E Mail Security Raj Jain Washington University in Saint Louis Saint Louis MO 63130 Jain cse wustl edu Audio Video recordings of this lecture are available at http www cse wustl edu jain cse571 09 Washington University in St Louis CSE571S 16 1 2009 Raj Jain Overview Email Overview SMTP POP IMAP Radix 64 MIME Security Services Privacy authentication Integrity Non Repudiation Anonymity Secure Email Standards S MIME PGP DKIM Spam Washington University in St Louis CSE571S 16 2 2009 Raj Jain Internet Email Overview Simple Mail Transfer Protocol SMTP Protocol to deposit email in another user s mailbox Was originally designed for 7 bit ASCII text messages Post Office Protocol PoP Protocol to retrieve email from your mailbox Authenticates the user Internet Mail Access Protocol IMAP Multipurpose Internet Mail Encoding MIME To encode non text messages SMTP SMTP SMTP Client Server FROM jain wustl edu TO jain acm org Washington University in St Louis PoP PoP Server SMTPd Mail boxes At acm org CSE571S 16 3 PoP Client PoPd 2009 Raj Jain SMTP Defined in RFC 2821 and RFC 2822 Clients connect to port 25 of SMTP server It is a push protocol and does not allow to pull Extended SMTP ESMTP is defined in RFC 2821 ESMTP uses EHLO in stead of HELO ESMTP allows finding the maximum message size SMTP AUTH is an authentication extension to SMTP RFC 4954 Allows only authorized users to send email Washington University in St Louis CSE571S 16 4 2009 Raj Jain Radix 64 Encoding Washington University in St Louis CSE571S 16 5 2009 Raj Jain MIME Example unique boundary 1 Content Type multipart parallel boundary unique boundary 2 unique boundary 2 Content Type audio basic Content Transfer Encoding base64 base64 encoded 8000 Hz single channel u law format audio data goes here unique boundary 2 Content Type image gif Content Transfer Encoding Base64 base64 encoded image data goes here Washington University in St Louis CSE571S 16 6 2009 Raj Jain Security Services for E Mail Privacy of content Authentication of Sender Integrity of Content Non repudiation Sender cannot deny Proof of Submission Proof of sending Certified mail MTA can sign a message digest Proof of Delivery to recipient return receipt Content non repudiation Message flow confidentiality Anonymity Washington University in St Louis CSE571S 16 7 2009 Raj Jain Security Services for E Mail Cont Containment Keeping messages in a security zone Audit event log Accounting Accounting log Self Destruct Receiving mail program will destroy the message Message Sequence Integrity in order delivery Washington University in St Louis CSE571S 16 8 2009 Raj Jain Establishing Keys 1 to 1 Public Keys Need public key to send an encrypted message Can sign a message and send a certificate Secret Keys Via KDC Washington University in St Louis CSE571S 16 9 2009 Raj Jain Privacy Employee vs Employer End to End Privacy Use public key to encrypt a secret key Same encrypted message can be sent to multiple recipients Distribution lists require trusting the exploder Washington University in St Louis CSE571S 16 10 2009 Raj Jain Source Authentication Sign a hash of the message with private key Good for distribution lists also Secret Key MAC CBC residue with a random key Message digest of the random key Message digest is encrypted with the secret shared key Same digest for multiple recipients Can share a secret key with mail exploder Washington University in St Louis CSE571S 16 11 2009 Raj Jain Message Integrity Generally goes with source authentication Integrity with source anonymity is meaningless You can use a shared secret Anyone can change the message encrypted or protected with public key Washington University in St Louis CSE571S 16 12 2009 Raj Jain Non Repudiation Public Key Non Repudiation sender signs the message with private key Plausible Deniability Sender computes a MAC using a random key S and sends S Bob Public Alice Private Secret Key Non Repudiation Notary N N and receipient share a secret N computes a seal digest of the message and alice s name using a secret key N shares a secret key with recepient and sends A MAC of the message seal and Alice A judge could ask N to verify if the seal is valid Washington University in St Louis CSE571S 16 13 2009 Raj Jain Proof of Delivery Delivering MTA or recipient can sign a message digest Impossible to prove that recipient got the message If recipient signs it before getting the last part of the message it may not get complete message but has signed If recipient signs after getting the last part of the message it may not sign but has the message Washington University in St Louis CSE571S 16 14 2009 Raj Jain Verifying Posting Date Preventing Backdating Notary signs and dates the message Preventing Postdating Notary signs and dates the message along with a fact not known before the date e g newspaper headline lottery number Washington University in St Louis CSE571S 16 15 2009 Raj Jain Digital Postmarks Post office can date stamp your document Service available in USA and other countries also Client software signs a document and sends it to DPM service DPM authenticates the signature generates a timestamp and signs the resulting package hash of message signature time The DPM receipt is sent to the client software and also stored in a non repudiation database with the message and signature The client software wraps the original document and DPM receipt Anyone can verify the signature and time Original document can be requested from DPM service database www usps com electronicpostmark Washington University in St Louis CSE571S 16 16 2009 Raj Jain Anonymity penet fi allowed two way communication Assigned code name to sender If someone replies they are also assigned a code name Assigned code name to the source exploder of the replies Message Flow Confidentiality Can send random messages through third party Can use several intermediaries Washington University in St Louis CSE571S 16 17 2009 Raj Jain Anonymous Remailers Pseudonymous Remailers Give a pseudonym to the sender and send Keep a log of pseudonym and actual address Can be disclosed Cypherpunk Remailers Removes the senders address no return address No log Mixmaster Remailers Anonymous remailer that sends messages in fixed size packets and reorders them to prevent tracing Mixminion Remailers Strongest anonymity Handle replies forward anonymity replay prevention key rotation exit policies integrated directory servers dummy traffic Washington University in St Louis CSE571S 16 18 2009 Raj Jain