16-1©2009 Raj JainCSE571SWashington University in St. LouisEE--Mail Mail SecuritySecurityRaj Jain Washington University in Saint LouisSaint Louis, MO [email protected]/Video recordings of this lecture are available at:http://www.cse.wustl.edu/~jain/cse571-09/16-2©2009 Raj JainCSE571SWashington University in St. LouisOverviewOverview Email Overview: SMTP, POP, IMAP, Radix-64, MIME Security Services: Privacy, authentication, Integrity, Non-Repudiation, Anonymity Secure Email Standards: S/MIME, PGP, DKIM, … Spam16-3©2009 Raj JainCSE571SWashington University in St. LouisInternet Email OverviewInternet Email Overview Simple Mail Transfer Protocol (SMTP): Protocol to deposit email in another user’s mailboxWas originally designed for 7-bit ASCII text messages Post Office Protocol (PoP):Protocol to retrieve email from your mailboxAuthenticates the user Internet Mail Access Protocol (IMAP) Multipurpose Internet Mail Encoding (MIME):To encode non-text messagesMail boxesAt acm.orgSMTPServerSMTPClientPoPClientPoPServerSMTP PoPFROM:[email protected]:[email protected] PoPd16-4©2009 Raj JainCSE571SWashington University in St. LouisSMTPSMTP Defined in RFC 2821 and RFC 2822 Clients connect to port 25 of SMTP server It is a push protocol and does not allow to pull Extended SMTP (ESMTP) is defined in RFC 2821 ESMTP uses EHLO in stead of HELO ESMTP allows finding the maximum message size SMTP-AUTH is an authentication extension to SMTP (RFC 4954) Allows only authorized users to send email16-5©2009 Raj JainCSE571SWashington University in St. LouisRadixRadix--64 Encoding64 Encoding16-6©2009 Raj JainCSE571SWashington University in St. LouisMIME ExampleMIME Example--unique-boundary-1Content-Type: multipart/parallel;boundary=unique-boundary-2--unique-boundary-2Content-Type: audio/basicContent-Transfer-Encoding: base64... base64-encoded 8000 Hz single-channelu-law-format audio data goes here....--unique-boundary-2Content-Type: image/gifContent-Transfer-Encoding: Base64... base64-encoded image data goes here....16-7©2009 Raj JainCSE571SWashington University in St. LouisSecurity Services for ESecurity Services for E--MailMail Privacy: of content Authentication: of Sender Integrity: of Content Non-repudiation: Sender cannot deny Proof of Submission: Proof of sending (Certified mail) – MTA can sign a message digest Proof of Delivery: to recipient (return receipt + Content non-repudiation) Message flow confidentiality Anonymity16-8©2009 Raj JainCSE571SWashington University in St. LouisSecurity Services for ESecurity Services for E--Mail (Cont)Mail (Cont) Containment: Keeping messages in a security zone Audit: event log Accounting: Accounting log Self Destruct: Receiving mail program will destroy the message Message Sequence Integrity: in-order delivery16-9©2009 Raj JainCSE571SWashington University in St. LouisEstablishing KeysEstablishing Keys 1-to-1 Public Keys:¾ Need public key to send an encrypted message¾ Can sign a message and send a certificate Secret Keys:¾ Via KDC16-10©2009 Raj JainCSE571SWashington University in St. LouisPrivacyPrivacy Employee vs. Employer End-to-End Privacy Use public key to encrypt a secret key Same encrypted message can be sent to multiple recipients Distribution lists require trusting the exploder16-11©2009 Raj JainCSE571SWashington University in St. LouisSource AuthenticationSource Authentication Sign a hash of the message with private key(Good for distribution lists also) Secret Key:¾ MAC=CBC residue with a random key¾ Message digest of the random key¾ Message digest is encrypted with the secret shared key (Same digest for multiple recipients)¾ Can share a secret key with mail exploder16-12©2009 Raj JainCSE571SWashington University in St. LouisMessage IntegrityMessage Integrity Generally goes with source authenticationIntegrity with source anonymity is meaningless You can use a shared secret Anyone can change the message encrypted or protected with public key16-13©2009 Raj JainCSE571SWashington University in St. LouisNonNon--RepudiationRepudiation Public Key:¾ Non-Repudiation: sender signs the message with private key¾ Plausible Deniability: Sender computes a MAC using a random key S and sends [[S]Bob Public]Alice Private Secret Key:¾ Non-Repudiation: Notary N. N and receipient share a secret¾ N computes a seal = digest of the message and alice's name using a secret key¾ N shares a secret key with recepient and sends A MAC of the message, seal, and Alice.¾ A judge could ask N to verify if the seal is valid.16-14©2009 Raj JainCSE571SWashington University in St. LouisProof of DeliveryProof of Delivery Delivering MTA or recipient can sign a message digest Impossible to prove that recipient got the message.¾ If recipient signs it before getting the last part of the message, it may not get complete message but has signed.¾ If recipient signs after getting the last part of the message, it may not sign but has the message.16-15©2009 Raj JainCSE571SWashington University in St. LouisVerifying Posting DateVerifying Posting Date Preventing Backdating: Notary signs and dates the message Preventing Postdating: Notary signs and dates the message along with a fact not known before the date, e.g., newspaper headline, lottery number, ...16-16©2009 Raj JainCSE571SWashington University in St. LouisDigital PostmarksDigital Postmarks Post office can date stamp your document(Service available in USA and other countries also) Client software signs a document and sends it to DPM service DPM authenticates the signature, generates a timestamp and signs the resulting package (hash of message, signature, time) The DPM receipt is sent to the client software and also stored in a non-repudiation database with the message and signature The client software wraps the original document and DPM receipt Anyone can verify the signature and time Original document can be requested from DPM service database www.usps.com/electronicpostmark/16-17©2009 Raj JainCSE571SWashington University in St. LouisAnonymityAnonymity penet.fi allowed two-way communication. Assigned code name to sender. If someone replies they are also assigned a code name¾ Assigned code name to the source exploder of the replies. Message Flow Confidentiality¾ Can send random messages through third party¾ Can use several
View Full Document