csce 815 network security lecture 12 email security s/mime february 25, 2003
TRANSCRIPT
CSCE 815 Network Security CSCE 815 Network Security Lecture 12 Lecture 12CSCE 815 Network Security CSCE 815 Network Security Lecture 12 Lecture 12
Email SecurityEmail Security
S/MIMES/MIME
February 25, 2003
– 2 – CSCE 815 Sp 03
PGP Operation – SummaryPGP Operation – Summary
– 3 – CSCE 815 Sp 03
ZIV compressionZIV compressionCompression based on recognizing repetitionsCompression based on recognizing repetitions
Based on Jacab Ziv and Abraham Lempel (Ziv-Lempel or LZ77)Based on Jacab Ziv and Abraham Lempel (Ziv-Lempel or LZ77)
<00b><27d><13d> 0r 00 00011010 1101<00b><27d><13d> 0r 00 00011010 1101
Sliding history buffer --- look-ahead bufferSliding history buffer --- look-ahead buffer
Decompression easy.Decompression easy.
– 4 – CSCE 815 Sp 03
Radix 64 ConversionRadix 64 Conversion
Table 5.9 – 6 bit Input versus character outputTable 5.9 – 6 bit Input versus character output
– 5 – CSCE 815 Sp 03
RFC 822RFC 822
Defines a format for text messages that are sent via Defines a format for text messages that are sent via emailemail
MIME is an extension for RFC 822 intended to address MIME is an extension for RFC 822 intended to address some problemssome problems
1.1. SMTP cannot handle binariesSMTP cannot handle binaries
2.2. SMTP cannot handle extended character sets of SMTP cannot handle extended character sets of specific languagesspecific languages
3.3. SMTP may reject large messagesSMTP may reject large messages
4.4. SMTP fails to handle ASCII SMTP fails to handle ASCII EBCIDIC translationsEBCIDIC translations
5.5. SMTP gateways cannot handle non textual dataSMTP gateways cannot handle non textual data
– 6 – CSCE 815 Sp 03
Multipurpose Internet Mail ExtensionsMultipurpose Internet Mail ExtensionsMIME - Adds new headers (RFC 822,2045)MIME - Adds new headers (RFC 822,2045)
MIME 5 header fieldsMIME 5 header fields MIME-version Content-Type Content-Transfer-Encoding Content-ID Content-Description
– 7 – CSCE 815 Sp 03
Content TypesContent Types
1.1. Text: Text: plain, richtext, enriched
2.2. Multipart: Multipart: mixed, parallel, parts can be analyzed in parallel digest, an electronic mail digest alternative
3.3. Message: RFC822, partial, external-bodyMessage: RFC822, partial, external-body
4.4. Application: octet-stream, postscriptApplication: octet-stream, postscript
5.5. Image: jpeg, gifImage: jpeg, gif
6.6. AudioAudio
7.7. Video: mpegVideo: mpeg
– 8 – CSCE 815 Sp 03
Content-Transfer-EncodingsContent-Transfer-Encodings
Defined RFC 1521Defined RFC 1521
1.1. 7bit – NVT ASCII, the default7bit – NVT ASCII, the default
2.2. Binary – not only non-ASCII characters, but lines Binary – not only non-ASCII characters, but lines may be longmay be long
3.3. Quoted-printable – mostly ASCII text Quoted-printable – mostly ASCII text
4.4. Base-64 (radix 64)Base-64 (radix 64)
5.5. 8bit non-ASCII have the eighth bit set8bit non-ASCII have the eighth bit set
6.6. X-token – a nonstandard encodingX-token – a nonstandard encoding
– 9 – CSCE 815 Sp 03
S/MIMES/MIME
Secure/Multipurpose Internet Mail ExtensionSecure/Multipurpose Internet Mail Extension
S/MIME will probably emerge as the industry standard.S/MIME will probably emerge as the industry standard.
