William Stallings, Cryptography and Network Security 5/e

William Stallings, Cryptography and Network Security 5/e

Network Security Essentials Chapter 4 Electronic Mail Security Fourth Fourth Edition Edition by by William William Stallings Stallings Dr. Bremnavas Ismail Mohideen Key Objectives of Chapter 4

To learn about Electronic mail security To understand PGP and its operation To learn about S/MIME and its functionalities There are two main schemes which are especially designed to provide confidentiality and authentication for electronic mail systems. PGP : Pretty Good Privacy S/MIME : Secure/Multipurpose Internet Mail Extension

Pretty Good Privacy (PGP) Provides a confidentiality and authentication service that can be used for electronic mail and file storage applications Developed by Phil Zimmermann Selected the best available cryptographic algorithms as building blocks Integrated these algorithms into a general-purpose application Made the package and its documentation, including the source code, freely available via the Internet, bulletin boards, and commercial networks Entered into an agreement with a company to provide a fully compatible, low-cost commercial version of PGP PGP Growth

It is available free worldwide in versions that run on a variety of platforms The commercial version satisfies users who want a product that comes with vendor support It is based on algorithms that have survived extensive public review and are considered extremely secure It has a wide range of applicability It was not developed by, nor is it controlled by, any governmental or standards organization Is now on an Internet standards track, however it still has an aura of an antiestablishment endeavor PGP Operation Digital Signatures (Authentication only)

Classical application of public key crypto This figure is actually for RSA for DSA refer to previous lectures Z is zip function radix-64 conversion is done after zip at sender, before Z-1 at receiver may be done only for signature or for the whole message PGP Operation Confidentiality E[PUb, Ks] One-time session key, Ks generated at random encrypted using a public key cryptosystem, EP RSA or ElGamal

Message is compressed before encryption This is the default case PGP Operation Confidentiality and Authentication uses both services on same message create signature and attach to message compress and encrypt both message & signature attach encrypted session key

radix-64 conversion is for everything at the end Summary of PGP Services Secure/Multipurpose Internet Mail Extension (S/MIME) A security enhancement to the MIME Internet e-mail format standard based on technology from RSA Data Security Defined in: RFCs 3370, 3850, 3851, 3852 A standard way for email encryption and signing IETF effort (RFCs 2632, 2633 for version 3.0; RFCs 3850, 3851 for version 3.1; 5750, 5751 for version 3.2) Industry support Not a standalone software, a system that is to be supported by

email clients such as MS Outlook and Thunderbird Quick E-mail History SMTP and RFC 822 only ASCII messages (7-bit) MIME (Multipurpose Internet Mail Extensions) content type Almost any type of information can appear in an email message transfer encoding specifies how the message body is encoded into textual form (radix64 is common)

S/MIME: Secure MIME new content types, like signature, encrypted data Multipurpose Internet Mail Extensions (MIME) An extension to the RFC 5322 framework that is intended to address some of the problems and limitations of the use of Simple Mail Transfer Protocol (SMTP) Is intended to resolve these problems in a manner that is compatible with existing RFC 5322 implementations The specification is provided in RFCs 2045 through 2049 The Five Header Fields Defined in MIME MIME-Version Must have the parameter value 1.0 This field indicates that the message conforms to RFCs 2045 and 2046

Content-Type Describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user or otherwise deal with the data in an appropriate manner Content-Transfer-Encoding Indicates the type of transformation that has been used to represent the body of the message in a way that is acceptable for mail transport Content-ID Used to identify MIME entities uniquely in multiple contexts Content-Description A text description of the object with the body; this is useful when the object is not readable

MIME Content Types S/MIME Functionality Signed data A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer The content plus signature are then encoded using base64 encoding A signed data message can only be

viewed by a recipient with S/MIME capability Clear-signed data Signed and enveloped data S/MIME Only the digital signature is Signed-only and encrypted-only encoded using base64 entities may be nested, so that encrypted data may be signed and As a result recipients without signed data or clear-signed data S/MIME capability can view the may be encrypted message content, although they

cannot verify the signature Enveloped data Consists of encrypted content of any type and encrypted content encryption keys for one or more recipients Cryptograp hic Algorithms Used in S/MIME S/MIME Certificate Processing

