Upload
lamdat
View
217
Download
5
Embed Size (px)
Citation preview
CS 393 – Network Security
Nasir Memon – Polytechnic UniversityModule 11 – Secure Email
4/2/02 Module 11 - Secure Email 2
Course Logistics
n HW 5 due Thursdayn Graded exams returned and discussed.n Read Chapter 5 of text
4/2/02 Module 11 - Secure Email 3
Where do we provide security?
ü Firewalln Application layer
n S-MIME, PGP, Kerberos etc.
n Transport layern SSL, TSL.
n Network layern IPSEC
4/2/02 Module 11 - Secure Email 4
Application level security
• We look at examples of application level security mechanisms – secure email. PGP and S/MIME.
4/2/02 Module 11 - Secure Email 5
Secure Email – Issues
n May seem straight forward – encrypt and/or sign. But problem is richer than that!
n Types of security services that may be required include:n Privacy – May seem simple but problems include
n How to establish keys? n What if single email multiple recipients?
n Include session key encrypted with public key of each recipient.
n What is mailing list?n Same as above but need to trust list maintainer.
n What if Alice’s employer wants to be able to read her email?n Key Escrow
4/2/02 Module 11 - Secure Email 6
Secure Email Issues – Authentication and Integrity
n Source authentication could be provided byn Public key – message digest and digital signature.
Same if multiple recipientsn Private key – Use (private) key based
cryptographic hash – MAC. n If multiple recipients then first do message digest and
then MAC with different private keys for different recipients
n Message Integrityn Authentication mechanisms serve for integrity as
well. But what if you want to send a ransom note?!!!
4/2/02 Module 11 - Secure Email 7
Secure Email Issues – Non-Repudiation and Repudiation
n Non-Repudiation – Alice to Bank – “Please transfer a million dollars from my account to Bob’s.”
n Repudiation – President to Henchmen – “Go ahead and sell Arms to Iran to fund the Contras.”
n Non-repudiation based on public key cryptography – easy. Digital Signature.n What if after sending the message, Alice claims
her private key was compromised?!n Undeniable signatures.
4/2/02 Module 11 - Secure Email 8
Protocol for Non-Repudiable Email –Private Key Version
n Needs Notary N trusted by Bob and Judge.n Alice send message M to N.n N does some computation based on M and Alice’s
name using SN (a random secret generated for this exchange) and produces a “seal” SN(M, Alice).
n Alice sends M and “seal” to Bob.n If later Bob wants to prove to Judge that Alice sent
him M, then he sends to Judge M and “seal”.n Judge sends “seal” to notary who verifies the seal.n Bob could not have produced the seal as he does not
know SN.
4/2/02 Module 11 - Secure Email 9
Protocol for Repudiable Email –Public Key Versionn Alice picks secret key K which will be used to encrypt message.n Alice encrypts S with Bob’s public key – EBOB[K].n She “signs” EBOB[K] with private key getting SALICE[EBOB[K] ]n She uses K to compute key based cryptographic hash HK[M], of
message M.n She sends SALICE[EBOB[K] ], HK[M], and M to Bob. (M can be
optionally encrypted).n Bob can verify (decrypt) M and be assured that message is from
Alice. n But once he has done that he can modify M to any M’ and
produce HK[M’]! n So all he can prove to a 3rd party is that Alice sent some
message but not what message.
4/2/02 Module 11 - Secure Email 10
Secure Email – Other Issues.
n Think about how you would provide the following: n Proof of delivery
n ???
n Proof of receiptn What if recipient refuses last packet?!! Send encrypted
message and then get acknowledgement of receipt of this and only then decryption key!!
n Message flow confidentialityn Anonymityn (Last two will be addressed a couple of weeks
later under the title of anonymity and privacy.)
4/2/02 Module 11 - Secure Email 11
Secure Email Systems
n PGP – Pretty Good Privacy –n Provides confidentiality and authentication serivde
that can be used in email and file storage application.
n Public domain and open source. Uses well known and established crypto primitives like RSA, 3DES, SHA-1, Diffie-Hellman etc.
n Phil Zimmerman – almost sent to jail for writing it.n S/MIME – Secure/Multipurpose Internat Mail
Extension.n Security enhancement of MIME based on
technology from RSA. In RFS 822.
4/2/02 Module 11 - Secure Email 12
PGP – Services
n Authenticationn SHA-1 for hash. RSA signature
n Confidentialityn CAST, IDEA or 3DES. Diffie Hellman or RSA for
session key exchange.
n Compressionn Zip
n E-mail compatibilityn Radix 64.
n Segmentation
4/2/02 Module 11 - Secure Email 13
PGP - Authentication
Notation: KRa – Private key of user A. KUa – Public key of user A. H – Hash function. M – Message. Z – Compression. Z-1 – Decompression. || - ConcatenationEP – Public Key encryption. DP – Private key decryption.
4/2/02 Module 11 - Secure Email 14
PGP - Confidentiality
Notation: KRb – Private key of user B. KUb – Public key of user B. H – Hash function. M – Message. Z – Compression. Z-1 – Decompression. || - ConcatenationEC – Private Key encryption. DC – Private key decryption. EP – Public Key encryption. DP – Private key decryption.Ks – Session key.
