Administration Computer Security CS477 Homework 3 Part 2 is on due on Nov 12th Lecture 14 Ching Hua Chuan November 5th 2008 Today s Outline Electronic Mail Security Secure Multipurpose Internet Mail Extension S MIME Electronic Mail Protocols Improved format standard SMTP RFC 822 MIME Traditional e mail format standard S MIME Security enhancement of MIME Simple Mail Transfer Protocol SMTP RFC 822 SMTP RFC 822 Traditional e mail format standard Limitations of SMTP RFC 822 Can t transmit executable files or other binary objects Can t transmit national language characters non ASCII Reject messages over a certain size ASCII to EBCDIC translation problems Implementations do not adhere to the STMP standards Ex Truncating lines longer than 76 characters Multipurpose Internet Mail Extensions MIME MIME An Example Message of RFC 822 Intended to resolve the problems in RFC 822 implementations Header Fields in MIME MIME Version Content Type Overview of MIME Five new message header fields are defined A number of content formats are defined standardizing representations that support multimedia e mail Transfer encodings are defined Capable of handling content such as jpeg mpeg PostScript Content Transfer Encoding Content ID Unique identify MIME entities in multiple contexts Content Description Text description of the object with the body readable An Example Message of MIME S MIME S MIME IETF standard tracks S MIME Functions Algorithms Used in S MIME Encrypted content and encrypted session keys Signed data Encrypt message digest with private key Signature and content are encoded Clear signed data S MIME will emerge as the industry standard for commercial and organization use PGP will remain the choice for personal e mail security Enveloped data A security enhancement to the MIME Internet email format standard Various arrangements for encrypting and signing Must RSA should Diffie Hellman Encrypting message Must SHA 1 should MD5 DSS RSA Encrypting session key Signed but only signature is encoded Signed and Enveloped Data Creating MD and encrypting MD to for digital signature Must DES should AES RC2 40 Creating a MAC Must HMAC with SHA 1 S MIME Examples Signed Data S MIME Examples Cont d Clear Signing plaintext signature User Agent Role Key management functions Key generation VeriSign Certificates Must key pairs of Diffie Hellman and DSS Should RSA key pairs with a length 768 to 1024 bits Registration A user s public key MUST be registered with a CA to receive X 509 public key certificate VeriSign Digital ID minimum Certificate storage and retrieval A user requires access to a local list of certificates in order to verify incoming signatures and to encrypt outgoing messages An Internet based company provides certification authority CA services It is intended to be compatible with S MIME It issues X 509 certificates and VeriSign Digital ID Owner s public key owner s name or alias expiration date serial number name and digital signature of the certificate authority VeriSign Certificates Three levels classes Class 1 User s email address confirmed by emailing PIN and ID pickup info Class 2 Postal address is confirmed as well and data checked against directories Class 3 User must apply in person or provide notarized documents Enhanced Security Services Signed receipts Security labels Electronic Mail Security Secure Multipurpose Internet Mail Extension S MIME Relations between SMTP MIME S MIME Security functions in S MIME User agent role VeriSign certificates Enhanced security services Security information including access right priority secret confidential restricted and so on or role based Secure mailing lists Today s Summary A signed receipt may be requested Per recipient processing use each recipient s public key