26/11/2017



1



Lecturer: Nguyễn Thị Thanh Vân – FIT - HCMUTE



Introduction



Pretty Good Privacy



S/MIME



DomainKeys Identified Mail

2

1

26/11/2017




email is one of the most widely used and regarded
network services
currently message contents are not secure
 may be inspected either in transit
 or by suitably privileged users on destination system

3



confidentiality
 protection from disclosure



authentication
 of sender of message



message integrity
 protection from modification




non-repudiation of origin
 protection from denial by sender

4

2


26/11/2017











is an encryption strategy for (de)encrypting and signing
data in general and email/messages in specific.
developed by Phil Zimmermann.
provides a confidentiality and authentication service
selected best available crypto algothirms to use
integrated into a single program
on Unix, PC, Macintosh and other systems
originally free, now also have commercial versions
available


5



The actual operation of PGP consists of four services:
o Authentication: using Digital signature

• DSS/SHA or
• RSA/SHA
o Confidentiality:

•
•
•
•

CAST or
IDEA or
Three-key Triple DES with Diffie-Hellman (key exchange algorithm)
RSA

o Compression

• ZIP
o e-mail compatibility:

• Radix-64 conversion

6


3


26/11/2017

7

The digital signature service provided
by PGP

The sender creates a message.
SHA-1 is used to generate a 160-bit hash code of the message.
3. Encrypt H with RSA using PR a, and the result is prepended to the message.
4. Uses RSA with the PU a to decrypt and recover the hash code.
5. The receiver generates a new hash code for the message and compares it with
the decrypted hash code. If the two match, the message is accepted as authentic.
1.

2.

- PGP support the use of DSS signatures. It can be useful in:
-

to maintain a separate signature log of all messages sent or received;
or on an executable program to detect subsequent virus infection,
or w hen more than one party must sign a document

8

4



26/11/2017



Confidentiality is provided by encrypting messages to be transmitted
or to be stored locally as files:

1.

generates a message and a session key (random 128-bit number): one-time
key – use only once)
encrypts message using CAST-128 (or IDEA or 3DES) with session key
attaches session keyencrypted with RSA using the recipient’s public key
receiver decrypts & recovers session key
session key is used to decrypt message using RSA with its private key

2.
3.

4.
5.



Recent PGP versions also support the use of ElGamal (a Diffie-Hellman
variant) for session-key exchange
9




can use both services on same message
o the sender signs the message with its own private key, att to M
o then encrypts the message with a session key using CAST-128

(or IDEA or 3DES)
o and then encrypts the session key with the recipient's public key

using RSA (or ElGamal)

10

5


26/11/2017

11



by default, PGP compresses message after signing
so can store uncompressed message & signature
for later verification
o & because compression is non deterministic
o




signing

but PGP compresses before encrypting:
o to strengthen cryptographic security.

compress

o compressed message has less redundancy

than the original plaintext,
o cryptanalysis is more difficult

encrypting


uses ZIP compression algorithm
12

6


26/11/2017






when using PGP will have binary data to send (encrypted)
however email was designed only for text

hence PGP must encode raw binary data into printable
ASCII characters
uses radix-64 algorithm
o maps 3 bytes to 4 printable chars

o also appends a CRC



PGP also segments messages if too big

Text
ASCII
Bit 0 1 0
Index
Base
64

M
77 (0x4d)
0 1 1 0
19
T

1

0

1
22

W

a
97 (0x61)
1 0 0 0

0

1
5
F

0

1

n
110 (0x6e)
1 0 1 1
46
u

1

0

13

14


7


26/11/2017



PGP makes use of four types of keys:
o one-time session symmetric keys,

o public keys,
o private keys, and

o passphrase-based symmetric keys.



need a session key for each message, using a
symmetric encryption algorithm
o of varying sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit

Triple-DES



generated using ANSI X12.17 mode
uses random inputs taken from previous uses and from
keystroke timing of user
15




since many public/private keys may be in use, need to
identify which is actually used to encrypt session key in a
message
o could send full public-key with every message
o but this is inefficient



rather use a key identifier based on key
o is least significant 64-bits of the key

o will very likely be unique



also use key ID in signatures

16

8


26/11/2017



the message component:
includes the actual data,

filename and
o a timestamp
o
o



a signature (optional):





timestamp, encrypted SHA-1,
the Key ID

a session key component
(optional):



the session key and
the identifier of the recipient's
public key

17



each PGP user has a pair of keyrings:

 public-key ring contains all the public-keys of other PGP users

known to this user, indexed by key ID
 private-key ring contains the public/private key pair(s) for this

user, indexed by key ID & encrypted keyed from a hashed
passphrase


security of private keys thus depends on the passphrase security

18

9


26/11/2017

19

20

10


26/11/2017

21

 rather


than relying on certificate authorities
 in PGP every user is own CA
o can sign keys for users they know directly
 forms a

“web of trust”

o trust keys have signed

o can trust keys others have signed if have a chain of

signatures to them
 key

ring includes trust indicators
 users can also revoke their keys
22

11


26/11/2017

23



e-mail format standards:
o Traditional - RFC 822: text only

o Internet Message Format - RFC 5322

o MIME (Multipurpose Internet Mail Extension) - RFC 2045-2049
o S/MIME





E-mail Format includes: header and the body.
Ex,

24

12


26/11/2017



MIME:
o an extension to the RFC 5322 framework
o solves some of the problems and limitations of the use of SMTP
• cannot transmit executable files or other binary objects
• cannot transmit text data that includes national language characters
• reject mail message over a certain size
….




