email security can an email be a secure communication method for delivering credit card...
Post on 21-Dec-2015
223 views
TRANSCRIPT
Email SecurityEmail Security
Can an email be a secure communication method for delivering credit card authorization, credit card document, health records, financial statement, legal digital signature and virtual goods? Why yes and why not.
1
2
Electronic mail security
3
OutlineOutline
BackgroundPretty good privacyS/MIMERecommended web sites
Threats to the security of e-mail itself
Loss of confidentialityE-mails are sent in clear over open networksE-mails stored on potentially insecure clients and mail servers
Loss of integrityNo integrity protection on e-mails; body can be altered in transit or on mail server
Lack of data origin authenticationLack of non-repudiationLack of notification of receipt
BackgroundBackground
Threats Enabled by E-mailDisclosure of sensitive information Exposure of systems to malicious codeDenial-of-Service (DoS)Unauthorized accesses etc.
BackgroundBackground
World-Wide Attack Trends World-Wide Attack Trends
6
25,000
50,000
75,000
100,000
125,000
150,000
1996 1997 1998 1999 2000 2001 2002 20030
Infe
cti
on
Att
emp
ts
*Analysis by Symantec Security Response using data from Symantec, IDC & ICSA; 2003 estimated **Source: CERT
100M
200M
300M
400M
500M
600M
700M
800M
900M
Ne
two
rk In
tru
sio
n A
tte
mp
ts
0
Blended Threats(CodeRed, Nimda, Slammer)
Denial of Service(Yahoo!, eBay)
Mass Mailer Viruses(Love Letter/Melissa)
Zombies
Polymorphic Viruses(Tequila)
Malicious CodeInfectionAttempts*
NetworkIntrusionAttempts**
BackgroundBackground
Spam Continues to Grow and Spam Continues to Grow and EvolveEvolve
7
BackgroundBackground
The Facts………The Facts………
8
At its peak, 1 out of every 12 emails was infected with MyDoom!
Exploits now appearing just 5 days after the vulnerability is publicly disclosed!
Code Red doubled its infection rate every37 minutes. Slammer doubled every 8.5 seconds, and
infected 90% of unprotected servers in 10 minutes!
BackgroundBackground
BackgroundBackground
In today’s electronic world, email is critical to any business being competitive. In most cases it now forms the backbone of most organisations’ day-to-day activities, and its use will continue to grow. According to the The Radicati Group’s study, “Microsoft Exchange and Outlook Analysis, 2005-2009,” the worldwide email market will grow from 1.2 billion mailboxes in 2005 to 1.8 billion mailboxes in 2009.As email becomes more prevalent in the market, the importance of email security becomes more significant.
9
Organizations are responsible for providing email security..
10
BackgroundBackground
11
BackgroundBackground
Question 1Question 1
Is the digitally signed email is a secure email?How about encrypted email?
12
Answer to Question 1Answer to Question 1
Is the digitally signed email is a secure email?How about encrypted email?
No, Even though it authenticates the sender, but it not provide message integrity and message confidentiality.
Encrypted email, when just message confidentiality is provided, is also not secure.
13
14
BackgroundBackground : ProblemsProblems
Did you know that when you send your email messages, they do not go directly to recipient mailboxes?
Did you know that your Internet Service Provider (ISP) stores copies of all your email messages on its mail servers before it tries to deliver them?
Do you know that someday all the information kept on the servers can be easily used against you?
Email Security is a system-tray local SMTP server program for Windows that lets you send email messages directly from your PC to recipient mailboxes ensuring your email security and privacy by means of bypassing your ISP's mail servers where your relevant information can be stored and viewed.
Did you also know that when you send an email message to a list of email addresses, the respondents can see each other in the email message header?
You think it is secure?
What are the Options ?
Secure the server to client connections (easy thing first)POP, IMAP over ssh, SSLhttps access to webmailVery easy to configureProtection against insecure wireless access
Secure the end-to-end email deliveryThe PGPs of the worldStill need to get the other party to be PGP awarePractical in an enterprise intra-network environment
BackgroundBackground
In particular, the security implications associated with the management of email storage, policy enforcement, auditing, archiving and data recovery. Managing large, active stores of information takes time and effort in order to avoid failures – failures that will impact the users and therefore the business, undoubtedly leading to lost productivity. By considering the service email provides to the business, email management can be broken down into a number of components: mail flow, storage, and user access – both at the server and user levels. Whilst each one of these components should be addressed separately, they must be viewed as part of a total security agenda.
16
BackgroundBackground
Mail FlowMail Flow
Mail flow can encompass many aspects of an email system. However, the security of mail flow is for the large part focused around the auditing and tracking of mails into and out of the organization. Monitoring the content and ensuring that any email that has been sent and received complies with business policy is fundamental. Proving who has sent or received email is a lawful requirement for many industries and email can often be used as evidence in fraud and human resource court cases.Another key aspect of the management of mail flow security is the protection of the business from malicious or unlawful attacks. It is at the gateway into the mail system where a business must protect itself via a variety of methods including hardware and software protection systems, such as spam filters and virus scanners.
17
Email StorageEmail Storage
Storing of the actual email data includes physical storage, logical storage, archiving systems as well as backup and recovery solutions. The biggest security threat to any email storage system is the potential for mail data to be lost. Most organizations see this threat as existing in the datacenter and spend many millions of pounds on securing it. In fact, the threat is most likely to come from lost or stolen hardware, such as laptops containing offline email files. When you consider that the number of employees working remotely is growing, including those who only work away from the office periodically, email security on laptops becomes more significant. Providing a managed method of archiving and controlling this data is therefore essential.
