Upload
damian-preston
View
228
Download
0
Embed Size (px)
DESCRIPTION
Protocol Overview IT352 | Network Security |Najwa AlGhamdi 3 A typical example of sending a message via SMTP to two mailboxes (alice and theboss) located in the same mail domain (example.com or localhost.com) is reproduced in the following session exchange
Citation preview
IT352 | Network Security |Najwa AlGhamdi
1
Email Security
SMIME
IT352 | Network Security |Najwa AlGhamdi
2
Email Protocol Overview
1. Simple Mail Transfer Protocol (SMTP)– It is an Internet standard for e-mail
transmission across Internet Protocol (IP) networks.
– Through this protocol ,a mail sender communicates with a mail receiver by issuing command strings and supplying necessary data over a TCP connection.
IT352 | Network Security |Najwa AlGhamdi
3
Email Protocol Overview
• A typical example of sending a message via SMTP to two mailboxes (alice and theboss) located in the same mail domain (example.com or localhost.com) is reproduced in the following session exchange
IT352 | Network Security |Najwa AlGhamdi
4
Email Protocol Overview
SMTP Drawbacks 1. SMTP cannot transmit text data
that includes national language characters because these are represented by 8-bit codes with values of 128 decimal or higher, and SMTP is limited to 7-bit ASCII.
2. SMTP servers may reject mail message over a certain size.
3. SMTP gateways that translate between ASCII to EBCDIC suffer translation problems.
IT352 | Network Security |Najwa AlGhamdi
5
Email Protocol Overview
2. Multipurpose Internet Mail Extensions (MIME)
– is an Internet standard that extends the format of email to support:
1. Text in character sets other than ASCII2. Non-text attachments3. Message bodies with multiple parts
• MIME's use has grown beyond describing the content of email to describe content type in general including for the web .
• SMTP/MIME email l Email is transmitted via SMTP in MIME format.
IT352 | Network Security |Najwa AlGhamdi
6
Email Protocol Overview
MIME specification includes the following elements:1. Five new message header fields. These fields
provide information about the body of the message.1. MIME veriosn 2. Content-Type : describe the data contain in the
body.3. Content transfer encoding: indicate the type of
transformation that has been used to represent the body of the message in a way that is acceptable for mail transport.
4. Content ID. 5. Content description.
2. A number of content formats are defined, thus standardizing representations that supports multimedia e-mail.
3. Transfer encodings are defined that enable that protect any content format to be altered by the mail system.
IT352 | Network Security |Najwa AlGhamdi
7
Email Protocol Overview
MIME specification includes the following elements: 2. A number of content formats are defined, thus standardizing representations that supports multimedia e-mail.
8
Example of multipart message
From: Nathaniel Borenstein <[email protected]> To: Ned Freed [email protected] Subject: Sample message MIME-Version: 1.0 Content-type: multipart/mixed; boundary=“simple boundary“ This is the preamble. It is to be ignored, though it is a handy place for mail composers to include an explanatory note to non-MIME conformant readers. --simple boundary This is implicitly typed plain ASCII text. It does NOT end with a linebreak. --simple boundary Content-type: text/plain; charset=us-ascii This is explicitly typed plain ASCII text. It DOES end with a linebreak. --simple boundary-- This is the epilogue. It is also to be ignored.
IT352 | Network Security |Najwa AlGhamdi
IT352 | Network Security |Najwa AlGhamdi
9
Email Protocol Overview
MIME specification includes the following elements:3.Transfer encodings are defined that enable that protect any content format to be altered by the mail system.
S/MIME (Secure/Multipurpose Internet Mail Extensions)
• security enhancement to MIME email
• have S/MIME support in many mail agents– MS Outlook, Mozilla, Mac Mail etc
S/MIME Functions
• S/MIME is very similar to PGP. Both offer the ability to sign and/or encrypt messages.
• S/MIME Security Functions : 1. Enveloped data:
This consists of encrypted content of any type and encrypted content encryption keys for one or more users. This functions provides privacy and data security.
2. Signed data: A digital signature is formed by signing the message digest and then encrypting that with the signer private key.
• The content and the signature are then encoded using base64 encoding.This function provides authenticity, message integrity and non-repudiation of origin.
S/MIME Functions
• S/MIME Security Functions : 3. Clear signed data:
In this case a digital signature of the content is formed, However only the signature is encoded with base64.
4. Signed and enveloped data: (2) & (1) may be nested :
1. Encrypted data could be signed.
2. Or signed data could be encrypted.
S/MIME Cryptographic Algorithms
• digital signatures: DSS & RSA• hash functions: SHA-1 & MD5• session key encryption: ElGamal &
RSA• message encryption: AES, Triple-
DES, RC2/40 and others• MAC: HMAC with SHA-1
S/MIME Messages
A MIME entity may be an entire message or one or more of the subparts of the message.
S/MIME secures a MIME entity with a signature, encryption, or both to form a MIME wrapped (public-key cryptography specifications ) PKCS object
A PKCS Object is then treated as message content .
have a range of content-types:enveloped datasigned dataclear-signed dataregistration requestcertificate only message
S/MIME - Message
Enveloped Data:
Pseudorandom session key
(3DES or RC2/40ׁ)ׁ
Certificate RecipientInfo
M
enveloped-data +
Encrypt the session key
Diffie-Hellman / RSA
Recipient’s public key
S/MIME Message
SignedData:
M
Hash function
SHA-1 or MD5
Encryption
Sender’s private key
Certificate SignerI
nfo
Base64 encoding
S/MIME - Message
Clear signing: Clear signing is achieved using the multipart
content type with a signed sub-type .
Two parts: Clear text (or any MIME type) encoded in base64. SignedData.
S/MIME - Message
Content-Type: multipart/signed; protocol=“application/pkcs7-signature” ;
micalg=sha1; boundary=boundary42
--boundary42
Content-Type: text/plain
This is a clear-signed message. --boundary42
Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s
ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4
--boundary42--
This parameter indicates that
this is a two part clear-signed
entity.
This parameter indicates the type of message digest
used.
SignerInfoHeader
Unsigned Data
S/MIME - Message
Registration request:A user will apply for certification authorities
+
Subject’s name
Public-key in bit-string
representation010111010011…
CertificationRequestInfo
User’s private
key
Public-key ID
?
PKCS10C
A
S/MIME - Message
Certificate-only message: Used to transport certificates.
contains only certificates or a certificate revocation list (CRL).
Sent in response to a registration request.
S/MIME - Message
Creating a Certificates-only Message:Step 1:
The certificates are made available to the CMS generating process which creates a CMS object of type signedData.
Step 2:
The CMS signedData object is enclosed in anapplication/pkcs7-mime MIME entity.
The smime-type parameter for a certs-only message is "certs-only".
The file extension for this type of message is ".p7c".
S/MIME Certificate Processing
• S/MIME uses X.509 v3 certificates• The key-management scheme
used by S/MIME is in some ways managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust
• each client has a list of trusted CA’s certs
• and own public/private key pairs & certs
• certificates must be signed by trusted CA’s