1 / 47

Lecture 07 PGP and S/MIME

Lecture 07 PGP and S/MIME. Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th. Roadmap. Overview of Emails Email Services and Security PGP (Pretty Good Privacy) S/MIME. Three major components: user agents (UAs) mail servers simple mail transfer protocol: SMTP Mail Transfer Agents (MTAs)

mac
Download Presentation

Lecture 07 PGP and S/MIME

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITEC4621 Network Security Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th

  2. ITEC4621 Network Security Roadmap • Overview of Emails • Email Services and Security • PGP (Pretty Good Privacy) • S/MIME

  3. ITEC4621 Network Security Three major components: user agents (UAs) mail servers simple mail transfer protocol: SMTP Mail Transfer Agents (MTAs) User Agent Known as “mail reader” composing, editing, reading mail messages e.g., Eudora, MS Outlook, Outlook Express, Netscape Messenger outgoing, incoming messages stored on server user agent user agent user agent user agent user agent user agent SMTP SMTP SMTP mail server mail server mail server outgoing message queue user mailbox Overview of Electronic Mail

  4. ITEC4621 Network Security Mail Servers mailbox contains incoming messages for user messagequeue of outgoing (to be sent) mail messages SMTP protocol Deliver emails from user agent to user’s mail server Deliver emails between mail servers user agent user agent user agent user agent user agent user agent SMTP SMTP SMTP mail server mail server mail server Electronic Mail (cont.)

  5. ITEC4621 Network Security Uses TCP to reliably transfer email message from client to server, port 25 Direct transfer: sending server to receiving server via many Mail Transfer Agents (MTAs) user agent user agent mail server mail server SMTP Protocol 1 2 6 3 4 5

  6. ITEC4621 Network Security SMTP: delivery/storage to receiver’s server Mail access protocol: retrieval from server POP: Post Office Protocol [RFC 1939] authorization (agent <--> server) and download IMAP: Internet Mail Access Protocol [RFC 1730] more features (more complex) manipulation of stored messages on server HTTP (web-based email): Hotmail , Yahoo! Mail, etc. user agent user agent sender’s mail server SMTP Mail Access Protocols SMTP access Protocol POP3, IMAP, or HTTP receiver’s mail server

  7. ITEC4621 Network Security More about POP3 2 modes of operations: “download and delete” and “download and keep” Previous example uses “download and delete” mode. Bob cannot re-read e-mail if he changes client machine “Download-and-keep”: copies of messages on different clients POP3 is stateless across sessions IMAP Keep all messages in one place: the server Allows user to organize messages in folders: inbox, sent items, draft IMAP keeps user state across sessions: names of folders and mappings between message IDs and folder name POP3 (more) and IMAP

  8. ITEC4621 Network Security Roadmap • Overview of Email • Email Services and Security • PGP (Pretty Good Privacy) • S/MIME

  9. ITEC4621 Network Security Email Security • email is one of the most widely used and regarded network services • currently message contents are not secure • may be inspected either in transit • or by suitably privileged users on destination system

  10. ITEC4621 Network Security Email Security Enhancements • confidentiality • protection from disclosure • authentication • of sender of message • message integrity • protection from modification • non-repudiation of origin • protection from denial by sender

  11. ITEC4621 Network Security Roadmap • Overview of Email • Email Services and Security • PGP • S/MIME

  12. ITEC4621 Network Security Pretty Good Privacy (PGP) • developed by Phil Zimmermann • widely used de facto secure email • provides confidentiality and authentication services for email and file storage applications. • selected best available crypto algs to use • integrated into a single program • on Unix, PC, Macintosh and other systems • originally free, now also have commercial versions available

  13. ITEC4621 Network Security Summary of PGP Services

  14. ITEC4621 Network Security Authentication • Use SHA-1/RSA or SHA-1/DSS • Signature can be detached from the message • To log signature • To use when more than one party must sign the document e.g. contract signing compression decompression

  15. ITEC4621 Network Security Confidentiality • Use symmetric-key encryption e.g. CAST-128, IDEA, or 3DES • Sender generates a 128-bit key (used only one time) and encrypts with receiver’s public key • Use RSA or encryption using DH (called “Elgamal”) for encryption Symmetric key Public-key encryption Symmetric encryption

  16. ITEC4621 Network Security Confidentiality and Authentication • Append signature to the message and encrypt using a session key • The session key then is encrypted with receiver’s public key

