Info:
Info:
<protected DEK>, <protecting alg. id.>
PEM header
PEM header
–
–
RFC 1421
RFC 1421
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 2222
---BEGIN PRIVACY-ENHANCED MESSAGE---Proc-Type:4,CRL CRL: MIHeMIGJMA0GCSqGSIb3DQEBAgUAMEgxRjAJBgNVBAYTAlNFMAsGA1UEChMEQ09T VDAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkX Czk1MDMwMjA5MDJaFws5NTA0MDIwOTAyWjASMBACAQAXCzk1MDMwMjA4Mzha8yAw DQYJKoZIhvcNAQECBQADQQAolGV3ahJWeOSL7bFhOl9BIOmhiqtnIAIHjoInFdM1 NM6PjFZMdcE11nOFf8nnh24obKYm/q2y5ZMV8MKdF78B Originator-Certificate: MIIBgjCCASwCBQEXVNaqMA0GCSqGSIb3DQEBAgUAMFIxUDAJBgNVBAYTAnVzMBcG A1UEChMQSW50ZXJuZXQgU29jaWV0eTAqBgNVBAsTI0ludGVybmV0IFBDQSBSZWdp c3RyYXRpb24gQXV0aG9yaXR5MBoXCzk1MDMwMjA5MDJaFws5NjAzMDIwOTAyWjBI MUYwCQYDVQQGEwJTRTALBgNVBAoTBENPU1QwLAYDVQQLEyVMb3cgQXNzdXJhbmNl IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MFowDQYJKoZIhvcNAQEBBQADSQAwRgJB ALk7mQW6uHi9BuyhqTk1rXRpbWefB6eBlUuNZTLrsV99puwroTNeAt7udJnKfADY YSqzfGZi8cQBIjrZOcS+tZ0CAQMwDQYJKoZIhvcNAQECBQADQQAdwL4R/R0j829o +YTGFDZq114hjKIOvrvJwj0eSiECk/JTYMPPg7+/1Namu8lkV4/IjjDQhIDmZCeP stEG28C9
---END PRIVACY-ENHANCED
MESSAGE---Example of PEM letter
Example of PEM letter
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 2323
Some
Some
text
text
Muftic
Document
with
Digital
signature
Plaintext
uncertified
Some
Some
text
text
Some
Some
text
text
Some
Some
text
text
Session key
used to
Muftic MufticSecure Email
Secure Email
-
-
Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP)
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 2424
File uncompressed
and signature
Some
Some
text
text
Some
Some
text
text
Some
Some
text
text
Session key used to
decrypt file to
Muftic
Muftic
Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP)
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 2525
?
YOU
A
G
F
E
D
C
B
I
H
PGP Trust model
PGP Trust model
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 2626
- Based on PKCS #7 security services
- Combination of MIME messages and PKCS objects
- Suitable for binary data (multimedia)
- Includes message formatting and certificate handling
- International standard (interoperability)
- Available with major browsers and mailers
Secure Email
Secure Email
-
-
S/MIME
S/MIME
Features :
Features :
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 2727
Standard header
PKCS-7 object
PKCS-7 object
S/MIME general format
S/MIME general format
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 2828
Content-Type: multipart/mixed; boundary=bar
--bar
Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable
A1Hola Michael!
How do you like the new S/MIME standard?
I agree. It's generally a good idea to encode lines that begin with From=20because some mail transport agents will insert a than (>) sign, thus invalidating the signature.
Also, in some cases it might be desirable to encode any =20 trailing whitespace that occurs on lines in order to ensure =20 that the message signature is not invalidated when passing =20 a gateway that modifies such whitespace (like BITNET). =20
--bar Content-Type: application/wally-wiggle iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn HOxEa44b+EI= =ndaj
--bar--S/MIME format
S/MIME format
–
–
example
example
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 2929
S/MIME Type File Extension
application/pkcs7-mime .p7m
(signedData, envelopedData)
application/pkcs7-mime .p7c
(degenerate signedData
"certs-only" message)
application/pkcs7-signature .p7s
application/pkcs10 .p10
S/MIME
S/MIME
–
–
file extensions
file extensions
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 3030
Content-type: application/mime; content-type="multipart/signed"; protocol="application/pkcs7-signature";
micalg=rsa-md5; name=smime.aps
Content-disposition: attachment; filename=smime.aps
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=rsa-md5; boundary=boundary42
--boundary42 Content-Type: text/plain
This is a very short clear-signed message. However, at least you can read it!
--boundary42 Content-Type: application/pkcs7-signature Content-Transfer-Encoding: base64 ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756
--boundary42--S/MIME
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 3131
Lecture 10 :
Lecture 10 :
Secure E
Secure E
–
–
mail Systems
mail Systems
Subjects / Topics :
Subjects / Topics :
1. Secure E
1. Secure E
–
–
mail systems
mail systems
2.
2.
