Upload
harvey-richardson
View
220
Download
2
Tags:
Embed Size (px)
Citation preview
2
Outline
Electronic mail protocols Electronic mail content security
PGP -- Pretty Good Privacy PEM -- Privacy Enhanced Mail S/MIME
3
Structure of email servers Usually the sender does not directly talk
to the receiver Dedicated mail server (in x.400 structure,
it is called message transfer agents: MTA) The source and destination are called
mail user agents (MUA) The email could go through several MTAs
4
Advantages of multiple store-and-forward MTAs Adaptable to temporary network
partitions Easy to form chain of trust Easy to implement traffic control within a
company Easy to connect partitions of networks
using different protocols
Electronic Mail
Three major components: user agents mail servers simple mail transfer
protocol: SMTP
User Agent a.k.a. “mail reader” composing, editing, reading
mail messages e.g., Eudora, Outlook, elm,
pine, Netscape Messenger outgoing, incoming
messages stored on server
user mailbox
outgoing message queue
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
6
Electronic Mail: mail servers
Mail Servers mailbox contains incoming
messages for user message queue of outgoing
(to be sent) mail messages SMTP protocol between
mail servers to send email messages client: sending mail
server “server”: receiving mail
server Note that “mail server”
behaves both as SMTP server and SMTP client
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
7
Electronic Mail: SMTP [RFC 5321]
uses TCP to reliably transfer email message from client to server, port 25/587
direct transfer: sending server to receiving server three phases of transfer
handshaking (greeting) transfer of messages closure
command/response interaction commands: ASCII text response: status code and phrase
messages must be in 7-bit ASCII
8
Scenario 1: Alice sends message to Bob
1) Alice uses UA to compose message and “to” [email protected]
2) Alice’s UA sends message to her mail server; message placed in message queue
3) Client side of SMTP opens TCP connection with Bob’s mail server
4) SMTP client sends Alice’s message over the TCP connection
5) Bob’s mail server places the message in Bob’s mailbox
6) Bob invokes his user agent to read message
user agent
mailserver
mailserver user
agent
1
2 3 4 56
9
Scenario 2: Alice sends message to Bob
1) Alice runs a telnet client
2) Alice’s telnet client opens a TCP connection to some mail server (could be Bob’s mail server) at port 25
3) Alice uses SMTP commands to compile a message which will be sent to Bob.
4) SMTP client (mail server 3) sends Alice’s message over the TCP connection to mail server 5 (Bob’s mail server)
5) Bob’s mail server places the message in Bob’s mailbox
6) Bob invokes his user agent to read message
telnetclient
mailserver
mailserver user
agent
1
2 3 4 56
10
S: 220 smtp.example.com ESMTP Postfix /* 220: service ready */
C: HELO relay.example.org /* identify urself */
S: 250 Hello relay.example.org, I am glad to meet you /* request ok */
C: MAIL FROM:<[email protected]>
S: 250 Ok
C: RCPT TO:<[email protected]>
S: 250 Ok
C: DATA
S: 354 End data with <CR><LF>.<CR><LF> /* start mail input */
C: From: "Bob Example" <[email protected]>
C: To: Alice Example <[email protected]>
C: Date: Tue, 15 Jan 2008 16:02:43 -0500
C: Subject: Test message
C:
C: Hello Alice.
C: This is a test message with 5 header fields and 4 lines in the message body.
C: Your friend,
C: Bob
C: .
S: 250 Ok: queued as 12345
C: QUIT
S: 221 Bye {The server closes the connection} /* close channel */
11
SMTP: final words
SMTP uses persistent connections
SMTP requires message (header & body) to be in 7-bit ASCII
SMTP server uses CRLF.CRLF to determine end of message (CRLF stands for carriage return and line feed)
Comparison with HTTP:
HTTP: pull SMTP: push
both have ASCII command/response interaction, status codes
HTTP: each object encapsulated in its own response msg
SMTP: multiple objects sent in multipart msg
12
Distribution lists You may need to send to a group of
people Can be summarized as distribution lists How to map a single list name to a group
of real email address: Remote exploder Local exploder
Can form a hierarchy: list in list
13
Two distribution lists may contain each other: we need to handle duplicated sending
Advantages of local exploder: It is easy to prevent mail forwarding loops It is easy for the sender to avoid sending
multiple copies to the same user It is easier to handle billing issues
14
Advantages of remote exploder You can send email to a list of users
whose identities are not known to you Reduce the amount of traffic sent by
sender Improve efficiency: multiple lists can be
handled by different DL maintainers
15
Mail message format
SMTP (RFC 5321): protocol for exchanging email msgs
RFC 822: Standard for the format of ARPA Internet text messages:
header lines, e.g., To: From: Subject:
different from SMTP commands!