The MIME specification includes the following elements.
o Five new message header fields (information about the body)
• MIME-Version, Content-Type, Content-Transfer-Encoding, Content-ID,
Content-Description.
o A number of content formats are defined
• Text, image, video….
o Transfer encodings are defined that enable the conversion of any

content format into a form that is protected from alteration by the mail
system
• 7bit, 8bit, and binary, base64
25



S/MIME:
o security enhancement to MIME email
o have S/MIME support in many mail agents

• eg MS Outlook, Mozilla, Mac Mail etc
o Provide many functions

o Use many cryptographic algorithms

26

13



26/11/2017



enveloped data
o encrypted content and associated keys



signed data
o encoded message + signed digest



clear-signed data
o cleartext message + encoded signed digest



signed & enveloped data
o nesting of signed & encrypted entities

27



digital signatures:
o DSS & RSA




hash functions:
o SHA-1 & MD5



session key encryption:
o ElGamal & RSA



message encryption:
o AES, Triple-DES, RC2/40 and others



MAC:
o HMAC with SHA-1



have process to decide which algs to use
28

14


26/11/2017







S/MIME secures a MIME entity with a signature,
encryption, or both
forming a MIME wrapped PKCS object
have a range of content-types:
 enveloped data: An encrypted S/MIME entity.
 signed data: A signed S/MIME entity

 clear-signed data
 registration request

 certificate only message

29








S/MIME uses X.509 v3 certificates
managed using a hybrid of a strict X.509 CA hierarchy &
PGP’s web of trust
each client has a list of trusted CA’s certs
and own public/private key pairs & certs

certificates must be signed by trusted CA’s

30

15


26/11/2017







have several well-known CA’s
Verisign one of most widely used
Verisign issues several types of Digital IDs
increasing levels of checks & hence trust
Class
Identity Checks
Usage
1
name/email check web browsing/email
2
+ enroll/addr check email, subs, s/w validate
3
+ ID documents
e-banking/service access


31



3 proposed enhanced security services:
o signed receipts:
• to provide proof of delivery to the originator of a message
• allow s the originator to demonstrate to a third party that the recipient
received the message
o security labels:
• Is a set of security information of the content that is protected by
S/MIME encapsulation.
• may be used for access control, w hich users are permitted access
o secure mailing lists:
• The user can do not use of each recipient's public key by employing the
services of an S/MIME Mail List Agent (MLA).
• An MLA can take a single incoming message, perform recipient-specific
encryption for each recipient, and forw ard the message.
• The originator of a message need only send the message to the MLA,
w ith encryption performed using the MLA's public key
32

16


26/11/2017

33





see RFC 4684- Analysis of Threats Motivating
DomainKeys Identified Mail
describes the problem space in terms of:
o range: low end, spammers, fraudsters
o capabilities in terms of where submitted, signed, volume, routing

naming etc
o outside located attackers

34

17


26/11/2017








a specification for cryptographically signing email
messages
so signing domain claims responsibility
recipients / agents can verify signature
proposed Internet Standard RFC 4871

has been widely adopted

35






to provide an email
authentication technique
transparent to user
o MSA sign
o MDA verify
for pragmatic reasons

36

18


26/11/2017

37



2 processes:
signing Administrative Management
Domain (ADMD) is performed by an

authorized module w ithin the signing
ADMD and uses private information
o verifying ADMD is performed by an
authorized module w ithin the verifying
ADMD and uses public information from
the Key Store.
o

• If the signature passes, reputation inf ormation
is used to assess the signer and that
inf ormation is passed to the message f iltering
sy stem.
• If the signature f ails or there is no signature
using the author's domain, inf ormation about
signing practices related to the author can be
retriev ed remotely and/or locally, and that
inf ormation is passed to the message f iltering
sy stem.
38

19


26/11/2017



have considered:
o secure email


o PGP
o S/MIME
o domain-keys identified email



Practice:
o Setup 1 mail server (on linux OS)
o Configure and add some tools to prevent from spams and

establish security policies for mail server.

39



Cryptography and Network Security, Principles
and Practice, William Stallings, Prentice Hall,
Sixth Edition, 2013
o Chapter 18
o Others

40

20