Unformatted text preview:

Computer Security CS477Lecture 14Ching-Hua ChuanNovember 5th2008Administration Homework 3 Part 2 is on (due on Nov 12th)Today’s Outline Electronic Mail Security Secure/Multipurpose Internet Mail Extension (S/MIME)Electronic Mail ProtocolsSMTPRFC 822MIMES/MIMETraditional e-mail format standardImproved format standardSecurity enhancement of MIMESimple Mail Transfer Protocol (SMTP, RFC 822) SMTP/RFC 822 Traditional e-mail format standard Limitations of SMTP/RFC 822 Can’t transmit executable files, or other binary objects Can’t transmit “national language” characters (non-ASCII) Reject messages over a certain size ASCII to EBCDIC translation problems Implementations do not adhere to the STMP standards (Ex. Truncating lines longer than 76 characters)An Example Message of RFC 822Multipurpose Internet Mail Extensions (MIME) MIME Intended to resolve the problems in RFC 822 implementations. Overview of MIME Five new message header fields are defined. A number of content formats are defined, standardizing representations that support multimedia e-mail. Transfer encodings are defined.Header Fields in MIME MIME-Version Content-Type Capable of handling content such as jpeg, mpeg, PostScript Content-Transfer-Encoding  Content-ID Unique identify MIME entities in multiple contexts. Content Description Text description of the object with the body (readable)An Example Message of MIME S/MIME S/MIME:  A security enhancement to the MIME Internet e-mail format standard. IETF standard tracks S/MIME: will emerge as the industry standard for commercial and organization use. PGP: will remain the choice for personal e-mail security.S/MIME Functions Enveloped data Encrypted content and encrypted session keys  Signed data Encrypt message digest with private key Signature and content are encoded Clear-signed data Signed but only signature is encoded Signed and Enveloped Data Various arrangements for encrypting and signing.Algorithms Used in S/MIME Creating MD and encrypting MD to for digital signature Must: SHA-1, should: MD5, DSS, RSA Encrypting session key Must: RSA, should: Diffie-Hellman Encrypting message Must: DES, should: AES, RC2/40 Creating a MAC Must: HMAC with SHA-1S/MIME ExamplesSigned DataS/MIME Examples (Cont’d)Clear SigningplaintextsignatureUser Agent Role Key-management functions Key generation Must: key pairs of Diffie-Hellman and DSS Should: RSA key pairs with a length 768 to 1024 bits. Registration A user’s public key MUST be registered with a CA to receive X.509 public-key certificate. Certificate storage and retrieval A user requires access to a local list of certificates, in order to verify incoming signatures and to encrypt outgoing messages.VeriSign Certificates VeriSign An Internet-based company provides certification authority (CA) services. It is intended to be compatible with S/MIME. It issues X.509 certificates and VeriSign Digital ID. Digital ID (minimum) Owner’s public key, owner’s name or alias, expiration date, serial number, name and digital signature of the certificate authority.VeriSign Certificates Three levels/classes Class-1: User’s email address confirmed by emailing PIN and ID pickup info. Class-2: Postal address is confirmed as well, and data checked against directories. Class-3: User must apply in person, or provide notarized documents.Enhanced Security Services Signed receipts A signed receipt may be requested. Security labels Security information including access right, priority (secret, confidential, restricted, and so on) or role based. Secure mailing lists Per-recipient processing: use each recipient’s public key.Today’s Summary Electronic Mail Security Secure/Multipurpose Internet Mail Extension (S/MIME) Relations between SMTP, MIME, S/MIME Security functions in S/MIME User agent role VeriSign certificates Enhanced security


View Full Document

BARRY CS 477 - LECTURE

Download LECTURE
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view LECTURE and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view LECTURE 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?