KEMBAR78
Lecture 10 | PDF | Public Key Cryptography | Transport Layer Security
0% found this document useful (0 votes)
32 views42 pages

Lecture 10

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
32 views42 pages

Lecture 10

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 42

Application-Level Security

Electronic Mail Security


Application-level Security Protocols

• The call for and desire for security and privacy has led to
several security protocols and standards.
• Among these are: Secure Socket Layer (SSL) and Transport
Layer Security (TLS) Protocols; secure IP (IPSec); Secure
HTTP (S-HTTP), secure E-mail ( PGP and S/MIME), DNDSEC,
SSH, and others.

2
Pretty Good Privacy (PGP)
• Encryption of e-mails and any other forms of communication
is vital for the security, confidentiality, and privacy of
everyone. This is where PGP comes in and this is why PGP is
so popular today.
• Provides a confidentiality and authentication service that
can be used for electronic mail and file storage applications
• PGP works by creating a circle of trust among its users. In
the circle of trust, users, starting with two, form a key ring of
public key/name pairs kept by each user. Joining this “trust
club” means trusting and using the keys on somebody’s key
ring.

3
Pretty Good Privacy (PGP)

• Developed by Phil Zimmermann


• Selected the best available cryptographic algorithms as
building blocks
• Integrated these algorithms into a general-purpose
application that is independent of operating system and
processor and that is based on a small set of easy-to-use
commands
• Made the package and its documentation, including the
source code, freely available via the Internet, bulletin
boards, and commercial networks
• Entered into an agreement with a company to provide a
fully compatible, low-cost commercial version of PGP
4
PGP Growth

It is available free worldwide in versions that run on a variety of platforms

The commercial version satisfies users who want a product that comes with
vendor support

It is based on algorithms that have survived extensive public review and are
considered extremely secure

It has a wide range of applicability

It was not developed by, nor is it controlled by, any governmental or standards
organization

Is now on an Internet standards track, however it still has an aura of an


antiestablishment endeavor

5
Summary of PGP Services

6
PGP Authentication
• Combination of SHA-1 and RSA provides an effective
digital signature scheme
• Because of the strength of RSA the recipient is assured that only
the possessor of the matching private key can generate the
signature
• Because of the strength of SHA-1 the recipient is assured that no
one else could generate a new message that matches the hash
code

• As an alternative, signatures can be generated


using DSS/SHA-1
• Detached signatures are supported
• Each person’s signature is independent
and therefore applied only to the
document
7
PGP Confidentiality
• Provided by encrypting messages to be transmitted or to be
stored locally as files
• In both cases the symmetric encryption algorithm CAST-128 may be
used
• Alternatively IDEA or 3DES may be used
• The 64-bit cipher feedback (CFB) mode is used
In PGP each symmetric key is used only once

• Although referred to as a session key, it is in reality a one-


time key
• Session key is bound to the message and transmitted with it
• To protect the key, it is encrypted with the receiver’s public
key

• As an alternative to the use of RSA for key encryption, PGP uses


ElGamal, a variant of Diffie-Hellman that provides
encryption/decryption 8
PGP Confidentiality and Authentication
• Both services may be used for the same message
• First a signature is generated for the plaintext message and
prepended to the message
• Then the plaintext message plus signature is encrypted using
CAST-128 (or IDEA or 3DES) and the session key is encrypted using
RSA (or ElGamal)
• When both services are used:

The sender first And finally encrypts


Then encrypts the
signs the message the session key with
message with a
with its own private the recipient’s
session key
key public key

9
PGP Compression
• As a default, PGP compresses the message after applying the
signature but before encryption
• This has the benefit of saving space both for e-mail transmission and
for file storage
• The placement of the compression algorithm is critical
• Applying the hash function and signature after compression would constrain all
PGP implementations to the same version of the compression algorithm
• Message encryption is applied after compression to strengthen cryptographic
security
• The compression algorithm used is ZIP

10
PGP E-mail Compatibility
• Many electronic mail systems only permit the use of
blocks consisting of ASCII text
• To accommodate this restriction, PGP provides the service of
converting the raw 8-bit binary stream to a stream of printable
ASCII characters
• The scheme used for this purpose is radix-64 conversion
• Each group of three octets of binary data is mapped into four ASCII characters
• This format also appends a CRC to detect transmission errors

11
12
13
Secure/Multipurpose Internet Mail
Extension (S/MIME)
• A security enhancement to the MIME Internet e-mail format
standard based on technology from RSA Data Security
• Defined in:
• RFCs 3370, 3850, 3851, 3852

