Upload
rashmi-sharma
View
3
Download
0
Embed Size (px)
DESCRIPTION
cns
Citation preview
Electronic Mail SecurityElectronic Mail Security
Pretty Good Privacy (PGP)Pretty Good Privacy (PGP) S/Mime Security ArchitectureS/Mime Security Architecture
Email SecurityEmail Security
email is one of the most widely used and email is one of the most widely used and regarded network services regarded network services
currently message contents are not secure currently message contents are not secure may be inspected either in transit may be inspected either in transit or by suitably privileged users on destination or by suitably privileged users on destination
systemsystem
Email Security EnhancementsEmail Security Enhancements
confidentialityconfidentiality protection from disclosureprotection from disclosure
authenticationauthentication of sender of messageof sender of message
message integritymessage integrity protection from modification protection from modification
non-repudiation of originnon-repudiation of origin protection from denial by senderprotection from denial by sender
Schemes of Email Security Schemes of Email Security
PGP (Pretty Good Privacy)PGP (Pretty Good Privacy)
S/MIME (Secure/Multipurpose Internet S/MIME (Secure/Multipurpose Internet mail Extension)mail Extension)
Pretty Good Privacy (PGP)Pretty Good Privacy (PGP) widely used for secure emailwidely used for secure email developed by Phil Zimmermanndeveloped by Phil Zimmermann selected best available crypto algorithm as selected best available crypto algorithm as
building blockbuilding block Integrated these algorithms into a general-Integrated these algorithms into a general-
purpose application purpose application on Unix, PC, Macintosh and other systems on Unix, PC, Macintosh and other systems provides a confidentiality and authentication provides a confidentiality and authentication
service that can be used for electronic mail service that can be used for electronic mail and file storage applications and file storage applications
PGP is an open-source freely available software package for PGP is an open-source freely available software package for e-mail security. e-mail security.
It provides authentication through the use of digital It provides authentication through the use of digital signature; confidentiality through the use of symmetric block signature; confidentiality through the use of symmetric block encryption; compression using the ZIP algorithm; e-mail encryption; compression using the ZIP algorithm; e-mail compatibility using the radix-64 encoding scheme; and compatibility using the radix-64 encoding scheme; and segmentation and reassembly to accommodate long e-segmentation and reassembly to accommodate long e-mails.mails.
PGP incorporates tools for developing a public-key trust PGP incorporates tools for developing a public-key trust model and public-key certificate management.model and public-key certificate management.
PGP has grown explosively and is now widely PGP has grown explosively and is now widely used. A number of reasons can be cited for used. A number of reasons can be cited for this growth:this growth:
Available free worldwide in versions that run Available free worldwide in versions that run on a variety of platforms, including Windows, on a variety of platforms, including Windows, UNIX, Macintosh, and many moreUNIX, Macintosh, and many more
It is based on algorithms that have survived It is based on algorithms that have survived extensive public review and are considered extensive public review and are considered extremely secure. extremely secure.
It has a wide range of applicabilityIt has a wide range of applicability It was not developed by, nor is it controlled It was not developed by, nor is it controlled
by, any governmental or standards by, any governmental or standards organization.organization.
PGP is now on an Internet standards track PGP is now on an Internet standards track (RFC 3156).(RFC 3156).
