Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. [email protected] 1 NETE0519-ITEC4614

Lecture 07 PGP and S/MIME

Asst.Prof.Supakorn Kungpisdan, [email protected]

1NETE0519-ITEC4614

NETE0519-ITEC4614 2

Overview of Emails Email Services and Security PGP (Pretty Good Privacy) S/MIME

Roadmap

NETE0519-ITEC4614 3

Overview of Electronic MailThree major components: user agents (UAs) mail servers simple mail transfer protocol: SMTP

Mail Transfer Agents (MTAs)

User Agent Known as “mail reader” composing, editing, reading mail messages e.g., Eudora, MS Outlook, Outlook

Express, Netscape Messenger outgoing, incoming messages stored on

server

user mailbox

outgoing message queue

mailserver

useragent

useragent

useragent

mailserver

useragent

useragent

mailserver

useragent

SMTP

SMTP

SMTP

NETE0519-ITEC4614 4

Mail Servers mailbox contains incoming messages

for user message queue of outgoing (to be

sent) mail messages

SMTP protocol Deliver emails from user agent

to user’s mail server Deliver emails between mail

servers

mailserver

useragent

useragent

useragent

mailserver

useragent

useragent

mailserver

useragent

SMTP

SMTP

SMTP

Electronic Mail (cont.)

NETE0519-ITEC4614 5

SMTP Protocol Uses TCP to reliably transfer email message from

client to server, port 25 Direct transfer: sending server to receiving server via

many Mail Transfer Agents (MTAs)

useragent

mailserver

mailserver user

agent

1

2 3 4 56

NETE0519-ITEC4614 6

Mail Access Protocols

SMTP: delivery/storage to receiver’s server Mail access protocol: retrieval from server

POP: Post Office Protocol [RFC 1939] authorization (agent <--> server) and download

IMAP: Internet Mail Access Protocol [RFC 1730] more features (more complex) manipulation of stored messages on server

HTTP (web-based email): Hotmail , Yahoo! Mail, etc.

useragent

sender’s mail server

useragent

SMTP SMTP accessProtocol

POP3, IMAP, or HTTP

receiver’s mail server

NETE0519-ITEC4614 7

POP3 (more) and IMAPMore about POP3 2 modes of operations: “download

and delete” and “download and keep”

Previous example uses “download and delete” mode.

Bob cannot re-read e-mail if he changes client machine

“Download-and-keep”: copies of messages on different clients

POP3 is stateless across sessions

IMAP Keep all messages in one

place: the server Allows user to organize

messages in folders: inbox, sent items, draft

IMAP keeps user state across sessions: names of folders and

mappings between message IDs and folder name

NETE0519-ITEC4614 8

Overview of Email Email Services and Security PGP (Pretty Good Privacy) S/MIME

Roadmap

NETE0519-ITEC4614 9

Email Security

email is one of the most widely used and regarded network services

currently message contents are not secure may be inspected either in transit or by suitably privileged users on destination system

NETE0519-ITEC4614 10

Email Security Enhancements

confidentiality protection from disclosure

Message authentication of sender of message

message integrity protection from modification

non-repudiation of origin protection from denial by sender


Overview of Email Email Services and Security PGP S/MIME

Roadmap


Pretty Good Privacy (PGP)

developed by Phil Zimmermann widely used de facto secure email provides confidentiality and authentication services for

email and file storage applications. selected best available crypto algs to use integrated into a single program on Unix, PC, Macintosh and other systems originally free, now also have commercial versions

available


Summary of PGP Services


Authentication

Use SHA-1/RSA or SHA-1/DSS Signature can be detached from the message

To log signature To use when more than one party must sign the document e.g. contract

signing

compression decompression


Confidentiality

Use symmetric-key encryption e.g. CAST-128, IDEA, or 3DES Sender generates a 128-bit key (used only one time) and encrypts

with receiver’s public key Use RSA or encryption using DH (called “Elgamal”) for encryption

Symmetric key

Symmetric encryption

Public-key encryption


Confidentiality and Authentication

Append signature to the message and encrypt using a session key The session key then is encrypted with receiver’s public key