Secure, Trusted, Authorized and Reliable E
Secure, Trusted, Authorized and Reliable E
–
–
Mail System
Mail System
3. Secure applications based on secure E
3. Secure applications based on secure E
–
–
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 3232
Problems in Current Email Systems
Problems in Current Email Systems
− Weak Authentication
− Protection of mail boxes and email letters on email
server from SPAM email
− Unauthorized email (SPAM)
− Contents of address book
− Email confirmation
− E–mail is main source for distribution of malicious
and dangerous content
Problems :
Problems :
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 3333
Requirements for Secure Email
Requirements for Secure Email
− Efficient Handling of attachments
− Current status of email letter (Confirmations)
− Handling of certificates
− Integration with smart cards
− Sending and receiving authorization
− Cross–domain bilateral or multilateral arrangements
Requirements:
Requirements:
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 3434
Layers: Secure Email Systems
Layers: Secure Email Systems
Secure E-Mail Infrastructure
Credential Server
Secure E-Mail Server
Secure E-Mail Client
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 3535
Layer
Layer
-
-
1: Secure E
1: Secure E
-
-
Mail Client
Mail Client
•
•
Standard Mailing Functions
Standard Mailing Functions
•
•
Confirmations
Confirmations
•
•
Strong Authentication With
Strong Authentication With
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 3636
Layer 2: Secure E
Layer 2: Secure E
–
–
Mail Servers
Mail Servers
•
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 3737
Layer 3: Credentials Servers
Layer 3: Credentials Servers
•
•
Issuing PKI Server
Issuing PKI Server
•
•
SAML Policy Server
SAML Policy Server
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 3838
Layer 4: PKI and SMI Servers
Layer 4: PKI and SMI Servers
•
•
PKI Servers
PKI Servers
•
•
SMI Servers
SMI Servers
• Federation
• Validation
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 3939
Secure Email System:
Secure Email System:
Design and Implementation
Design and Implementation
Email user User Interface L I S T E N E R S Address book Manager Email Handler Storage Manager Strong Authentication Message Handler Session management A C T I O N S User Interface L I S T E N E R S Address book Manager Email Handler Storage Manager Strong Authentication Message Handler Session management Server Admin A C T I O N S Security Manager Standard Email Server SMTP/POP3 Header|SessionID|Data(PKCS7) Header|SessionID|Data(PKCS7) T R A N S P O R T E R T R A N S P O R T E R Cert proto Hash Symmetric Key SMIME DistinguishedNameCertificate PKCS7
Cert proto Hash Symmetric Key SMIME DistinguishedNameCertificate PKCS7
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 4040
Graphical User Interface
Graphical User Interface
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 4141
Graphical User Interface
Graphical User Interface
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 4242
S/MIME Message:
S/MIME Message: SignedAndEncrypted
SignedAndEncrypted
Return-Path: <aghafoor@130.237.158.247>
Message-ID: <15206040.11225246288906.JavaMail.sead@sec-office> MIME-Version: 1.0
Delivered-To: aghafoor@130.237.158.247 Received: from l884.dsv.su.se ([130.237.158.18])
by sec-office (JAMES SMTP Server 2.3.1) with SMTP ID 184 for <aghafoor@130.237.158.247>;
Tue, 28 Oct 2008 19:11:28 -0700 (PDT) Content-Disposition: attachment; filename="smime.p7m" Content-Type: application/x-pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64
From: aghafoor@130.237.158.247 To: aghafoor@130.237.158.247 Subject: Signed and encrypted message Date: Tue, 28 Oct 2008 18:14:04 +0100 (CET)
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 4343
Return-Path: <aghafoor@130.237.158.247> Delivered-To: agha@130.237.158.247 Received: from l884.dsv.su.se ([130.237.158.18])
by sec-office (JAMES SMTP Server 2.3.1) with SMTP ID 175 for <agha@130.237.158.247>;
Tue, 28 Oct 2008 19:10:47 -0700 (PDT) Date: Tue, 28 Oct 2008 18:13:23 +0100 (CET) From: aghafoor@130.237.158.247 To: agha@130.237.158.247
Message-ID: <31936094.11225214003474.JavaMail.aghafoor@L884> Subject: Signed message
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="---dsv-seclab-sem-agent384282"
Content-Transfer-Encoding: 7bit
This is a cryptographically signed message in MIME format. ---dsv-seclab-sem-agent384282 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit
This is a signed message from aghafoor to agha
---dsv-seclab-sem-agent384282 MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m" Content-Type: application/x-pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64
MIIbcwYJKoZIhvcNAQcCoIIbZDCCG2ACAQExCzAJBgUrDgMCGgUAMEEGCSqGSIb3
S/MIME Message:
S/MIME Message: Signed
Signed
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 4444
MS Outlook Security Configuration
MS Outlook Security Configuration
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 4545
Mozilla Thunderbird Security Configuration
Mozilla Thunderbird Security Configuration
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 4646
Lecture 10 :
Lecture 10 :
Secure E
Secure E
–
–
mail Systems
mail Systems
Subjects / Topics :
Subjects / Topics :
1. Secure E
1. Secure E
–
–
mail systems
mail systems
2.
2.
Secure, Trusted, Authorized and Reliable E
Secure, Trusted, Authorized and Reliable E
–
–
Mail System
Mail System
3. Secure applications based on secure E
3. Secure applications based on secure E
–
–
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 4747
Business applications based on secure E
Business applications based on secure E
–
–
S. Muftic / M. Ciobanu Morogan Computer Networks Secu
S. Muftic / M. Ciobanu Morogan Computer Networks Security rity 4848