14
RFC 5322
• Defines a format for text messages that are sent using
electronic mail
• Messages are viewed as having an envelope and contents
• The envelope contains whatever information is needed to
accomplish transmission and delivery
• The contents compose the object to be delivered to the recipient
• RFC 5322 standard applies only to the contents
• The content standard includes a set of header fields that
may be used by the mail system to create the envelope

15
Multipurpose Internet Mail Extensions
(MIME)
MIME specification includes the following
• An extension to the RFC elements:
5322 framework that is
intended to address some
of the problems and Transfer encodings Five new message
limitations of the use of are defined that header fields are
Simple Mail Transfer enable the defined, which may
Protocol (SMTP) conversion of any be included in an
RFC 5322 header;
• Is intended to resolve content format into
a form that is these fields provide
these problems in a protected from information about
manner that is alteration by the the body of the
compatible with existing mail system message
RFC 5322
implementations
• The specification is A number of content
provided in RFCs 2045 formats are defined, thus
through 2049 standardizing
representations that
support multimedia
electronic mail
16
The Five Header Fields Defined in MIME
MIME-Version

• Must have the parameter value 1.0


• This field indicates that the message conforms to RFCs 2045 and 2046

Content-Type

• Describes the data contained in the body with sufficient detail that the receiving user agent
can pick an appropriate agent or mechanism to represent the data to the user or otherwise
deal with the data in an appropriate manner

Content-Transfer-Encoding

• Indicates the type of transformation that has been used to represent the body of the message
in a way that is acceptable for mail transport

Content-ID

• Used to identify MIME entities uniquely in multiple contexts

Content-Description

• A text description of the object with the body; this is useful when the object is not readable
17
MIME
Content
Types

18
MIME Transfer Encodings

19
20
Native and Canonical Form

21
S/MIME Functionality
Enveloped data Signed data
• Consists of encrypted content of any type and • A digital signature is formed by taking the message
encrypted content encryption keys for one or more digest of the content to be signed and then
recipients encrypting that with the private key of the signer
• The content plus signature are then encoded using
base64 encoding
• A signed data message can only be viewed by a
recipient with S/MIME capability

S/MIME

Clear-signed data Signed and enveloped data


• Only the digital signature is encoded using base64 • Signed-only and encrypted-only entities may be
• As a result recipients without S/MIME capability nested, so that encrypted data may be signed and
can view the message content, although they signed data or clear-signed data may be encrypted
cannot verify the signature

22
Cryptographic

Algorithms

Used in

S/MIME

23
S/MIME Content Types

24
Securing a MIME Entity
• S/MIME secures a MIME entity with a signature,
encryption, or both
• The MIME entity is prepared according to the normal
rules for MIME message preparation
• The MIME entity plus some security-related data, such as
algorithm identifiers and certificates, are processed by S/MIME to
produce what is known as a PKCS object
• A PKCS object is then treated as message content and wrapped in
MIME
• In all cases the message to be sent is converted to
canonical form

25
EnvelopedData
• The steps for preparing an envelopedData MIME are:

Generate a pseudorandom session key for a particular symmetric


encryption algorithm

For each recipient, encrypt the session key with the recipient’s
public RSA key

For each recipient, prepare a block known as RecipientInfo


that contains an identifier of the recipient’s public-key certificate,
an identifier of the algorithm used to encrypt the session key,
and the encrypted session key

Encrypt the message content with the session key

26
SignedData

• The steps for preparing a


signedData MIME are:

Prepare a block
known as
Encrypt the SignerInfo
message digest with that contains the
the signer’s private signer’s public-key
key certificate, an
Compute the identifier of the
message digest (hash message digest
function) of the algorithm, an
content to be signed identifier of the
algorithm used to
Select a message encrypt the
digest algorithm message digest,
(SHA or MD5) and the encrypted
message digest

27
Clear Signing

• Achieved using the multipart content type with a signed


subtype
• This signing process does not involve transforming the
message to be signed
• Recipients with MIME capability but not S/MIME
capability are able to read the incoming message

28
S/MIME Certificate Processing

• S/MIME uses public-key certificates that conform to version


3 of X.509
• The key-management scheme used by S/MIME is in some
ways a hybrid between a strict X.509 certification hierarchy
and PGP’s web of trust
• S/MIME managers and/or users must configure each client
with a list of trusted keys and with certificate revocation lists
• The responsibility is local for maintaining the certificates needed to
verify incoming signatures and to encrypt outgoing messages
• The certificates are signed by certification authorities

29
User Agent Role
• An S/MIME user has several key-management functions to
perform:
Certificate storage and
Key generation Registration
retrieval

