SECURE EMAIL: ANALYSIS OF EXISTING IMPLEMENTATIONS OF S/MIME & PGP Final Specification BY Rajesh Ravi. Jon Halperin. Srikanth Nannapaneni.Secure Email: Analysis of Existing Implementations of S/MIME and PGP 1. Introduction: The S/MIME (Secure/Multipurpose Internet Mail Extensions) set of specifications defines a standard protocol used by electronic messaging user agents to apply cryptographic security services to mail that is sent, and to process protected mail that is received. The project focuses on analyzing different implementations of S/MIME and PGP in various popular email clients like Outlook, Mozilla (Thunderbird), Netscape and Eudora. 2. We will analyze the following implementations of S/MIME and PGP: • Microsoft Outlook • Mozilla • Netscape • Eudora 3. For each implementation we will analyze the following: • Functionality 1. Confidentiality 2. Integrity 3. Vulnerabilities 4. Scalability and Interoperability of the implementation with various systems. • Ease of Use The ease of use of the product which involves costs for setting it up, easiness with which it can be used and the support available. This is done keeping in mind both the consumer and businesses. 4. Tentative list of questions we will be seeking an answer to: • What are the cryptographic algorithms used in the implementations? • How confidential is the information sent using this email? • Is this information tamper proof? • What is the ease with which the end user can use these implementations? 5. Procedure for verifying the results of your investigation:• Results can be verified by using softwares, which use different implementation of S/MIME and PGP. • By referring the documentation of the software’s regarding how they use S/MIME and PGP. 6. Format and tentative table of contents of the final report: A. Introduction B. Analysis of implementations in terms of: • Functionality 1. Cryptographic algorithms A study of the cryptographic algorithms used in each Implementation for PGP and S/MIME. 2. Confidentiality Analyzing each implementation for its ability to keep the information secret while using PGP and S/MIME. Analyze which is better for confidentiality PGP or S/MIME. Recommendations for the End User about confidentiality. 3. Integrity Analyze each implementation for tamper proof ness using PGP and S/MIME. Analyze the better one for Integrity Recommendations for the End User about Integrity 4. Interoperability Analyze each implementation for compatability with other implementations i.e checking if secure email sent using one email client can be read using another email client.5. Vulnerabilities and problems Analyzing the implementations for various vulnerabilities and problems. Suggesting possible solutions for the problems C. Ease of Use 1. Consumer a) Assumptions b) Main goals Needs to be really easy to use Very low cost c) Available products For each product define the costs of using the overall set up, the amount of computer knowledge needed to implement the set up, and the easy of use once the product is set up for both PGP and S/ Mime Secure Email software PGP S/ Mime Basic Email program Outlook Thunderbird Mozilla Netscape Eudora d) Recommendation for home user. 2. Small Business a) Assumptions b) Main goals Still pretty easy to set up. Tech support is available, but limited. Can afford a greater cost than consumer, but still needs to keep implementations costs down. c) Available products For each product define the costs of using the overall set up, the amount of computer knowledge needed to implement the set up, and the easy of use once the product is set up for both PGP and S/ Mime Outlook Thunderbird / Mozilla Netscape Eudora d) Recommendation for small business 3. Large Business a) Assumptions b) Main goals Easy for end user Does not have to be easy to implement, because of technical support staff. c) Available products For each product define the costs of using the overall set up, the amount of computer knowledge needed to implement the set up, and the easy of use once the product is set up for both PGP and S/ Mime Outlook Thunderbird/ Mozilla Netscape Outlook Express d)Recommendations for large business C) Conclusion D) References 7. Time schedule and Intermediate goals to be achieved • October 6th : Submission of Final project specification by e-mail • October 12th : To complete study on various implementations • November 2nd : To continue the study and start analyzing them for functionality • November 16th :To continue analyzing for ease of use. • November 17th to November 30: Final draft/Project report • December 1st : Final progress report with the draft version of the final viewgraph presentation • December 11th : Project reports submitted by e-mail to the instructor • December 15th : Final Oral presentation and final report. 8. Possible changes: Depending upon the resources available for us to study various implementations we might add or delete some of the implementations which are under consideration. 9. List of literature:• Using S/MIME in Mozilla http://www.mozilla.org/projects/security/pki/psm/smime_guide.html • Beginners Guide to secure email using S/MIME: http://www.marknoble.com/tutorial/smime/smime.aspx • Paper : Review about S/MIME http://www.itsecurity.com/papers/articsoft18.htm • Website: Specifications of S/MIME http://www.imc.org/smime-pgpmime.html • Guide to use S/MIME: http://www.mozilla.org/projects/security/pki/psm/smime_guide.html • S/MIME Working Group: http://www.imc.org/ietf-smime/index.html • Beginners Guide to secure email using S/MIME: http://www.marknoble.com/tutorial/smime/smime.aspx • S/MIME publications by NIST http://csrc.nist.gov/pki/smime/smpubs.htm • S/MIME implementation guide: http://lib.ua.ac.be/ibw/PDF/smimeimp.pdf • Paper:
View Full Document
Unlocking...