PGP OperationsPGP Operations
AuthenticationAuthentication ConfidentialityConfidentiality Confidentiality & AuthenticationConfidentiality & Authentication CompressionCompression CompatibilityCompatibility
AuthenticationAuthentication
digital signature service provided by PGP digital signature service provided by PGP • sender creates messagesender creates message• use SHA-1 to generate 160-bit hash of message use SHA-1 to generate 160-bit hash of message • signed hash with RSA using sender's private key, and signed hash with RSA using sender's private key, and
is attached to messageis attached to message• receiver uses RSA with sender's public key to decrypt receiver uses RSA with sender's public key to decrypt
and recover hash codeand recover hash code• receiver verifies received message using hash of it and receiver verifies received message using hash of it and
compares with decrypted hash codecompares with decrypted hash code• combination of SHA-1 and RSA provides an effective combination of SHA-1 and RSA provides an effective
digital signature scheme digital signature scheme
ConfidentialityConfidentiality
1.1. sender generates message and 128-bit sender generates message and 128-bit random number as session key for itrandom number as session key for it
2.2. encrypt message using CAST-128 / IDEA / encrypt message using CAST-128 / IDEA / 3DES in CBC mode with session key3DES in CBC mode with session key
3.3. session key encrypted using RSA with session key encrypted using RSA with recipient's public key, & attached to msgrecipient's public key, & attached to msg
4.4. receiver uses RSA with private key to receiver uses RSA with private key to decrypt and recover session keydecrypt and recover session key
5.5. session key is used to decrypt messagesession key is used to decrypt message
Confidentiality & Authentication Confidentiality & Authentication
can use both services on same messagecan use both services on same message create signature & attach to messagecreate signature & attach to message encrypt both message & signatureencrypt both message & signature attach RSA/ElGamal encrypted session keyattach RSA/ElGamal encrypted session key
when both services are used, the sender first when both services are used, the sender first signs the message with its own private key, signs the message with its own private key,
then encrypts the message with a session key, then encrypts the message with a session key, and then encrypts the session key with the and then encrypts the session key with the recipient's public key.recipient's public key.
CompressionCompression
by default PGP compresses message by default PGP compresses message after signing but before encryptingafter signing but before encrypting benefit of saving space both for e-mail benefit of saving space both for e-mail
transmission and for file storage transmission and for file storage & because compression is non deterministic& because compression is non deterministic
uses ZIP compression algorithmuses ZIP compression algorithm
CompatibilityCompatibility
when using PGP will have binary data to send when using PGP will have binary data to send (encrypted message etc)(encrypted message etc)
however email was designed only for texthowever email was designed only for text hence PGP must encode raw binary data into hence PGP must encode raw binary data into
printable ASCII charactersprintable ASCII characters uses radix-64 algorithmuses radix-64 algorithm
maps 3 bytes to 4 printable charsmaps 3 bytes to 4 printable chars also appends a CRCalso appends a CRC
PGP also segments messages if too bigPGP also segments messages if too big
Cryptographic Keys and key ring Cryptographic Keys and key ring of PGPof PGP
PGP makes use of four types of keys: PGP makes use of four types of keys: one-time session symmetric keysone-time session symmetric keys public keyspublic keys private keysprivate keys passphrase-based symmetric keys passphrase-based symmetric keys
Three separate requirements can be identified with Three separate requirements can be identified with respect to these keys: A means of generating respect to these keys: A means of generating unpredictable session keys is needed.unpredictable session keys is needed.
We would like to allow a user to have multiple We would like to allow a user to have multiple public-key/private-key pairs. One reason is that public-key/private-key pairs. One reason is that the user may wish to change his or her key pair the user may wish to change his or her key pair from time to time. from time to time.
Each PGP entity must maintain a file of its own Each PGP entity must maintain a file of its own public/private key pairs as well as a file of public public/private key pairs as well as a file of public keys of correspondents. keys of correspondents.
PGP Session KeysPGP Session Keys
need a session key for each messageneed a session key for each message of varying sizes: 56-bit DES, 128-bit CAST or of varying sizes: 56-bit DES, 128-bit CAST or
IDEA, 168-bit Triple-DESIDEA, 168-bit Triple-DES generated using ANSI X12.17 modegenerated using ANSI X12.17 mode uses random inputs taken from previous uses random inputs taken from previous
uses and from keystroke timing of useruses and from keystroke timing of user
PGP Public & Private KeysPGP Public & Private Keys
since many public/private keys may be in use, since many public/private keys may be in use, need to identify which is actually used to encrypt need to identify which is actually used to encrypt session key in a messagesession key in a message could send full public-key with every messagecould send full public-key with every message but this is inefficientbut this is inefficient
rather use a key identifier based on keyrather use a key identifier based on key is least significant 64-bits of the keyis least significant 64-bits of the key will very likely be uniquewill very likely be unique
also use key ID in signaturesalso use key ID in signatures
PGP Key RingsPGP Key Rings
each PGP user has a pair of keyrings:each PGP user has a pair of keyrings: public-key ring contains all the public-keys of public-key ring contains all the public-keys of
other PGP users known to this user, indexed other PGP users known to this user, indexed by key IDby key ID
private-key ring contains the public/private private-key ring contains the public/private key pair(s) for this user, indexed by key ID & key pair(s) for this user, indexed by key ID & encrypted keyed from a hashed passphraseencrypted keyed from a hashed passphrase
security of private keys thus depends on security of private keys thus depends on the pass-phrase securitythe pass-phrase security
1. 1. Signing the messageSigning the message PGP retrieves the sender's private key from the private-key PGP retrieves the sender's private key from the private-key
ring using your_userid as an index. If your_userid was not ring using your_userid as an index. If your_userid was not provided in the command, the first private key on the ring is provided in the command, the first private key on the ring is retrieved.retrieved.