Compression

PGP compresses a message after signing but before encryption Use ZIP as compression algorithm Signature is generated before compression

Can store uncompressed message and signature for future verification Different versions of compression algos provide different quality and

formats Applying hash function and signature after compression would constrain PGP

implementation

Encryption after compression strengthens cryptographic security Less redundancy, more difficult to cryptanalysis


Email Compatibility

when using PGP will have binary data to send (encrypted message etc)

however email was designed only for text hence PGP must encode raw binary data into printable ASCII

characters uses radix-64 algorithm

maps 3 bytes to 4 printable chars also appends a CRC

PGP also segments messages if too big


Segmentation and Reassembly

Email normally has max length of 50,000 characters PGP provides segmentation of email messages after radix-

64 conversion Session-key component and signature appear only once at the

beginning of the first segment At receiving end, PGP removes headers and reassemble

segments


PGP Operation – Summary


Cryptographic Keys and Key Rings

Four types of keys used: One-time session symmetric keys Public keys Private keys Passphrase-based symmetric keys


Session Key Generation

Each session key is used only once to encrypt and decrypt a message.

Different algos use different lengths of keys: 128 bits for CAST-128 and IDEA 168 bits or 3DES

uses random inputs taken from previous uses and from keystroke timing of user


PGP Key Rings

each PGP user has a pair of keyrings: public-key ring contains all the public-keys of other PGP users

known to this user, indexed by key ID private-key ring contains the public/private key pair(s) for this

user, indexed by key ID & encrypted keyed from a hashed passphrase

security of private keys thus depends on the pass-phrase security


PGP Message Generation


PGP Message Reception


PGP Key Management

rather than relying on certificate authorities in PGP every user is own CA

can sign keys for users they know directly forms a “web of trust”

trust keys have signed can trust keys others have signed if have a chain of signatures

to them key ring includes trust indicators users can also revoke their keys


Overview of Email Email Services and Security PGP (Pretty Good Privacy) S/MIME

Roadmap


S/MIME

Secure Multi-purpose Internet Mail Extension security enhancement to MIME email

original Internet RFC822 email was text only MIME provided support for varying content types and multi-

part messages with encoding of binary data to textual form S/MIME added security enhancements

have S/MIME support in many mail agents eg MS Outlook, Mozilla, Mac Mail etc


Mail Message FormatRFC 822: standard for text

message format: header lines, e.g.,

To: From: Subject:

body the “message”, 7-bit ASCII

characters only

header

body

blankline


Enable sending multimedia messages or attachments with non-ASCII format

Additional lines in msg header declare MIME content type

From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg

base64 encoded data ..... ......................... ......base64 encoded data

multimedia datatype, subtype,

parameter declaration

method usedto encode data

MIME version

encoded data

MIME


The Received Message

Received: from crepes.fr by hamburger.edu; 12 Oct 98 15:27:39 GMT

From: [email protected]

To: [email protected]

Subject: Picture of yummy crepe.

MIME-Version: 1.0

Content-Transfer-Encoding: base64

Content-Type: image/jpeg

base64 encoded data . . . . .

. . . .. . . . .. . . . .

. . . . Base64 encoded data


MIME Content Types

text/plain

image/jpeg


MIME Transfer Encodings


S/MIME Functionality

Getting a digital ID for emails Enveloped data

Consist of encrypted content and encrypted encryption key Signed data

Hash then sign with private key of signer then encode with base64 Can be viewed only by a S/MIME supported recipient

Clear-signed data Only signature is encoded with base64 Non-S/MIME user can view, but not verify it


S/MIME Cryptographic Algorithms

digital signatures: DSS & RSA hash functions: SHA-1 & MD5 session key encryption: ElGamal & RSA message encryption: AES, Triple-DES, RC2/40 and others MAC: HMAC with SHA-1 have process to decide which algs to use


Rules of Sending Agents

1. If sending agent (SA) has a list of preferred decrypting algos from receiver, SA SHOULD choose the first on the list.

2. IF SA has no such list but received encrypted msgs, SA SHOULD use the same encryption algo that was used on the last message received.

