16-1©2009 Raj JainCSE571SWashington University in St. LouisEE--Mail Mail SecuritySecurityRaj Jain Washington University in Saint LouisSaint Louis, MO [email protected]/Video recordings of this lecture are available at:http://www.cse.wustl.edu/~jain/cse571-09/16-2©2009 Raj JainCSE571SWashington University in St. LouisOverviewOverview Email Overview: SMTP, POP, IMAP, Radix-64, MIME Security Services: Privacy, authentication, Integrity, Non-Repudiation, Anonymity Secure Email Standards: S/MIME, PGP, DKIM, … Spam16-3©2009 Raj JainCSE571SWashington University in St. LouisInternet Email OverviewInternet Email Overview Simple Mail Transfer Protocol (SMTP): Protocol to deposit email in another user’s mailboxWas originally designed for 7-bit ASCII text messages Post Office Protocol (PoP):Protocol to retrieve email from your mailboxAuthenticates the user Internet Mail Access Protocol (IMAP) Multipurpose Internet Mail Encoding (MIME):To encode non-text messagesMail boxesAt acm.orgSMTPServerSMTPClientPoPClientPoPServerSMTP PoPFROM:[email protected]:[email protected] PoPd16-4©2009 Raj JainCSE571SWashington University in St. LouisSMTPSMTP Defined in RFC 2821 and RFC 2822 Clients connect to port 25 of SMTP server It is a push protocol and does not allow to pull Extended SMTP (ESMTP) is defined in RFC 2821 ESMTP uses EHLO in stead of HELO ESMTP allows finding the maximum message size SMTP-AUTH is an authentication extension to SMTP (RFC 4954) Allows only authorized users to send email16-5©2009 Raj JainCSE571SWashington University in St. LouisRadixRadix--64 Encoding64 Encoding16-6©2009 Raj JainCSE571SWashington University in St. LouisMIME ExampleMIME Example--unique-boundary-1Content-Type: multipart/parallel;boundary=unique-boundary-2--unique-boundary-2Content-Type: audio/basicContent-Transfer-Encoding: base64... base64-encoded 8000 Hz single-channelu-law-format audio data goes here....--unique-boundary-2Content-Type: image/gifContent-Transfer-Encoding: Base64... base64-encoded image data goes here....16-7©2009 Raj JainCSE571SWashington University in St. LouisSecurity Services for ESecurity Services for E--MailMail Privacy: of content Authentication: of Sender Integrity: of Content Non-repudiation: Sender cannot deny Proof of Submission: Proof of sending (Certified mail) – MTA can sign a message digest Proof of Delivery: to recipient (return receipt + Content non-repudiation) Message flow confidentiality Anonymity16-8©2009 Raj JainCSE571SWashington University in St. LouisSecurity Services for ESecurity Services for E--Mail (Cont)Mail (Cont) Containment: Keeping messages in a security zone Audit: event log Accounting: Accounting log Self Destruct: Receiving mail program will destroy the message Message Sequence Integrity: in-order delivery16-9©2009 Raj JainCSE571SWashington University in St. LouisEstablishing KeysEstablishing Keys 1-to-1 Public Keys:¾ Need public key to send an encrypted message¾ Can sign a message and send a certificate Secret Keys:¾ Via KDC16-10©2009 Raj JainCSE571SWashington University in St. LouisPrivacyPrivacy Employee vs. Employer End-to-End Privacy Use public key to encrypt a secret key Same encrypted message can be sent to multiple recipients Distribution lists require trusting the exploder16-11©2009 Raj JainCSE571SWashington University in St. LouisSource AuthenticationSource Authentication Sign a hash of the message with private key(Good for distribution lists also) Secret Key:¾ MAC=CBC residue with a random key¾ Message digest of the random key¾ Message digest is encrypted with the secret shared key (Same digest for multiple recipients)¾ Can share a secret key with mail exploder16-12©2009 Raj JainCSE571SWashington University in St. LouisMessage IntegrityMessage Integrity Generally goes with source authenticationIntegrity with source anonymity is meaningless You can use a shared secret Anyone can change the message encrypted or protected with public key16-13©2009 Raj JainCSE571SWashington University in St. LouisNonNon--RepudiationRepudiation Public Key:¾ Non-Repudiation: sender signs the message with private key¾ Plausible Deniability: Sender computes a MAC using a random key S and sends [[S]Bob Public]Alice Private Secret Key:¾ Non-Repudiation: Notary N. N and receipient share a secret¾ N computes a seal = digest of the message and alice's name using a secret key¾ N shares a secret key with recepient and sends A MAC of the message, seal, and Alice.¾ A judge could ask N to verify if the seal is valid.16-14©2009 Raj JainCSE571SWashington University in St. LouisProof of DeliveryProof of Delivery Delivering MTA or recipient can sign a message digest Impossible to prove that recipient got the message.¾ If recipient signs it before getting the last part of the message, it may not get complete message but has signed.¾ If recipient signs after getting the last part of the message, it may not sign but has the message.16-15©2009 Raj JainCSE571SWashington University in St. LouisVerifying Posting DateVerifying Posting Date Preventing Backdating: Notary signs and dates the message Preventing Postdating: Notary signs and dates the message along with a fact not known before the date, e.g., newspaper headline, lottery number, ...16-16©2009 Raj JainCSE571SWashington University in St. LouisDigital PostmarksDigital Postmarks Post office can date stamp your document(Service available in USA and other countries also) Client software signs a document and sends it to DPM service DPM authenticates the signature, generates a timestamp and signs the resulting package (hash of message, signature, time) The DPM receipt is sent to the client software and also stored in a non-repudiation database with the message and signature The client software wraps the original document and DPM receipt Anyone can verify the signature and time Original document can be requested from DPM service database www.usps.com/electronicpostmark/16-17©2009 Raj JainCSE571SWashington University in St. LouisAnonymityAnonymity penet.fi allowed two-way communication. Assigned code name to sender. If someone replies they are also assigned a code name¾ Assigned code name to the source exploder of the replies. Message Flow Confidentiality¾ Can send random messages through third party¾ Can use several