  17. ITEC4621 Network Security Compression • PGP compresses a message after signing but before encryption • Use ZIP as compression algorithm • Signature is generated before compression • Can store uncompressed message and signature for future verification • Different versions of compression algos provide different quality and formats • Applying hash function and signature after compression would constrain PGP implementation • Encryption after compression strengthens cryptographic security • Less redundancy, more difficult to cryptanalysis

  18. ITEC4621 Network Security Email Compatibility • when using PGP will have binary data to send (encrypted message etc) • however email was designed only for text • hence PGP must encode raw binary data into printable ASCII characters • uses radix-64 algorithm • maps 3 bytes to 4 printable chars • also appends a CRC • PGP also segments messages if too big

  19. ITEC4621 Network Security Segmentation and Reassembly • Email normally has max length of 50,000 characters • PGP provides segmentation of email messages after radix-64 conversion • Session-key component and signature appear only once at the beginning of the first segment • At receiving end, PGP removes headers and reassemble segments

  20. ITEC4621 Network Security PGP Operation – Summary

  21. ITEC4621 Network Security Cryptographic Keys and Key Rings • Four types of keys used: • One-time session symmetric keys • Public keys • Private keys • Passphrase-based symmetric keys

  22. ITEC4621 Network Security Session Key Generation • Each session key is used only once to encrypt and decrypt a message. • Different algos use different lengths of keys: • 128 bits for CAST-128 and IDEA • 168 bits or 3DES • uses random inputs taken from previous uses and from keystroke timing of user

  23. ITEC4621 Network Security PGP Key Rings • each PGP user has a pair of keyrings: • public-key ring contains all the public-keys of other PGP users known to this user, indexed by key ID • private-key ring contains the public/private key pair(s) for this user, indexed by key ID & encrypted keyed from a hashed passphrase • security of private keys thus depends on the pass-phrase security

  24. ITEC4621 Network Security PGP Message Generation

  25. ITEC4621 Network Security PGP Message Reception

  26. ITEC4621 Network Security PGP Key Management • rather than relying on certificate authorities • in PGP every user is own CA • can sign keys for users they know directly • forms a “web of trust” • trust keys have signed • can trust keys others have signed if have a chain of signatures to them • key ring includes trust indicators • users can also revoke their keys

  27. ITEC4621 Network Security Roadmap • Overview of Email • Email Services and Security • PGP (Pretty Good Privacy) • S/MIME

  28. ITEC4621 Network Security S/MIME • Secure Multi-purpose Internet Mail Extension • security enhancement to MIME email • original Internet RFC822 email was text only • MIME provided support for varying content types and multi-part messages • with encoding of binary data to textual form • S/MIME added security enhancements • have S/MIME support in many mail agents • eg MS Outlook, Mozilla, Mac Mail etc

  29. ITEC4621 Network Security RFC 822: standard for text message format: header lines, e.g., To: From: Subject: body the “message”, 7-bit ASCII characters only Mail Message Format header blank line body

  30. ITEC4621 Network Security Enable sending multimedia messages or attachments with non-ASCII format Additional lines in msg header declare MIME content type MIME From: alice@crepes.fr To: bob@hamburger.edu Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg base64 encoded data ..... ......................... ......base64 encoded data MIME version method used to encode data multimedia data type, subtype, parameter declaration encoded data

  31. ITEC4621 Network Security The Received Message Received: from crepes.fr by hamburger.edu; 12 Oct 98 15:27:39 GMT From: alice@crepe.fr To: bob@hamburger.edu Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg base64 encoded data . . . . . . . . .. . . . .. . . . . . . . . Base64 encoded data

  32. ITEC4621 Network Security MIME Content Types text/plain image/jpeg

  33. ITEC4621 Network Security MIME Transfer Encodings

  34. ITEC4621 Network Security S/MIME Functionality • Getting a digital ID for emails • Enveloped data • Consist of encrypted content and encrypted encryption key • Signed data • Hash then sign with private key of signer then encode with base64 • Can be viewed only by a S/MIME supported recipient • Clear-signed data • Only signature is encoded with base64 • Non-S/MIME user can view, but not verify it

  35. ITEC4621 Network Security S/MIME Cryptographic Algorithms • digital signatures: DSS & RSA • hash functions: SHA-1 & MD5 • session key encryption: ElGamal & RSA • message encryption: AES, Triple-DES, RC2/40 and others • MAC: HMAC with SHA-1 • have process to decide which algs to use

  36. ITEC4621 Network Security Rules of Sending Agents • If sending agent (SA) has a list of preferred decrypting algos from receiver, SA SHOULD choose the first on the list. • IF SA has no such list but received encrypted msgs, SA SHOULD use the same encryption algo that was used on the last message received. • If SA has no knowledge and want to take the risk, SA uses 3DES

  37. ITEC4621 Network Security S/MIME Content Types • Special types based on public-key cryptography.

  38. ITEC4621 Network Security Securing a MIME Entity • Use signature, encryption, or both • MIME entity plus some security-related data e.g. algo identifiers and certificates are processed by S/MIME to produce a “PKCS” object • The PKCS object is then wrapped in MIME. • It is converted into 7-bit ASCII by base64 • Types • EnvelopedData • SignedData • Clear Signing • etc.