S/MIME uses public-key certificates that conform to version 3 of X.509 The key-management scheme used by S/MIME is in some ways a hybrid between a strict X.509 certification hierarchy and PGPs web of trust S/MIME managers and/or users must configure each client with a list of trusted keys and with certificate revocation lists The responsibility is local for maintaining the certificates needed to verify incoming signatures and to encrypt outgoing messages The certificates are signed by certification authorities User Agent Role An S/MIME user has several key-management

functions to perform: Key generation Registration The user of some related administrative utility must be capable of generating separate Diffie-Hellman and DSS key pairs and should be capable of generating RSA key pairs A users public key must be registered

with a certification authority in order to receive an X.509 public-key certificate A user agent should generate RSA key pairs with a length in the range of 768 to 1024 bits and must not generate a length of less than 512 bits Certificate storage and retrieval

A user requires access to a local list of certificates in order to verify incoming signatures and to encrypt outgoing messages VeriSign Certificates VeriSign provides a certification authority (CA) service that is intended to be compatible with S/MIME and a variety of other applications Issues X.509 certificates with the product name VeriSign Digital ID At a minimum, each Digital ID contains:

Owners public key Owners name or alias Expiration date of the Digital ID Serial number of the Digital ID Name of the certification authority that issued the Digital ID Digital signature of the certification authority that issued the Digital ID Address E-Mail Address Basic Registration information (country, zipcode,age and

gender) Summary Pretty good privacy Notation Operational description S/MIME RFC 5322 Multipurpose Internet mail extensions S/MIME functionality S/MIME messages S/MIME certification processing

Enhanced security services

Recently Viewed Presentations

  • Marbury v. Madison (1803)

    Marbury v. Madison (1803)

    Marbury v. Madison (1803) During Adams' "lame duck" period, he appoints several . Federalist. justices to the court system. It was the duty of Adams' Secretary of State, John Marshall, to deliver the " commission " (a document granting authority....
  • UK Marketing Committee 18th January 2007 Offices of

    UK Marketing Committee 18th January 2007 Offices of

    ABB Trevor Kirtley Adaptflex Paul Gretton Applied Energy Joe Barrasso Philips Paul Harwood Dimplex Karen Trewick Prysmian Julie Mould Draka Martin Dale / Mark Froggatt Schneider Becky Guest Fluke Ken West Thorn Helen Morris ITW-SPIT David Lorrison Vent Axia Joanne...
  • THE CARBON CYCLE What Is Carbon?  An element

    THE CARBON CYCLE What Is Carbon? An element

    Carbon Cycle Diagram Carbon in Oceans Additional carbon is stored in the ocean. Many animals pull carbon from water to use in shells, etc. Animals die and carbon substances are deposited at the bottom of the ocean. Oceans contain earth's...
  • Rounded Rectangles

    Rounded Rectangles

    Eddie Revuelta Jessica Salzman Linda Heu ... Morand S, Gemignani A, Décorps M, Jeannerod M. Inserm U438, CHU de Grenoble, France. The role of the primary motor cortex (M1) during mental simulation of movement is open to debate. In the...
  • An Analysis of Direct Reciprocal Borrowing Among CRÉPUQ Libraries

    An Analysis of Direct Reciprocal Borrowing Among CRÉPUQ Libraries

    An Analysis of Direct Reciprocal Borrowing Among CRePUQ Libraries. Joanna Duy, Associate Librarian, ... Is the amount of direct reciprocal borrowing activity related to the size of the library's collection, student size, or physical distance from other libraries? ... UQ...
  • 15 Minute Timer Use for: Pick a slide

    15 Minute Timer Use for: Pick a slide

    15 Minute Timer. Pick a slide for the minutes you want to set. Start the PowerPoint. (slide show, start from current slide) Slides will change every minute counting down to 0 minutes. Everyone in the room will know how much...
  • Ling 390 - Intro to Linguistics - Winter 2005 Class 1 ...

    Ling 390 - Intro to Linguistics - Winter 2005 Class 1 ...

    Show u~a alternation Ch 8 - Morphophonemic Analysis 2nd is better because it doesn't change wankan to wankun Ch 8 - Morphophonemic Analysis Based on these data, we can say that final vowel lowering applied to both front and back...
  • ECOTOURISM by NICOLE, JULIE, JUSTIN & TOMMY

    ECOTOURISM by NICOLE, JULIE, JUSTIN & TOMMY

    ECOTOURISM by NICOLE, JULIE, JUSTIN & TOMMY ... Ecotourism Destinations Brazil Costa Rica Kenya US Virgin Islands Do some research: The biggest tour operators all have rules about labor conditions, but it's hard to know what they do to ensure...