Upload
trantuong
View
222
Download
8
Embed Size (px)
Citation preview
1
E-mail Clients and Security
BIT- 301
IT Methodologies
Inderjeet Singh
BIT-301, Inderjeet Singh Email Clients and Security
E mail Clients
• An email client, email reader or more
formally mail user agent (MUA) is a computer
program used to access and manage a
user's email.
• A web application that provides message
management, composition, and reception
functions is sometimes also considered an email
client, but more commonly referred to
as webmail.
BIT-301, Inderjeet Singh Email Clients and Security 2
Netscape Messenger
• Netscape Messenger is a standalone,
multiplatform e-mail and news client that was
developed by Netscape.
• Announced on June 11, 2007 as Netscape
Mercury, the program was intended to
accompany the web browserNetscape Navigator
9, and was based on Mozilla's Thunderbird.
BIT-301, Inderjeet Singh Email Clients and Security 3
Setup Netscape Messenger
• Start Netscape Messenger from the Start menu
or icon on the desktop or hard drive.
• Click on Edit Pull-down Menu
• Select Preferences.
• Click on the + or > in front of Mail &
Newsgroups to show the sub-categories
• Click on Identity. Fill in:
– Your name
– Internet E-mail Address
– Organization (RIT) As shown on screen
BIT-301, Inderjeet Singh Email Clients and Security 4
Setup Netscape Messenger
BIT-301, Inderjeet Singh Email Clients and Security 5
Setup Netscape Messenger
• Create a signature file by clicking on the Edit Card button or you can
use one of yours present in system by clicking Choose and selecting
that file.
• Fill in your First Name, Last Name, Organization, Title,
E-mail address, Phone No, Fax No etc.
• Note: [email protected] where abc1234 would be replaced by your RIT
username and same with first name and last name.
• Optional: Click Contact tab and fill in additional information if you
choose.
• Click OK.
Optional: Check off the " Attach my personal card to messages.", if
you wish to have your contact information always automatically attached
to all your messages.
BIT-301, Inderjeet Singh Email Clients and Security 6
Setup Netscape Messenger
BIT-301, Inderjeet Singh Email Clients and Security 7
Setup Netscape Messenger
• Click on Mail Server (under Identity) and Click Add.
• Fill in Server Name based on the system where you read your e-mail.
See the table below this image.
• In Server Type choose IMAPfrom
options. This will keep your e-mail organized if you read e-mail from
more than one computer(i.e. lab, office, home)
• In User Name fill in your DCE user name(same as grace or vax
username) i.e. abc1234
• Important: If you use the grace/OSF settings, click Advanced and set
your IMAP server directory: mail
• Click OK.
BIT-301, Inderjeet Singh Email Clients and Security 8
Setup Netscape Messenger
BIT-301, Inderjeet Singh Email Clients and Security 9
Setup Netscape Messenger
• Now fill in Outgoing Mail(SMTP) server based on the system where
you read your e-mail.
• In Outgoing mail server user name type your DCE username
i.e. abc1234
• Select the radio button for "If Possible" for the Use SSL option.
• Don't hit OK yet. If you already did that then open preferences again
from Edit menu.
• Click Messages sub-category andcheck-off the "Wrap incoming plain
text messages to window width“
• Click Formatting (In the Mail and Newsgroups Sub-category). Select
the radio button for "Ask me what to do if the message has HTML
formatting, otherwise send plain text.“
• Click OK
BIT-301, Inderjeet Singh Email Clients and Security 10
Setup Netscape Messenger
BIT-301, Inderjeet Singh Email Clients and Security 11
Setup Netscape Messenger
BIT-301, Inderjeet Singh Email Clients and Security 12
Setup Netscape Messenger
BIT-301, Inderjeet Singh Email Clients and Security 13
Microsoft Outlook
• Microsoft Outlook is a personal information
manager from Microsoft, available as a part of
the Microsoft Officesuite.