  39. ITEC4621 Network Security EnvelopedData • Application/pkcs7-mime is used • Each resulting entity (an object) is represented in a form of Basic Encoding Rules (BER) (e.g. binary format). • BER is then converted to ASCII by base64 Process • Generate a pseudorandom session key • Encrypt the session key with recipient’s public key • Prepare a block of RecipientInfo • contains ID of recipient’s cert, ID of encryption algos, and encrypted session key • Encrypt the message with the session key • RecipientInfo + encrypted content = envelopedData • envelopedData is then encoded into base64

  40. ITEC4621 Network Security EnvelopedData (cont.) Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name-smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m Fdskfjhglasfhgksd4nkdfngiewksa4dnfk76sdgklsdnfksldfjbvfsldkfvlskdnfvlks4dnf2lkvs3ndflkvsdnvskdfvnksldnfvklsdnvks9ldnvlksnkadlnslkn3dlsknfskldnflksdnflvsdnlklkdsnvlksdnlskdnkdfslfnvsfq Recipient converts back to binary and decrypts the session key using his/her private key, and decrypts the message using the session key

  41. ITEC4621 Network Security SignedData signedData can be used with one or more signers. Process • Select a hash algo (SHA or MD5) • Computer hash value of the content • Sign the hash value using signer’s private key • Prepare block of SignerInfo that contains • Signer’s cert including a set of necessary certs to trace root CA • ID of hash algo, • ID of encryption algo, • encrypted hash value • signedData = hash ID, the message, SignerInfo • signedData is then converted into base64

  42. ITEC4621 Network Security SignedData (cont.) Content-Type: application/pkcs7-mime; smime-type=signed-data; name-smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m Sdflgnsnbdsflkdvlsmvldsldsn4ssdlfkmvldsfmvfadmfvsmfaadnva/vlsadnvfkadnvskjdnfvlsfdvmqaanfsd4kjdnvsdfnvskdjnfv534ksdjnfdsnfdkdjfsjh5sdhklsjhgskjghiwuerhwjenfkjnfkjshdfjksdgvjksdvjskdfvnsjdkf5 To verify signature, convert back to binary, use the signer’s public key to decrypt the hash value. Then compare the hash values

  43. ITEC4621 Network Security Clear Signing • The message is sent in clear for non-S/MIME user. • A multipart/signed message has two parts • MIME: if not in 7-bit ASCII, converted into ASCII • Signed MIME: processed in the same manner as signedData

  44. ITEC4621 Network Security Clear Signing (cont’d) This email has many parts Content-Type: multipart/signed; protocol=“application/pkcs7-signature”; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s Sdflgnsnbdsflkdvlsmvldsldsn4ssdlfkmvldsfmvfadmfvsmfaadnva/vlsadnvfkadnvskjdnfvlsfdvmqaanfsd4kjdnvsdfnvskdjnfv534ksdjnfdsnfdkdjfsjh5sdhklsjhgskjghiwuerhwjenfkjn --boundary42--

  45. ITEC4621 Network Security Questions?

  46. ITEC4621 Network Security Quiz 1. เพราะเหตุใดเราจึงทำการ zip หลังจากการทำ Digital Signature และก่อนการเข้ารหัส 2. การเชื่อมต่อกันเพื่อส่งข้อมูลระหว่างคอมพิวเตอร์ 2 เครื่องอย่างปลอดภัยนั้นต้องมีคุณสมบัติแบบ End-to-end authentication และ Encryption จงให้เขียนรูป frame format ของ IPSec packet ที่มีคุณสมบัติดังต่อไปนี้: 1)Transport adjacency ที่มีการทำ authentication ก่อน encryption 2)Transport SA ที่ถูก bundle ภายใน Tunnel SA มีการทำ encryption ก่อน authentication 3)Tunnel SA ที่ถูก bundle ภายใน Tunnel SA มีการทำ authentication ก่อน encryption

  47. ITEC4621 Network Security Quiz (cont.)

More Related