E-Mail Security

E-Mail Security
• For providing confidentiality and
authentication to e-mails
• Pretty Good Privacy (PGP)
• S/MIME.
 PGP – Pretty Good Privacy
• PGP provides a confidentiality and
authentication service that can be used for
electronic mail and file storage applications
• Its free and works with almost all of the
platforms
• Extensive support of various encryption and
hashing algorithms
• RFC 3156: MIME Security with OpenPGP
PGP Description
Authentication in PGP
PGP Cryptographic Functions
 Confidentially in PGP
• the symmetric encryption algorithm CAST-128
may be used. Alternatively, IDEA or 3DES may
be used
• symmetric key is used only once. That is, a
new key is generated as a random 128-bit
number for each message.
Confidentially in PGP (Cont..)
Compression in PGP
 E-mail Compatibility
• When PGP is used, at least part of the block to be transmitted is
encrypted.
• If only the signature service is used, then the message digest is
encrypted (with the sender’s private key).
• If the confidentiality service is used, the message plus signature (if
present) are encrypted (with a one-time symmetric key).
• Thus, part or all of the resulting block consists of a stream of arbitrary
8-bit octets.
• However, many electronic mail systems only permit the use of blocks
consisting of ASCII text. To accommodate this restriction, PGP
provides the service of converting
• the raw 8-bit binary stream to a stream of printable ASCII characters.
Transmission and Reception of PGP Messages
 S/MIME
• Secure/Multipurpose Internet Mail Extension
(S/MIME) is a security enhancement to the
MIME
• S/MIME will emerge as the industry standard
for commercial and organizational use
• PGP will remain the choice for personal e-mail
security
 Internet Message Format
• RFC 5322
Multipurpose Internet Mail Extensions
• To address problems and limitations of Simple
Mail Transfer Protocol (SMTP)
– SMTP cannot transmit executable files or other binary
objects
– SMTP cannot transmit text data that includes national
language characters
– SMTP servers may reject mail message over a certain
size
– translation problems.
– cannot handle nontextual data
MIME Headers
MIME Content Types
 Multipart Example
From: Nathaniel Borenstein <[email protected]>
To: Ned Freed <[email protected]>
Subject: Sample message
MIME-Version: 1.0
Content-type: multipart/mixed; boundary="simple boundary"
This is the preamble. It is to be ignored, though it is a
handy place for mail composers to include an explanatory
note to non-MIME conformant readers.
—simple boundary
This is implicitly typed plain ASCII text. It does NOT
end with a linebreak.
—simple boundary
Content-type: text/plain; charset=us-ascii
This is explicitly typed plain ASCII text. It DOES end
with a linebreak.
—simple boundary—
This is the epilogue. It is also to be ignored.
MIME Transfer Encodings
Functions of S/MIME
Cryptographic Algorithms Used in S/MIME
 Domain Keys Identified Mail (DKIM)

• specification for cryptographically signing e-

mail messages, permitting a signing domain to
claim responsibility for a message in the mail
stream
 E-mail Threats
• RFC 4686
Simple Example of DKIM Deployment
DKIM Functional Flow