William Stallings, Cryptography and Network Security 5/e

Network Security Essentials Chapter 4 Electronic Mail Security Fourth Fourth Edition Edition by by William William Stallings Stallings Dr. Bremnavas Ismail Mohideen Key Objectives of Chapter 4

To learn about Electronic mail security To understand PGP and its operation To learn about S/MIME and its functionalities There are two main schemes which are especially designed to provide confidentiality and authentication for electronic mail systems. PGP : Pretty Good Privacy S/MIME : Secure/Multipurpose Internet Mail Extension

Pretty Good Privacy (PGP) Provides a confidentiality and authentication service that can be used for electronic mail and file storage applications Developed by Phil Zimmermann Selected the best available cryptographic algorithms as building blocks Integrated these algorithms into a general-purpose application Made the package and its documentation, including the source code, freely available via the Internet, bulletin boards, and commercial networks Entered into an agreement with a company to provide a fully compatible, low-cost commercial version of PGP PGP Growth

It is available free worldwide in versions that run on a variety of platforms The commercial version satisfies users who want a product that comes with vendor support It is based on algorithms that have survived extensive public review and are considered extremely secure It has a wide range of applicability It was not developed by, nor is it controlled by, any governmental or standards organization Is now on an Internet standards track, however it still has an aura of an antiestablishment endeavor PGP Operation Digital Signatures (Authentication only)

Classical application of public key crypto This figure is actually for RSA for DSA refer to previous lectures Z is zip function radix-64 conversion is done after zip at sender, before Z-1 at receiver may be done only for signature or for the whole message PGP Operation Confidentiality E[PUb, Ks] One-time session key, Ks generated at random encrypted using a public key cryptosystem, EP RSA or ElGamal

Message is compressed before encryption This is the default case PGP Operation Confidentiality and Authentication uses both services on same message create signature and attach to message compress and encrypt both message & signature attach encrypted session key

radix-64 conversion is for everything at the end Summary of PGP Services Secure/Multipurpose Internet Mail Extension (S/MIME) A security enhancement to the MIME Internet e-mail format standard based on technology from RSA Data Security Defined in: RFCs 3370, 3850, 3851, 3852 A standard way for email encryption and signing IETF effort (RFCs 2632, 2633 for version 3.0; RFCs 3850, 3851 for version 3.1; 5750, 5751 for version 3.2) Industry support Not a standalone software, a system that is to be supported by

email clients such as MS Outlook and Thunderbird Quick E-mail History SMTP and RFC 822 only ASCII messages (7-bit) MIME (Multipurpose Internet Mail Extensions) content type Almost any type of information can appear in an email message transfer encoding specifies how the message body is encoded into textual form (radix64 is common)

S/MIME: Secure MIME new content types, like signature, encrypted data Multipurpose Internet Mail Extensions (MIME) An extension to the RFC 5322 framework that is intended to address some of the problems and limitations of the use of Simple Mail Transfer Protocol (SMTP) Is intended to resolve these problems in a manner that is compatible with existing RFC 5322 implementations The specification is provided in RFCs 2045 through 2049 The Five Header Fields Defined in MIME MIME-Version Must have the parameter value 1.0 This field indicates that the message conforms to RFCs 2045 and 2046

Content-Type Describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user or otherwise deal with the data in an appropriate manner Content-Transfer-Encoding Indicates the type of transformation that has been used to represent the body of the message in a way that is acceptable for mail transport Content-ID Used to identify MIME entities uniquely in multiple contexts Content-Description A text description of the object with the body; this is useful when the object is not readable

MIME Content Types S/MIME Functionality Signed data A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer The content plus signature are then encoded using base64 encoding A signed data message can only be

viewed by a recipient with S/MIME capability Clear-signed data Signed and enveloped data S/MIME Only the digital signature is Signed-only and encrypted-only encoded using base64 entities may be nested, so that encrypted data may be signed and As a result recipients without signed data or clear-signed data S/MIME capability can view the may be encrypted message content, although they

cannot verify the signature Enveloped data Consists of encrypted content of any type and encrypted content encryption keys for one or more recipients Cryptograp hic Algorithms Used in S/MIME S/MIME Certificate Processing