• Although often used mainly as
an email application, it also includes
a calendar, task manager, contact manager,note
taking, journal, and web browsing.
BIT-301, Inderjeet Singh Email Clients and Security 14
Microsoft Outlook- Features
• Office Fluent "ribbon" user interface (though not for the
main window)
• Changed calendar views
• Send your calendar information with calendar snapshots
• Ability to publish calendars in Internet Calendar format
• Send text and picture messages from Outlook with
Outlook Mobile Service to a mobile phone.
• Integrated RSS aggregator
• 'Instant Search' through a context indexer based search
engine with Windows Desktop Search
• Enhanced integration with Microsoft Office SharePoint
Portal Server BIT-301, Inderjeet Singh Email Clients and Security 15
Setting up Microsoft Outlook (2007)
• Start Outlook.
• On the Tools menu, click Account Settings.
• Click New.
• Click Microsoft Exchange, POP3, IMAP, or HTTP, and
then click Next.
• In the Auto Account Setup dialog box, click to select
the Manually configure server settings or additional
server types check box, and then click Next.
• Click Internet E-Mail, and then click Next.
• In the Server Information section,
select IMAP for Account Type.
BIT-301, Inderjeet Singh Email Clients and Security 16
Setting up Microsoft Outlook (2007) • In the Your Name box, enter your name exactly as you
want it to appear to recipients.
• In the E-mail Address box, type your e-mail address.
• In the User Name box, type your account name.
• In the Password box, type your password.
• In the Incoming mail server box, type the name of your
IMAP4 server.
• In the Outgoing mail server (SMTP) box, type the name of
your SMTP server.
Note IMAP4 is a retrieval protocol. You must have SMTP to
send your messages.
• Click Next after you have completed entering this
configuration information, and then click Finish.
BIT-301, Inderjeet Singh Email Clients and Security 17
18
Security Services for E-mail
• privacy
• authentication
• integrity
• non-repudiation
• anonymity
• proof of submission
• proof of delivery
• message flow confidentiality, etc.
BIT-301, Inderjeet Singh Email Clients and Security
19
Key Management
• A per-message symmetric key is used for
message encryption,
• which is conveyed in the mail, encrypted under a
long-term key (typically a public key)
• Long-term keys can be established,
– offline
– online, with help from a trusted third party
– online, through a webpage (for public keys)
BIT-301, Inderjeet Singh Email Clients and Security
BIT-301, Inderjeet Singh Email Clients and Security 20
Multiple Recipients
• Message key will be encrypted under each recipients long term key in the message header.
– Bob’s ID, KBob{S}
– Carol’s ID, KCarol{S}
– Ted’s ID, KTed{S}
– S{m}
• E.g.: To: Bob, Carol, Ted
From: Alice
Key-info: Bob-4276724736874376
Key-info: Carol-78657438676783457
Key-info: Ted-12873486743009
Msg-info: UHGuiy77t65fhj87oi.....
BIT-301, Inderjeet Singh Email Clients and Security 21
Text Format Issues
• Mail gateways/forwarders may modify the format
of the message (wrapping long lines, end-of-line
character, high order bits, etc.), causing the
integrity check to fail
• Encode messages in a format supported by all
mailers. 6-bit representation, no long lines, etc.
(similar to uuencode)
BIT-301, Inderjeet Singh Email Clients and Security 22
Text Format Issues (cont’d)
• Problem: Non-supportive clients should be able
to read authenticated (but not encrypted)
messages, which they no longer can.
• Two options:
– MAC without encoding
(subject to corruption by mail routers)
– Encode & MAC/encrypt
(may not be readable at the other end)
BIT-301, Inderjeet Singh Email Clients and Security 23
Providing Different Services
• confidentiality: by encryption
• auth./integrity: by signature or MAC
• non-repudiation: by signature
• some eccentric services,
– anonymity
– message flow confidentiality
– non-repudiation with secret keys
can be provided by TTP support.