The user of some related A user’s public key must be A user requires access to a
administrative utility must be registered with a certification local list of certificates in
capable of generating separate authority in order to receive an order to verify incoming
Diffie-Hellman and DSS key pairs X.509 public-key certificate signatures and to encrypt
and should be capable of outgoing messages
generating RSA key pairs

A user agent should generate


RSA key pairs with a length in
the range of 768 to 1024 bits
and must not generate a length
of less than 512 bits
30
VeriSign Certificates
• VeriSign provides a certification authority (CA) service that
is intended to be compatible with S/MIME and a variety of
other applications
• Issues X.509 certificates with the product name VeriSign
Digital ID
• At a minimum, each Digital ID contains:
• Owner’s public key
• Owner’s name or alias
• Expiration date of the Digital ID
• Serial number of the Digital ID
• Name of the certification authority that issued the Digital ID
• Digital signature of the certification authority that issued the
Digital ID
31
VeriSign Public-Key Certificate Classes

IA Issuing Authority
CA Certification Authority
PCA VeriSign public primary certification authority
PIN Personal Identification Number 32
LRAA Local Registration Authority Administrator
Enhanced Security Services

• Three enhanced security services have been proposed in an


Internet draft:
• Signed receipt
• Returning a signed receipt provides proof of delivery to the originator of a
message and allows the originator to demonstrate to a third party that the
recipient received the message
• Security labels
• A set of security information regarding the sensitivity of the content that is
protected by S/MIME encapsulation
• Secure mailing lists
• An S/MIME Mail List Agent (MLA) can take a single incoming message, perform the
recipient-specific encryption for each recipient, and forward the message

33
34
E-mail Threats
• RFC 4684 (Analysis of • Characterized on three levels
Threats Motivating of threat:
DomainKeys Identified
Mail)
The most sophisticated and financially
• Describes the threats being motivated senders of messages are those
who stand to receive substantial financial
addressed by DKIM in benefit, such as from an e-mail based
terms of the fraud scheme

characteristics, capabilities,
and location of potential
The next level are professional senders of
attackers bulk spam mail and often operate as
commercial enterprises and send
messages on behalf of third parties

At the low end are attackers who simply


want to send e-mail that a recipient does
not want to receive

35
36
37
Summary

• Pretty good privacy •S/MIME


• Notation
•RFC 5322
• Operational description
•Multipurpose Internet mail
• DomainKeys Identified extensions
Mail •S/MIME functionality
• Internet mail architecture •S/MIME messages
• E-mail threats •S/MIME certification
• DKIM strategy processing
• DKIM functional flow •Enhanced security services

38
• Secure-HTTP (S-HTTP)
• Secure HTTP (S-HTTP) extends the Hypertext Transfer
Protocol (HTTP).
• When HTTP was developed, it was developed for a Web that
was simple, that did not have dynamic graphics, that did not
require, at that time, hard encryption for end-to-end
transactions that have since developed.
• As the Web became popular for businesses users realized
that current HTTP protocols needed more cryptographic and
graphic improvements if it were to remain the e-commerce
backbone it had become.

39
• Each S-HTTP file is either encrypted, contains a digital
certificate, or both.
• S-HTTP design provides for secure communications,
primarily commercial transactions, between a HTTP client
and a server.
• It does this through a wide variety of mechanisms to provide
for confidentiality, authentication, and integrity while
separating policy from mechanism.
• HTTP messages contain two parts: the header and the body
of the message. The header contains instructions to the
recipients (browser and server) on how to process the
message’s body

40
• During the transfer transaction, both the client browser and
the server, use the information contained in the HTTP
header to negotiate formats they will use to transfer the
requested information.
• The S-HTTP protocol extends this negotiation between the
client browser and the server to include the negotiation for
security matters. Hence S-HTTP uses additional headers for
message encryption, digital certificates and authentication in
the HTTP format which contains additional instructions on
how to decrypt the message body ( see both headers)

41
• Hypertext Transfer Protocol over Secure Socket Layer
(HTTPS)
• HTTPS is the use of Secure Sockets Layer (SSL) as a sub-layer
under the regular HTTP in the application layer. It is also
referred to as Hypertext Transfer Protocol over Secure
Socket Layer (HTTPS) or HTTP over SSL, in short.
• HTTPS is a Web protocol developed by Netscape, and it is
built into its browser to encrypt and decrypt user page
requests as well as the pages that are returned by the Web
server. HTTPS uses port 443 instead of HTTP port 80 in its
interactions with the lower layer, TCP/IP

42

You might also like