E - mail security

Email Security
 emailis one of the most widely used and
regarded network services

 currently message contents are not secure

 may be inspected either in transit
 or by suitably privileged users on destination
system
Email Security Enhancements
 confidentiality
 protection from disclosure
 authentication
 of sender of message
 message integrity
 protection from modification
 non-repudiation of origin
 protection from denial by sender
 Pretty Good Privacy (PGP)
 widely used de facto secure email

 developed by Phil Zimmermann

 selected best available cryptographic algorithms to use

 integrated into a single program

 on Unix, PC, Macintosh and other systems

 originally free, now also have commercial versions

available
 PGP Operation –
Authentication
1. sender creates message
2. make SHA-1160-bit hash of message
3. attached RSA signed hash to message
4. receiver decrypts & recovers hash code
5. receiver verifies received message hash
 PGP Operation –
Confidentiality
1. sender forms 128-bit random session key
2. encrypts message with session key
3. attaches session key encrypted with RSA
4. receiver decrypts & recovers session key
5. session key is used to decrypt message
PGP Operation – Confidentiality
& Authentication
 can use both services on same message
 create signature & attach to message
 encrypt both message & signature
 attach RSA/ElGamal encrypted session key
 PGP Operation –
Compression
 bydefault PGP compresses message
after signing but before encrypting
 so can store uncompressed message &
signature for later verification
 & because compression is non deterministic
 uses ZIP compression algorithm
 PGP Operation – Email
Compatibility
 when using PGP will have binary data to send
(encrypted message etc)
 however email was designed only for text
 hence PGP must encode raw binary data into
printable ASCII characters
 uses radix-64 algorithm
 maps 3 bytes to 4 printable chars
 also appends a CRC
 PGP also segments messages if too big
PGP Operation – Summary
 PGP Session Keys
 need a session key for each message
 of varying sizes: 56-bit DES, 128-bit CAST or
IDEA, 168-bit Triple-DES

 generated using ANSI X12.17 mode

 usesrandom inputs taken from previous

uses and from keystroke timing of user
 PGP Public & Private Keys
 since many public/private keys may be in use,
need to identify which is actually used to encrypt
session key in a message
 could send full public-key with every message
 but this is inefficient
 rather use a key identifier based on key
 is least significant 64-bits of the key
 will very likely be unique
 also use key ID in signatures
PGP Message Format
 PGP Key Rings
 each PGP user has a pair of key rings:
 public-key ring contains all the public-keys of
other PGP users known to this user, indexed
by key ID

 private-key ring contains the public/private

key pair(s) for this user
 PGP Key Management
 rather than relying on certificate authorities
 in PGP every user is own CA
 can sign keys for users they know directly
 forms a “web of trust”
 trust keys have signed
 can trust keys others have signed if have a chain of
signatures to them
 key ring includes trust indicators
 users can also revoke their keys
PGP Trust Model Example
 S/MIME (Secure/Multipurpose
Internet Mail Extensions)
 security enhancement to MIME email
 original Internet RFC822 email was text only
 MIME provided support for varying content
types and multi-part messages
 with encoding of binary data to textual form
 S/MIME added security enhancements
 have S/MIME support in many mail agents
 eg MS Outlook, Mozilla, Mac Mail etc
 S/MIME Functions
 enveloped data
 encrypted content and associated keys
 signed data
 encoded message + signed digest
 clear-signed data
 cleartext message + encoded signed digest
 signed & enveloped data
 nesting of signed & encrypted entities
 S/MIME Cryptographic
Algorithms
 digitalsignatures: DSS & RSA
 hash functions: SHA-1 & MD5
 session key encryption: ElGamal & RSA
 message encryption: AES, Triple-DES,
RC2/40 and others
 MAC: HMAC with SHA-1
 have process to decide which algorithms
to use
 S/MIME Messages
 S/MIME secures a MIME entity with a
signature, encryption, or both
 forming a MIME wrapped PKCS object
 have a range of content-types:
 enveloped data
 signed data
 clear-signed data
 registration request
 certificate only message
 S/MIME Certificate
Processing
 S/MIME uses X.509 v3 certificates
 managed using a hybrid of a strict X.509
CA hierarchy & PGP’s web of trust
 each client has a list of trusted CA’s
certificates
 and own public/private key pairs &
certificates
 certificates must be signed by trusted CA’s
 Certificate Authorities
 have several well-known CA’s
 Verisign one of most widely used
 Verisign issues several types of Digital IDs
 increasing levels of checks & hence trust
Class Identity Checks Usage
1 name/email check web browsing/email
2 + enroll/addr check email, subs, s/w validate
3 + ID documents e-banking/service access
 S/MIME Enhanced Security
Services
3 proposed enhanced security services:
 signed receipts
 security labels
 secure mailing lists
 Domain Keys Identified Mail
a specification for cryptographically
signing email messages
 so signing domain claims responsibility
 recipients / agents can verify signature
 proposed Internet Standard RFC 4871
 has been widely adopted
 DKIM
Strategy
 transparent
to user
 MSA sign
 MDA verify
 forpragmatic
reasons