body the “message”, ASCII
characters only
header
body
blankline
16
Message format: multimedia extensions
MIME: multipurpose Internet mail extension, RFC 2045, 2046, 2049 etc
additional lines in msg header declare MIME content type
From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg
base64 encoded data ..... ......................... ......base64 encoded data
multimedia datatype, subtype,
parameter declaration
method usedto encode data
MIME version
encoded data
17
How is base64 working:
Turn every three bytes to four 6-bit sequences
Each 6-bit sequence is mapped to a printable character: A—Z, a—z, 0—9, +,/
How to handle padding Add “=“ at the end Number of “=“ depends on the
original message
18
MIME typesContent-Type: type/subtype; parameters
Text example subtypes: plain,
html (e.g., text/plain; charset=“ISO-8859-1”)
Image example subtypes: jpeg,
gif (e.g, image/gif)
Audio example subtypes: basic
(8-bit mu-law encoded), 32kadpcm (32 kbps coding), RCF 1911
Video example subtypes: mpeg,
quicktime
Application other data that must be
processed by reader before “viewable”
example subtypes:
msword, octet-stream
19
Multipart Type
From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=StartOfNextPart --StartOfNextPartDear Bob, Please find a picture of a crepe.--StartOfNextPartContent-Transfer-Encoding: base64Content-Type: image/jpegbase64 encoded data ..... ......................... ......base64 encoded data --StartOfNextPartDo you want the recipe?
20
Annoying text format issues There is no single standard for text
representation E.g.: new line, line length, high bits, etc Intermediate server may change your email
format
Problem: email ruined, integrity and signature not working
Reformat data for such issues
21
Mail access protocols
SMTP: delivery/storage to receiver’s server SMTP is a push protocol, and it is good for message sending
— we need a separate protocol for message retrieval Mail access protocol: retrieval from server
POP: Post Office Protocol [RFC 1939] authorization (agent <-->server) and download
IMAP: Internet Mail Access Protocol [RFC 1730][port 143] more features (more complex) manipulation of stored msgs on server
HTTP: Hotmail , Yahoo!, etc.
useragent
sender’s mail server
useragent
SMTP SMTP accessprotocol
receiver’s mail server
22
POP3 [tcp port 110] Can work with temporary network
connections, view and manipulate email offline
Retrieve and delete from the server POP3 UIDL can leave a copy Use a unique identifier to represent an
email Support encryption through SSL or TLS
POP3 protocol (port 110)telnet xxxxxx.uncc.edu 110
authorization phase client commands:
user: declare username pass: password
server responses +OK -ERR
transaction phase, client: list: list message
numbers retr: retrieve message by
number dele: delete quit
C: list S: 1 498 S: 2 912 S: . C: retr 1 S: <message 1 contents> S: . C: dele 1 C: retr 2 S: <message 2 contents> S: . C: dele 2 C: quit S: +OK POP3 server signing off
S: +OK POP3 server ready C: user yonwang S: +OK C: pass ******* S: +OK user successfully logged on
24
IMAP: Internet Message Access Protocol Support both online and offline operation Leave copy of email on server Multiple clients access the same mailbox Support encrypted login Access to MIME parts and partial fetch Message state information Create directory in your mailbox Server side search
25
Problems of IMAP The search algorithm on the server can
consume a lot of resources Complexity of the software
26
POP3 and IMAPMore about POP3 Previous example uses
“download and delete” mode.
Bob cannot re-read e-mail if he changes client
“Download-and-keep”: copies of messages on different clients
POP3 is stateless across sessions
Create folders and see the same view from any computer? Not possible!