PGP for personal e-mail security PGP for personal e-mail security
– 10 – CSCE 815 Sp 03
Simple Mail Transfer Protocol (SMTP, RFC 822)Simple Mail Transfer Protocol (SMTP, RFC 822)
SMTP Limitations - Can not transmit, or has a problem with:SMTP Limitations - Can not transmit, or has a problem with:
executable files, or other binary files (jpeg image)
“national language” characters (non-ASCII)
messages over a certain size
ASCII to EBCDIC translation problems
lines longer than a certain length (72 to 254 characters)
– 11 – CSCE 815 Sp 03
Header fields in MIMEHeader fields in MIME
MIME-Version:MIME-Version: Must be “1.0” -> RFC 2045, RFC 2046 Must be “1.0” -> RFC 2045, RFC 2046
Content-Type:Content-Type: More types being added by developers (application/word) More types being added by developers (application/word)
Content-Transfer-Encoding:Content-Transfer-Encoding: How message has been encoded (radix-64) How message has been encoded (radix-64)
Content-ID:Content-ID: Unique identifying character string. Unique identifying character string.
Content Description:Content Description: Needed when content is not readable text (e.g.,mpeg) Needed when content is not readable text (e.g.,mpeg)
– 12 – CSCE 815 Sp 03
User Agent RoleUser Agent Role
S/MIME uses Public-Key Certificates - X.509 version 3 signed by S/MIME uses Public-Key Certificates - X.509 version 3 signed by Certification AuthorityCertification Authority
Functions:Functions:
Key Generation - Diffie-Hellman, DSS, and RSA key-pairs.
Registration - Public keys must be registered with X.509 CA.
Certificate Storage - Local (as in browser application) for different services.
Signed and Enveloped Data - Various orderings for encrypting and signing.
– 13 – CSCE 815 Sp 03
User Agent RoleUser Agent Role
Example: Verisign (www.verisign.com)Example: Verisign (www.verisign.com)
Class-1: Buyer’s email address confirmed by emailing vital info.
Class-2: Postal address is confirmed as well, and data checked against directories.
Class-3: Buyer must appear in person, or send notarized documents.
– 14 – CSCE 815 Sp 03
S/MIME FunctionsS/MIME Functions
enveloped dataenveloped data encrypted content and associated keys
signed datasigned data encoded message + signed digest
clear-signed dataclear-signed data cleartext message + encoded signed digest
signed & enveloped datasigned & enveloped data nesting of signed & encrypted entities
– 15 – CSCE 815 Sp 03
S/MIME Cryptographic AlgorithmsS/MIME Cryptographic Algorithms
hash functions: SHA-1 & MD5hash functions: SHA-1 & MD5
digital signatures: DSS & RSAdigital signatures: DSS & RSA
session key encryption: ElGamal & RSAsession key encryption: ElGamal & RSA
message encryption: Triple-DES, RC2/40 and othersmessage encryption: Triple-DES, RC2/40 and others
have a procedure to decide which algorithms to usehave a procedure to decide which algorithms to use
– 16 – CSCE 815 Sp 03
S/MIME Certificate ProcessingS/MIME Certificate Processing
S/MIME uses X.509 v3 certificatesS/MIME uses X.509 v3 certificates
managed using a hybrid of a strict X.509 CA hierarchy managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust& PGP’s web of trust
each client has a list of trusted CA’s certseach client has a list of trusted CA’s certs
and own public/private key pairs & certsand own public/private key pairs & certs
certificates must be signed by trusted CA’scertificates must be signed by trusted CA’s
– 17 – CSCE 815 Sp 03
Certificate AuthoritiesCertificate Authorities
have several well-known CA’shave several well-known CA’s
Verisign one of most widely usedVerisign one of most widely used
Verisign issues several types of Digital IDsVerisign issues several types of Digital IDs
with increasing levels of checks & hence trustwith increasing levels of checks & hence trust
Class Identity Checks Usage
1 name/email check web browsing/email
2+ enroll/addr check email, subs, s/w validate
3+ ID documents e-banking/service access
– 18 – CSCE 815 Sp 03
IP SecurityIP Security
have considered some application specific security have considered some application specific security mechanismsmechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS
however there are security concerns that cut across however there are security concerns that cut across protocol layersprotocol layers
would like security implemented by the network for all would like security implemented by the network for all applicationsapplications
– 19 – CSCE 815 Sp 03
IPSecIPSec