PGP prompts the user for the passphrase to recover the PGP prompts the user for the passphrase to recover the unencrypted private key.unencrypted private key.
The signature component of the message is constructed.The signature component of the message is constructed.
2. 2. Encrypting the messageEncrypting the message PGP generates a session key and encrypts the message.PGP generates a session key and encrypts the message. PGP retrieves the recipient's public key from the public-key PGP retrieves the recipient's public key from the public-key
ring using her_userid as an index.ring using her_userid as an index. The session key component of the message is constructed.The session key component of the message is constructed.
1. 1. Decrypting the messageDecrypting the messagea)a) PGP retrieves the receiver's private key from the private-key ring, PGP retrieves the receiver's private key from the private-key ring,
using the Key ID field in the session key component of the using the Key ID field in the session key component of the message as an index.message as an index.
b)b) PGP prompts the user for the passphrase to recover the PGP prompts the user for the passphrase to recover the unencrypted private key.unencrypted private key.
c)c) PGP then recovers the session key and decrypts the message.PGP then recovers the session key and decrypts the message.
2. 2. Authenticating the messageAuthenticating the messagea)a) PGP retrieves the sender's public key from the public-key ring, PGP retrieves the sender's public key from the public-key ring,
using the Key ID field in the signature key component of the using the Key ID field in the signature key component of the message as an index.message as an index.
b)b) PGP recovers the transmitted message digest.PGP recovers the transmitted message digest.c)c) PGP computes the message digest for the received message and PGP computes the message digest for the received message and
compares it to the transmitted message digest to authenticate.compares it to the transmitted message digest to authenticate.
PGP Key ManagementPGP Key Management
rather than relying on certificate authoritiesrather than relying on certificate authorities in PGP every user is own CAin PGP every user is own CA
can sign keys for users they know directlycan sign keys for users they know directly
forms a “web of trust”forms a “web of trust” trust keys have signedtrust keys have signed can trust keys others have signed if have a chain of can trust keys others have signed if have a chain of
signatures to themsignatures to them
key ring includes trust indicatorskey ring includes trust indicators users can also revoke their keysusers can also revoke their keys
S/MIME (Secure/Multipurpose S/MIME (Secure/Multipurpose Internet Mail Extensions)Internet Mail Extensions)
security enhancement to MIME emailsecurity enhancement to MIME email original Internet RFC822 email was text onlyoriginal Internet RFC822 email was text only MIME provided support for varying content MIME provided support for varying content
types and multi-part messagestypes and multi-part messages with encoding of binary data to textual formwith encoding of binary data to textual form S/MIME added security enhancementsS/MIME added security enhancements
have S/MIME support in many mail agentshave S/MIME support in many mail agents eg MS Outlook, Mozilla, Mac Mail etceg MS Outlook, Mozilla, Mac Mail etc
MIME specificationMIME specification
includes the following elements:includes the following elements: Five new message header fields are defined. These Five new message header fields are defined. These
fields provide information about the body of the fields provide information about the body of the messagemessage..
• MIME-VersionMIME-Version• Content-TypeContent-Type • Content-Transfer-EncodingContent-Transfer-Encoding • Content-IDContent-ID • Content-DescriptionContent-Description
A number of content formats are defined, thus A number of content formats are defined, thus standardizing representations that support multimedia standardizing representations that support multimedia electronic mail.electronic mail.