IMAPv4 (port 143) Keep all messages in one
place: the server Allows user to organize
messages in folders IMAP keeps user state
across sessions: names of folders and
mappings between message IDs and folder name
27
Some expected security features of secure email Privacy: only the receiver can read the message Authentication: authenticate the sender identity Integrity Non-repudiation Proof of submission Proof of delivery Hiding the existence of the message Anonymity: even the receiver does not know who
the sender is
29
Details of secure email
Establishing keys There are many possibilities of keys: sender,
receiver, MTA, distribution list exploder, etc Public key approach
Sender can get receiver’s public key by Out-of-band mechanism Through PKI Piggybacking of certificates
Secret key approach Through KDC or tickets
30
Confidentiality Many sources to violate email confidentiality:
eavesdropper, MTA, company network administrator
End-to-end privacy It is not efficient to use public key to encrypt the
whole message It is not efficient when you have multiple receivers Solution: use a symmetric key to encrypt
message, and use public key to encrypt the symmetric key
31
Privacy with the distribution list exploder Remote DLE: the sender only needs to
share a key with the DLE Local DLE: establish key with every
receiver in the list
32
Authenticating sender Signing the message digest with sender’s
private key Encrypt the digest with pair wise key Source authentication with distribution
lists It is easy if we use digital signature If we are using secret key, DLE will attach its
authentication information
33
Message integrity Most of time it is integrated with source
authentication Integrity without source authentication
Ransom
The problem when you sign a hash result How is the hash result calculated (attack with
the signatures)
34
Non-repudiation With public keys
With the digital signature
Deniability based on public key technology Alice generates a symmetric key E pub-B ( Sign-A (key) ) Use this key to encrypt the message Bob can prove that Alice generates the key, but not
Alice sends that message
Non-repudiation with secret keys through notary (trusted third party)
35
Proof of submission The sending MTA provides a signed
digest of the email Proof of delivery
Receiver signs a receipt A famous problem in cryptography
Simultaneous contract signing
36
Anonymity Through a proxy Onion routing issues Anonymous email service: craigslist Anonymous IETF mailing list
37
Possible attacks
Spoofing (unbelievably easy!) a third party may impersonate Alice and send a fake/modified
message to Bob Eavesdropping
a party sitting between Alice’s UA and Bob’s mail server may peep communications between them
Replay a party sitting between Alice and Bob may re-send to Bob an old
message from Alice Attacks on mail access protocols such as POP3, IMAP, etc Other attacks such as DoS Traffic analysis Last one: should Bob trust his mail server? Or in another
word: do you trust the postman who delivers a letter to you?
38
TCP
Achieve secure email in the network stack
IP
Networkdriver
ApplContent security S/MIME, Proxies, SET, PGP
ApplicationLayer
TransportLayer
NetworkLayer
Data linkLayer
SSL, TLS,SOCKS
AH, ESP (in IPSec),Packet filtering,
Tunneling (L2TP, PPTP, L2F),CHAP (challenge handshake protocol) PAP (password auth. protocol), MS-CHAP
39
Use electronic mail securely
Preventing spoofing and replay Digital signature with one-way hash Timestamps etc.
Preventing eavesdropping Encryption (transport layer or application layer)
Preventing attacks on mail access protocols SSL (openSSL)
Preventing other attacks: general network security problems (DoS on a mail server)
41
Privacy Enhanced Mail (PEM)
Attempt to add security to SMTP Text only: MIME didn’t exist yet Attempt to build a CA hierarchy
along X.500 lines Hierarchy with a single root !!
Solved the data formatting problem with base64 encoding Encode 3 binary bytes as 4 NVT ASCII
characters The same encoding was later used in PGP 2.X,
mime...
42
PEM certificate hierarchy Want to use a centralized root Three types of certificate authorities
High assurance Discretionary Assurance No Assurance
43
PGP
By Phil Zimmermann Check out http://www.pgp.com or
http://web.mit.edu/network/pgp.html
Available for Windows/Linux/Macintosh Getting the PGP and install it on your
computer Crypto is useful only if it is USED!!
44
S/MIME
Who will win? PGP for personal email security S/MIME for commercial and organization
use Standards page:
http://www.ietf.org/html.charters/smime-charter.html
Main RFCs: 2630, 2632, 2633
45
Reminder: Multipart Type
From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=StartOfNewPart --StartOfNewPartDear Bob, Please find a picture of a crepe.--StartOfNextPartContent-Transfer-Encoding: base64Content-Type: image/jpegbase64 encoded data ..... ......................... ......base64 encoded data --StartOfNewPartDo you want the reciple?
46
S/MIME
Similar to PGP, offers signature and encryption functions. It cryptographically protects MIME entity
Based on CMS (cryptographic message syntax) Encapsulation syntax for data protection
47
Protocols
Content encryption algorithm: 3DES (DES EDE3 CBC), RC2/40 (more algorithms are being added)
Key encryption algorithm: Diffie-hellman
Message digest algorithm: SHA-1, MD5
Signature algorithm: DSA, RSA
48
User Agent
S/MIME user agents should handle the following tasks: Key generation Registration Certificate storage and retrieval including
certificate management
49
Applications
Secure e-mail EDI (Electronic Data Interchange) Online Services Healthcare applications Internet push products Indeed, used for any kind of data
content protection