3. If SA has no knowledge and want to take the risk, SA uses 3DES


S/MIME Content Types

Special types based on public-key cryptography.


Securing a MIME Entity

Use signature, encryption, or both MIME entity plus some security-related data e.g. algo identifiers and

certificates are processed by S/MIME to produce a “PKCS” object The PKCS object is then wrapped in MIME. It is converted into 7-bit ASCII by base64 Types

EnvelopedData SignedData Clear Signing etc.


EnvelopedData Application/pkcs7-mime is used Each resulting entity (an object) is represented in a form of Basic Encoding Rules (BER)

(e.g. binary format). BER is then converted to ASCII by base64

Process1. Generate a pseudorandom session key2. Encrypt the session key with recipient’s public key3. Prepare a block of RecipientInfo

contains ID of recipient’s cert, ID of encryption algos, and encrypted session key4. Encrypt the message with the session key

RecipientInfo + encrypted content = envelopedData envelopedData is then encoded into base64


EnvelopedData (cont.)

Content-Type: application/pkcs7-mime;

smime-type=enveloped-data; name-smime.p7m


Content-Disposition: attachment;

filename=smime.p7m

Fdskfjhglasfhgksd4nkdfngiewksa4dnfk76sdgklsdnfksldfjbvfsldkfvlskdnfvlks4dnf2lkvs3ndflkvsdnvskdfvnksldnfvklsdnvks9ldnvlksnkadlnslkn3dlsknfskldnflksdnflvsdnlklkdsnvlksdnlskdnkdfslfnvsfq

Recipient converts back to binary and decrypts the session key using his/her private key, and decrypts the message using the session key


SignedData

signedData can be used with one or more signers.Process1. Select a hash algo (SHA or MD5)2. Computer hash value of the content3. Sign the hash value using signer’s private key4. Prepare block of SignerInfo that contains

Signer’s cert including a set of necessary certs to trace root CA ID of hash algo, ID of encryption algo, encrypted hash value

5. signedData = hash ID, the message, SignerInfo6. signedData is then converted into base64


SignedData (cont.)

Content-Type: application/pkcs7-mime;

smime-type=signed-data; name-smime.p7m


Content-Disposition: attachment;

filename=smime.p7m

Sdflgnsnbdsflkdvlsmvldsldsn4ssdlfkmvldsfmvfadmfvsmfaadnva/vlsadnvfkadnvskjdnfvlsfdvmqaanfsd4kjdnvsdfnvskdjnfv534ksdjnfdsnfdkdjfsjh5sdhklsjhgskjghiwuerhwjenfkjnfkjshdfjksdgvjksdvjskdfvnsjdkf5

To verify signature, convert back to binary, use the signer’s public key to decrypt the hash value. Then compare the hash values


Clear Signing

The message is sent in clear for non-S/MIME user. A multipart/signed message has two parts

MIME: if not in 7-bit ASCII, converted into ASCII Signed MIME: processed in the same manner as signedData


Clear Signing (cont’d)Content-Type: multipart/signed;

protocol=“application/pkcs7-signature”;

micalg=sha1; boundary=boundary42

--boundary42

Content-Type: text/plain

This is a clear-signed message.

--boundary42

Content-Type: application/pkcs7-signature;

name=smime.p7s


Content-Disposition: attachment; filename=smime.p7s

Sdflgnsnbdsflkdvlsmvldsldsn4ssdlfkmvldsfmvfadmfvsmfaadnva/vlsadnvfkadnvskjdnfvlsfdvmqaanfsd4kjdnvsdfnvskdjnfv534ksdjnfdsnfdkdjfsjh5sdhklsjhgskjghiwuerhwjenfkjn

--boundary42--

This email has many parts


Questions?

Quiz

จงเสนอวิ�ธีการร�กษาควิามม��นคงปลอดภั�ยของการใช้�งาน email ส�าหร�บองค กรขนาดใหญ่" โดยที่�มข�อก�าหนดวิ"าผู้&�ใช้�ใช้�งานผู้"าน smart device ที่�มควิามสามารถในการค�านวิณต่ำ��า


Documents

Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. [email protected] 1 NETE0519-ITEC4614