BIT-301, Inderjeet Singh Email Clients and Security 24
PEM & S/MIME
• Privacy Enhanced Mail (PEM)
– Developed by IETF, to add encryption, source
authentication & integrity protection to e-mail
– Allows both public & secret long-term keys
Message key is always symmetric
– Specifies a detailed certification hierarchy
• Secure/MIME (S/MIME)
– PEM never took off; CA hierarchy difficult to realize
– S/MIME: PEM design incorporated into MIME
BIT-301, Inderjeet Singh Email Clients and Security 25
PEM Key Exchange & Encryption
• “Interchange keys”: Users’ long-term PEM keys
– public (a detailed PKI is defined)
– secret (pre-shared symmetric keys)
• Encryption
– A symmetric per-message key is sent encrypted under
the interchange key.
– The message is encrypted under the per-message key
(typically with DES in CBC mode)
• Authentication
– Message is authenticated by a “MIC”
(Q: Any authentication for the per-message key?)
BIT-301, Inderjeet Singh Email Clients and Security 26
PEM Certificate Hierarchy
• The root CA: “Internet Policy Registration Authority”
(IPRA)
• “Policy Certification Authorities”: Second-level, CA-
certifying CAs, each with a different policy:
– High Assurance (HA): super-secure
• implemented on secure platforms
• regulates that the child CAs (also HACAs) enforce the same rules
– Discretionary Assurance (DA): secure
• requires that the child CAs own their names
– No Assurance (NA): no constraints
• can be used to certify Internet personas (pseudonyms)
• Lower-level CAs, certifying individuals or other CAs
BIT-301, Inderjeet Singh Email Clients and Security 27
S/MIME vs. PEM
• Incorporated into MIME; no other encoding
• Any sequence of sign & encrypt is supported
(each as a recursive MIME encapsulation)
• Has more options than PEM
• ASN.1 header encoding
• No prescribed certification hierarchy
• Has a good prospect of deployment for
commercial & organizational usage
BIT-301, Inderjeet Singh Email Clients and Security 28
Pretty Good Privacy (PGP)
• Popular mail & file encryption tool
• Developed by Phil Zimmermann, 1991
• Based on RSA, IDEA, MD5 (later DSS,
ElGamal (DH), 3DES, SHA1)
• Many different versions have emerged (from
PGP, from GNU (GPG), from IETF (Open PGP))
BIT-301, Inderjeet Singh Email Clients and Security 29
PGP Operation
• All long-term user keys are public
• Signature: Message & timestamp are hashed (MD5 or SHA1) and
signed (RSA or DSS)
• Compression (ZIP)
• Encryption: – Message is encrypted with a per-message symmetric
key (typically with IDEA in CFB mode)
– which is encrypted with the recipient’s public key (RSA or DH (ElGamal))
• Radix-64 (6-bit) encoding
BIT-301, Inderjeet Singh Email Clients and Security 30
PGP Operation
BIT-301, Inderjeet Singh Email Clients and Security 31
Trust Model & Key Management
• Any user can certify any other (anarchy model)
• Each user decides whom to trust and how much
• “Key Ring”: Data structure to store public keys
held by a user, with their levels of trust
• Public keys can be obtained,
– offline (in person, over the phone, etc.)
– through personal webpages
– through a trusted friend (“web of trust”)
– through a trusted CA
BIT-301, Inderjeet Singh Email Clients and Security 32
DKIM – Domain Keys Identified Mail
• An effort to stop spam with forged domain addresses (e.g. phishing attacks).
• Standardized by RFC 4871; supported by Yahoo, Gmail, FastMail etc.
• Each domain has an email signature key. Public keys will be retrieved over DNS.
• If signature verification fails, mail will be dropped.
BIT-301, Inderjeet Singh Email Clients and Security 33
DKIM
• Once deployed, it will significantly limit phishing
attacks with forged domain addresses.
• Deployment is increasing rapidly.
• Example: Gmail’s collaboration with PayPal &
eBay