Transfer encodings are defined that enable the Transfer encodings are defined that enable the conversion of any content format into a form that is conversion of any content format into a form that is protected from alteration by the mail systemprotected from alteration by the mail system
S/MIME FunctionalityS/MIME Functionality
S/MIME provides the following functions S/MIME provides the following functions enveloped dataenveloped data
encrypted content and associated keysencrypted content and associated keys
signed datasigned data encoded message + signed digestencoded message + signed digest
clear-signed dataclear-signed data cleartext message + encoded signed digestcleartext message + encoded signed digest
signed & enveloped datasigned & enveloped data nesting of signed & encrypted entitiesnesting of signed & encrypted entities
S/MIME Cryptographic S/MIME Cryptographic AlgorithmsAlgorithms
digital signatures: DSS & RSAdigital signatures: DSS & RSA hash functions: SHA-1 & MD5hash functions: SHA-1 & MD5 session key encryption: ElGamal & RSAsession key encryption: ElGamal & RSA message encryption: AES, Triple-DES, message encryption: AES, Triple-DES,
RC2/40 and othersRC2/40 and others MAC: HMAC with SHA-1MAC: HMAC with SHA-1 have process to decide which algs to usehave process to decide which algs to use
S/MIME MessagesS/MIME Messages
S/MIME secures S/MIME secures a MIME entity with a a MIME entity with a signature, encryption, or bothsignature, encryption, or both
forming a MIME wrapped PKCS objectforming a MIME wrapped PKCS object have a range of content-types:have a range of content-types:
enveloped dataenveloped data signed datasigned data clear-signed dataclear-signed data registration requestregistration request certificate only messagecertificate only message
S/MIME Certificate S/MIME Certificate ProcessingProcessing
S/MIME uses X.509 v3 certificatesS/MIME uses X.509 v3 certificates the responsibility is local for maintaining the the responsibility is local for maintaining the
certificates needed to verify incoming signatures certificates needed to verify incoming signatures and to encrypt outgoing messages and to encrypt outgoing messages
managed using a hybrid of a strict X.509 CA managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trusthierarchy & PGP’s web of trust
each client has a list of trusted CA’s certseach client has a list of trusted CA’s certs and own public/private key pairs & certsand own public/private key pairs & certs certificates must be signed by trusted CA’scertificates must be signed by trusted CA’s
User Agent RolUser Agent Rol
An S/MIME user has several key-management An S/MIME user has several key-management functions to perform:functions to perform:
• Key generationKey generation• Registration Registration • Certificate storage and retrieval Certificate storage and retrieval
VeriSign Certificates VeriSign Certificates VeriSign provides three levels, or classes, of security for VeriSign provides three levels, or classes, of security for
public-key certificates public-key certificates For Class 1 Digital IDs, VeriSign confirms the user's e-For Class 1 Digital IDs, VeriSign confirms the user's e-
mail address by sending a PIN and Digital ID pick-up mail address by sending a PIN and Digital ID pick-up information to the e-mail address provided in the information to the e-mail address provided in the application.application.
For Class 2 Digital IDs, VeriSign verifies the information For Class 2 Digital IDs, VeriSign verifies the information in the application through an automated comparison with in the application through an automated comparison with a consumer database in addition to performing all of the a consumer database in addition to performing all of the checking associated with a Class 1 Digital ID. checking associated with a Class 1 Digital ID.
For Class 3 Digital IDs, VeriSign requires a higher level For Class 3 Digital IDs, VeriSign requires a higher level of identity assurance of identity assurance
Certificate AuthoritiesCertificate Authorities
have several well-known CA’shave several well-known CA’s Verisign one of most widely usedVerisign one of most widely used Verisign issues several types of Digital IDsVerisign issues several types of Digital IDs increasing levels of checks & hence trustincreasing levels of checks & hence trust
ClassClass Identity ChecksIdentity Checks UsageUsage
11 name/email checkname/email check web browsing/emailweb browsing/email
22 + enroll/addr check+ enroll/addr check email, subs, s/w email, subs, s/w validatevalidate
33 + ID documents+ ID documents e-banking/service e-banking/service accessaccess