4/2/02 Module 11 - Secure Email 15
PGP - Authentication and Confidentiality
Notation: KRb – Private key of user B. KUb – Public key of user B. H – Hash function. M – Message. Z – Compression. Z-1 – Decompression. || - ConcatenationEC – Private Key encryption. DC – Private key decryption. EP – Public Key encryption. DP – Private key decryption.Ks – Session key.
4/2/02 Module 11 - Secure Email 16
PGP - Compression
n Zip used.n Signature generated before compression
because:n Would need to store compressed version for later
verification.n Compression algorithm not deterministic. Various
parameter settings produce different forms.
n Encryption done after compression for:n Cryptanalysis is made more difficult as compressed
message has less redundancy.n Encryption output is random which cannot be
compressed.
4/2/02 Module 11 - Secure Email 17
PGP – Email compatibility
n Many email systems only allow ASCII text.n Encrypted bytes may arbitrary.n PGP performs Radix 64 conversion – three
bytes mapped to 4 printable ASCII bytes.n Message gets expanded by 33%.n Compression more than compensates for
that.
4/2/02 Module 11 - Secure Email 18
PGP - Segmentation
n Messages larger than a given amount are automatically broken up.
n Headers enable reassembly at other end.n Segmentation done only at end so session
key etc. only appear once.
4/2/02 Module 11 - Secure Email 19
PGP - Flow
4/2/02 Module 11 - Secure Email 20
PGP – Session Key Generation
n Uses complex techniques for generating random numbers and pseudo-random numbers for key generation (Read appendix of chapter 5).n The importance of this step cannot be overemphasized.
Scheme can be broken if “random” numbers can be guessed.
n True random numbers generated from monitoring user keystrokes. Time and keystroke information used to generate key which is used to encrypt current true random buffer.
n Pseudorandom numbers generated from using encryption technique in CFB mode.
4/2/02 Module 11 - Secure Email 21
PGP – Random numbers use
n (True) Random numbers used ton Generate RSA key pairsn Initial seed for pseudorandom number generationn Additional input for pseudorandom number
generation
n Pseudorandom numbers used ton Generate session keysn Generate IV for CFB mode encryption.
4/2/02 Module 11 - Secure Email 22
PGP - Key Identifiers
n Allows user to have multiple public key/private key pairs.n Why?
n Specific key used for a message identified by assigning key identifier.
n Key identifier is simply 64 lsb’s of key.n In principle you could have two different keys with
same identifier but very very unlikely.
4/2/02 Module 11 - Secure Email 23
PGP – Message Format
4/2/02 Module 11 - Secure Email 24
PGP Key Rings
4/2/02 Module 11 - Secure Email 25
PGP Message Generation
4/2/02 Module 11 - Secure Email 26
PGP Message Reception
4/2/02 Module 11 - Secure Email 27
PGP – Assigning Trust to Keys
4/2/02 Module 11 - Secure Email 28
MIME
n The Simple Mail Transfer Protocol (SMTP) (RFC 822) used to exchange electronic mail across the Internet.
n SMTP conveys the message content as plain ASCII text.
n The Multipurpose Internet Mail Extensions (MIME) (RFC 1521) extends format of SMTP to allow multipart text and binary data message bodies to be exchanged without loss of information.
4/2/02 Module 11 - Secure Email 29
MIME (Contd)
n MIME extends SMTP by adding 5 new header fields:1. MIME version2. Content-type3. Content transfer encoding4. Content-ID5. Content-description
n 4 and 5 are optional and may be ignored by recipient.
4/2/02 Module 11 - Secure Email 30
S/MIME Functionality
n Functionality added by S/MIME includesn Enveloped datan Signed datan Clear-signed datan Signed and enveloped datan Signed receiptsn Security labeln Secure mailing lists
4/2/02 Module 11 - Secure Email 31
S/MIME v3
n The S/MIME v3 standard consists of five parts: n Cryptographic Message Syntax (RFC 2630) n S/MIME Version 3 Message Specification (RFC 2633) n S/MIME Version 3 Certificate Handling (RFC 2632) n Diffie-Hellman Key Agreement Method (RFC 2631) n Certificate Distribution Specification (draft-ietf-
smime-certdist) n Enhanced Security Services for S/MIME (RFC
2634 - set of extensions to allow signed receipts, security labels, and secure mailing lists.
4/2/02 Module 11 - Secure Email 32
Further Readingn For PGP and S/MIME read chapter 5 of text.n For PGP - The International PGP Home Page at
http://www.pgpi.org/n The PGP Attack FAQ at
http://www.stack.nl/~galactus/remailers/attack-faq.htmln NIST S/MIME page at
http://csrc.nist.gov/pki/smime/welcome.htmn IETF S/MIME page http://www.ietf.org/html.charters/smime-
charter.htmln Freeware S/MIME toolkit at http://www.imc.org/imc-sfl/