S/MIME uses public-key certificates that conform to version 3 of X.509 The key-management scheme used by S/MIME is in some ways a hybrid between a strict X.509 certification hierarchy and PGPs web of trust S/MIME managers and/or users must configure each client with a list of trusted keys and with certificate revocation lists The responsibility is local for maintaining the certificates needed to verify incoming signatures and to encrypt outgoing messages The certificates are signed by certification authorities User Agent Role An S/MIME user has several key-management

functions to perform: Key generation Registration The user of some related administrative utility must be capable of generating separate Diffie-Hellman and DSS key pairs and should be capable of generating RSA key pairs A users public key must be registered

with a certification authority in order to receive an X.509 public-key certificate A user agent should generate RSA key pairs with a length in the range of 768 to 1024 bits and must not generate a length of less than 512 bits Certificate storage and retrieval

A user requires access to a local list of certificates in order to verify incoming signatures and to encrypt outgoing messages VeriSign Certificates VeriSign provides a certification authority (CA) service that is intended to be compatible with S/MIME and a variety of other applications Issues X.509 certificates with the product name VeriSign Digital ID At a minimum, each Digital ID contains:

Owners public key Owners name or alias Expiration date of the Digital ID Serial number of the Digital ID Name of the certification authority that issued the Digital ID Digital signature of the certification authority that issued the Digital ID Address E-Mail Address Basic Registration information (country, zipcode,age and

gender) Summary Pretty good privacy Notation Operational description S/MIME RFC 5322 Multipurpose Internet mail extensions S/MIME functionality S/MIME messages S/MIME certification processing

Enhanced security services

Recently Viewed Presentations



    Distinguish between metals, nonmetals, and metalloids. Elements. A substance that cannot be separated or broken down into simpler substances. Pure substance - only has one type of particle (atoms). Every atom in a piece of gold is the same, no...
  • Slide 4

    Slide 4

    Kensington Village Retirement/Nursing Home. December 2015. 2014Ai. Kensington Village Mission Statement: Providing "Resident First" Care. GREETINGS FROM . THE KITCHEN ! With the holiday season upon us, the whole Dietary team would like to wish all of the residents and...
  • Essential Question:How are elements, compounds, and mixtures ...

    Essential Question:How are elements, compounds, and mixtures ...

    Elements, Compounds, and Mixtures Matching Pairs Activity[see resources] Instructional Approach(s): Students can work individually or in small groups (2-3) to complete the matching pairs activity [linked on the matter resource page].
  • And of clay are we created

    And of clay are we created

    (washing machines, lawn mowers, tape recorders etc.) Work once, usually for the first few hours after being brought home, and then never work again ... As Rolf sang an Austrian song, he remembered his sore experience of being led by...
  • Chapter 39: Plant Communication - BEHS Science

    Chapter 39: Plant Communication - BEHS Science

    Arial Times New Roman Wingdings Beam Bitmap Image Chapter 39: Plant Communication Plants and their Environments Hormones Chemical Signals Tropisms Phototropism Phototropism is a Hormonal Response Auxins - Plant Growth Hormone Slide 8 Slide 9 Auxins Cytokinins Gibberellins Seed Dormancy...
  • Nutrition in Care Homes for People with Diabetes

    Nutrition in Care Homes for People with Diabetes

    Benefits of using MUST. Easy to use, rapid and reproducible. Any care worker can be trained to use 'MUST' Can be used with patients who can't be weighed and measured. Available on line from www.bapen.org, as well as paper format...
  • Prefixes - Pacoima Charter Elementary School

    Prefixes - Pacoima Charter Elementary School

    Prefixes reading standard=1.8 Use knowledge of prefixes to determine the meaning of words. Today we are going to use prefixes to determine the meaning of words.
  • Setting up a CST Training Program How to

    Setting up a CST Training Program How to

    Also have a knowledge of proper record keeping, time keeping, and job charges. Be able to coordinate and supervise field work, staking and stake marking for a variety of standard types for survey. Have a general familiarity with local and...