general IP Security mechanismsgeneral IP Security mechanisms
providesprovides authentication confidentiality key management
applicable to use over LANs, across public & private applicable to use over LANs, across public & private WANs, & for the InternetWANs, & for the Internet
– 20 – CSCE 815 Sp 03
IPSec UsesIPSec Uses
– 21 – CSCE 815 Sp 03
Benefits of IPSecBenefits of IPSec
in a firewall/router provides strong security to all traffic in a firewall/router provides strong security to all traffic crossing the perimetercrossing the perimeter
is resistant to bypassis resistant to bypass
is below transport layer, hence transparent to is below transport layer, hence transparent to applicationsapplications
can be transparent to end userscan be transparent to end users
can provide security for individual users if desiredcan provide security for individual users if desired
– 22 – CSCE 815 Sp 03
IP Security ArchitectureIP Security Architecture
specification is quite complexspecification is quite complex
defined in numerous RFC’sdefined in numerous RFC’s incl. RFC 2401/2402/2406/2408 many others, grouped by category
mandatory in IPv6, optional in IPv4mandatory in IPv6, optional in IPv4
– 23 – CSCE 815 Sp 03
IPSec ServicesIPSec Services
Access controlAccess control
Connectionless integrityConnectionless integrity
Data origin authenticationData origin authentication
Rejection of replayed packetsRejection of replayed packets a form of partial sequence integrity
Confidentiality (encryption)Confidentiality (encryption)
Limited traffic flow confidentialityLimited traffic flow confidentiality
– 24 – CSCE 815 Sp 03
Security AssociationsSecurity Associations
a one-way relationship between sender & receiver that a one-way relationship between sender & receiver that affords security for traffic flowaffords security for traffic flow
defined by 3 parameters:defined by 3 parameters: Security Parameters Index (SPI) IP Destination Address Security Protocol Identifier
has a number of other parametershas a number of other parameters seq no, AH & EH info, lifetime etc
have a database of Security Associationshave a database of Security Associations
– 25 – CSCE 815 Sp 03
Authentication Header (AH)Authentication Header (AH)
provides support for data integrity & authentication of provides support for data integrity & authentication of IP packetsIP packets end system/router can authenticate user/app prevents address spoofing attacks by tracking sequence
numbers
based on use of a MACbased on use of a MAC HMAC-MD5-96 or HMAC-SHA-1-96
parties must share a secret keyparties must share a secret key
– 26 – CSCE 815 Sp 03
Authentication HeaderAuthentication Header
– 27 – CSCE 815 Sp 03
Transport & Tunnel ModesTransport & Tunnel Modes
– 28 – CSCE 815 Sp 03
Encapsulating Security Payload (ESP)Encapsulating Security Payload (ESP)
provides provides message content confidentiality & limited message content confidentiality & limited traffic flow confidentialitytraffic flow confidentiality
can optionally can optionally provide the same authentication services provide the same authentication services as AHas AH
supports range of ciphers, modes, paddingsupports range of ciphers, modes, padding incl. DES, Triple-DES, RC5, IDEA, CAST etc CBC most common pad to meet blocksize, for traffic flow
– 29 – CSCE 815 Sp 03
Encapsulating Security PayloadEncapsulating Security Payload
– 30 – CSCE 815 Sp 03
Transport vs Tunnel Mode ESPTransport vs Tunnel Mode ESP
transport mode is used to encrypt & optionally transport mode is used to encrypt & optionally authenticate IP dataauthenticate IP data data protected but header left in clear can do traffic analysis but is efficient good for ESP host to host traffic
tunnel mode encrypts entire IP packettunnel mode encrypts entire IP packet add new header for next hop good for VPNs, gateway to gateway security
– 31 – CSCE 815 Sp 03
Combining Security AssociationsCombining Security Associations
SA’s can implement either AH or ESPSA’s can implement either AH or ESP
to implement both need to combine SA’sto implement both need to combine SA’s form a security bundle
have 4 cases (see next)have 4 cases (see next)
– 32 – CSCE 815 Sp 03
Combining Security AssociationsCombining Security Associations
– 33 – CSCE 815 Sp 03
Key ManagementKey Management
handles key generation & distributionhandles key generation & distribution
typically need 2 pairs of keystypically need 2 pairs of keys 2 per direction for AH & ESP
