Scribd
Upload
14 views12 pages

Mime

The document discusses S/MIME (Secure/Multipurpose Internet Mail Extensions) as a security enhancement for MIME email, detailing its functions such as enveloped data, signed data, and clear-signed data. It also covers cryptographic algorithms used in S/MIME, the processing of X.509 v3 certificates, and the role of Certificate Authorities. Additionally, it introduces Domain Keys Identified Mail (DKIM) as a method for cryptographically signing email messages to enhance email security.

Uploaded by

saikarthikreddypalagiri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
14 views12 pages

Mime

The document discusses S/MIME (Secure/Multipurpose Internet Mail Extensions) as a security enhancement for MIME email, detailing its functions such as enveloped data, signed data, and clear-signed data. It also covers cryptographic algorithms used in S/MIME, the processing of X.509 v3 certificates, and the role of Certificate Authorities. Additionally, it introduces Domain Keys Identified Mail (DKIM) as a method for cryptographically signing email messages to enhance email security.

Uploaded by

saikarthikreddypalagiri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 12

Cryptography and

Network Security
Chapter 18
Fifth Edition
by William Stallings

Lecture slides by Lawrie Brown


S/MIME (Secure/Multipurpose
Internet Mail Extensions)
 security enhancement to MIME email

original Internet RFC822 email was text only

MIME provided support for varying content
types and multi-part messages

with encoding of binary data to textual form

S/MIME added security enhancements
 have S/MIME support in many mail agents

eg MS Outlook, Mozilla, Mac Mail etc
S/MIME Functions
 enveloped data

encrypted content and associated keys
 signed data

encoded message + signed digest
 clear-signed data

cleartext message + encoded signed digest
 signed & enveloped data

nesting of signed & encrypted entities
S/MIME Cryptographic
Algorithms
 digital signatures: DSS & RSA
 hash functions: SHA-1 & MD5
 session key encryption: ElGamal & RSA
 message encryption: AES, Triple-DES,
RC2/40 and others
 MAC: HMAC with SHA-1
 have process to decide which algs to use
S/MIME Messages
 S/MIME secures a MIME entity with a
signature, encryption, or both
 forming a MIME wrapped PKCS object
 have a range of content-types:

enveloped data

signed data

clear-signed data

registration request

certificate only message
S/MIME Certificate
Processing
 S/MIME uses X.509 v3 certificates
 managed using a hybrid of a strict X.509
CA hierarchy & PGP’s web of trust
 each client has a list of trusted CA’s certs
 and own public/private key pairs & certs
 certificates must be signed by trusted CA’s
Certificate Authorities
 have several well-known CA’s
 Verisign one of most widely used
 Verisign issues several types of Digital IDs
 increasing levels of checks & hence trust
Class Identity Checks Usage
1 name/email check web browsing/email
2 + enroll/addr check email, subs, s/w
validate
3 + ID documents e-banking/service
access
S/MIME Enhanced Security
Services
 3 proposed enhanced security services:

signed receipts

security labels

secure mailing lists
Domain Keys Identified Mail
 a specification for cryptographically
signing email messages
 so signing domain claims responsibility
 recipients / agents can verify signature
 proposed Internet Standard RFC 4871

been widely adopted


Internet Mail Architecture
Email Threats
 see RFC 4684- Analysis of Threats
Motivating DomainKeys Identified Mail
 describes the problem space in terms of:

range: low end, spammers, fraudsters

capabilities in terms of where submitted,
signed, volume, routing naming etc

outside located attackers
DKIM
Strategy
 transparent
to user

MSA sign

MDA verify
 for
pragmatic
reasons

You might also like