manual key managementmanual key management sysadmin manually configures every system
automated key managementautomated key management automated system for on demand creation of keys for SA’s
in large systems has Oakley & ISAKMP elements
– 34 – CSCE 815 Sp 03
OakleyOakley
a key exchange protocola key exchange protocol
based on Diffie-Hellman key exchangebased on Diffie-Hellman key exchange
adds features to address weaknessesadds features to address weaknesses cookies, groups (global params), nonces, DH key exchange
with authentication
can use arithmetic in prime fields or elliptic curve fieldscan use arithmetic in prime fields or elliptic curve fields
– 35 – CSCE 815 Sp 03
ISAKMPISAKMP
Internet Security Association and Key Management Internet Security Association and Key Management ProtocolProtocol
provides framework for key managementprovides framework for key management
defines procedures and packet formats to establish, defines procedures and packet formats to establish, negotiate, modify, & delete SAsnegotiate, modify, & delete SAs
independent of key exchange protocol, encryption alg, independent of key exchange protocol, encryption alg, & authentication method& authentication method
– 36 – CSCE 815 Sp 03
ISAKMPISAKMP
– 37 – CSCE 815 Sp 03
SummarySummary
have considered:have considered: IPSec security framework AH ESP key management & Oakley/ISAKMP
– 38 – CSCE 815 Sp 03
Chapter 6 IP SecurityChapter 6 IP Security
Internetworking and Internet Protocols (Appendix 6A)Internetworking and Internet Protocols (Appendix 6A)
IP Security OverviewIP Security Overview
IP Security ArchitectureIP Security Architecture
Authentication HeaderAuthentication Header
Encapsulating Security PayloadEncapsulating Security Payload
Combinations of Security AssociationsCombinations of Security Associations
Key ManagementKey Management
– 39 – CSCE 815 Sp 03
TCP/IP ExampleTCP/IP Example
– 40 – CSCE 815 Sp 03
IPv4 HeaderIPv4 Header
– 41 – CSCE 815 Sp 03
IPv6 HeaderIPv6 Header
– 42 – CSCE 815 Sp 03
IP Security OverviewIP Security Overview
IPSec is not a single protocol. Instead, IPSec IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a provides a set of security algorithms plus a general framework that allows a pair of general framework that allows a pair of communicating entities to use whichever communicating entities to use whichever algorithms provide security appropriate for the algorithms provide security appropriate for the communication.communication.
– 43 – CSCE 815 Sp 03
IP Security OverviewIP Security Overview
Applications of IPSecApplications of IPSec Secure branch office connectivity over the Internet Secure remote access over the Internet Establsihing extranet and intranet connectivity with partners Enhancing electronic commerce security
– 44 – CSCE 815 Sp 03
IP Security ScenarioIP Security Scenario
– 45 – CSCE 815 Sp 03
IP Security OverviewIP Security Overview
Benefits of IPSecBenefits of IPSec Transparent to applications (below transport layer (TCP, UDP) Provide security for individual users
IPSec can assure that:IPSec can assure that: A router or neighbor advertisement comes from an authorized
router A redirect message comes from the router to which the initial
packet was sent A routing update is not forged
– 46 – CSCE 815 Sp 03
IP Security ArchitectureIP Security Architecture
IPSec documents:IPSec documents: RFC 2401: An overview of security architecture RFC 2402: Description of a packet encryption extension to
IPv4 and IPv6 RFC 2406: Description of a packet emcryption extension to
IPv4 and IPv6 RFC 2408: Specification of key managament capabilities
– 47 – CSCE 815 Sp 03
IPSec Document OverviewIPSec Document Overview
– 48 – CSCE 815 Sp 03
IPSec ServicesIPSec Services
Access ControlAccess Control
Connectionless integrityConnectionless integrity
Data origin authenticationData origin authentication
Rejection of replayed packetsRejection of replayed packets
Confidentiality (encryption)Confidentiality (encryption)
Limited traffic flow confidentiallityLimited traffic flow confidentiallity
– 49 – CSCE 815 Sp 03
Recommended ReadingRecommended Reading
Comer, D. Comer, D. Internetworking with TCP/IP, Volume I: Internetworking with TCP/IP, Volume I: Principles, Protocols and ArchitecturePrinciples, Protocols and Architecture. Prentic Hall, . Prentic Hall, 19951995
Stevens, W. Stevens, W. TCP/IP Illustrated, Volume 1: The TCP/IP Illustrated, Volume 1: The ProtocolsProtocols. Addison-Wesley, 1994. Addison-Wesley, 1994