18
Email Client AccessEmail Client Access
The email client is another threat to the security of a business’s mail system. It is here that often the greatest threat to the businesses is found. With the increased viability of email access via the internet, another level of process and control needs to be addressed. Although secure when implemented properly the potential for people to illegally access this information is much higher. Consequently, organizations must focus their attentions to not only addressing the immediate security threats of the standard mail client from viruses and the like, they also need to invest in strategies for the control of access to mail data via the internet.
19
20
Email SecurityEmail Security
While sending, Email Security always breaks email messages addressed to a group of people to individual messages to ensure your security and security of your respondents. Also, Email Security does not leave any traces on your PC because it just gets your email messages from your email client and puts them in the recipient mailboxes at the same time without making any temporary files on your PC. Email Security supports all email programs like Outlook Express, Outlook, Eudora, etc. The email program you already use for sending and receiving messages can be connected to Email Security in a very easy way - just by using the word local host instead of your current SMTP host. Having done so, you can send messages in a usual manner. Install Email Security on your PC before it is too late!
21
Pretty Good PrivacyPretty Good Privacy
Philip R. Zimmerman is the creator of PGP.PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications.
22
Why Is PGP Popular?Why Is PGP Popular?
It is availiable free on a variety of platforms.Based on well known algorithms.Wide range of applicabilityNot developed or controlled by governmental or standards organizations
23
Why Is PGP Popular?Why Is PGP Popular?
It is available free worldwide in versions that run on a variety of platforms, including Windows, UNIX, Macintosh, and manymore. In addition, the commercial version satisfies users who want a product that comes with vendor support.
It is based on algorithms that have survived extensive public review and are considered extremely secure. Specifically, the package includes RSA, DSS, and Diffie-Hellman for public-key encryption; CAST-128, IDEA, and 3DES for symmetric encryption; and SHA-1 for hash coding.
It has a wide range of applicability, from corporations that wish to select and enforce a standardized scheme for encrypting files and messages to individuals who wish to communicate securely with others worldwide over the Internet and other networks.
It was not developed by, nor is it controlled by, any governmental or standards organization. For those with an instinctive distrust of "the establishment," this makes PGP attractive.
PGP is now on an Internet standards track (RFC 3156). Nevertheless, PGP still has an aura of an antiestablishment endeavor.
24
NotationNotation
Ks =session key used in symmetric encryption schemePRa =private key of user A, used in public-key encryption schemePUa =public key of user A, used in public-key encryption schemeEP = public-key encryptionDP = public-key decryptionEC = symmetric encryptionDC = symmetric decryptionH = hash function|| = concatenationZ = compression using ZIP algorithmR64 = conversion to radix 64 ASCII format
25
Operational DescriptionOperational Description
Consist of five services:AuthenticationConfidentialityCompressionE-mail compatibilitySegmentation
26
Summary of PGP ServicesSummary of PGP Services
27
AuthenticationAuthentication
Consist of five services:AuthenticationConfidentialityCompressionE-mail compatibilitySegmentation
28
PGP Cryptographic Functions - AuthenticationPGP Cryptographic Functions - Authentication
1. The sender creates a message.2. SHA-1 is used to generate a 160-bit hash code of the message.3. The hash code is encrypted with RSA using the sender's private key,
and the result is prepended to the message.4. The receiver uses RSA with the sender's public key to decrypt and
recover the hash code.5. The receiver generates a new hash code for the message and
compares it with the decrypted hash code. If the two match, the message is accepted as authentic.
29
PGP Cryptographic Functions - PGP Cryptographic Functions - ConfidentialityConfidentiality
1. The sender generates a message and a random 128-bit number to be used as a session key for this message only.
2. The message is encrypted, using CAST-128 (or IDEA or 3DES) with the session key.
3. The session key is encrypted with RSA, using the recipient's public key, and is prepended to the message.
4. The receiver uses RSA with its private key to decrypt and recover the session key.
5. The session key is used to decrypt the message.
30
PGP Cryptographic Functions – Confidentiality & PGP Cryptographic Functions – Confidentiality & AuthenticationAuthentication
1. First, a signature is generated for the plaintext message and prepended to the message.
2. Then the plaintext message plus signature is encrypted using CAST-128 (or IDEA or 3DES), and the session key is encrypted using RSA (or ElGamal).
3. Furthermore, for purposes of third-party verification, if the signature is performed first, a third party need not be concerned with the symmetric key when verifying the signature.
4. In summary, when both services are used, the sender first signs the message with its own private key, then encrypts the message with a session key, and then encrypts the session key with the recipient's public key.
31
CompressionCompressionPGP compresses the message after applying the signature but before encryptionThe placement of the compression algorithm is critical (ZIP- Appendix 15A) The signature is generated before compression for two reasons:
It is preferable to sign an uncompressed message so that one can store only the uncompressed message together with the signature for future verification. If one signed a compressed document, then it would be necessary either to store a compressed version of the message for later verification or to recompress the message when verification is required.
Even if one were willing to generate dynamically a recompressed message for verification, PGP's compression algorithm presents a difficulty. The algorithm is not deterministic; various implementations of the algorithm achieve different tradeoffs in running speed versus compression ratio and, as a result, produce different compressed forms. However, these different compression algorithms are interoperable because any version of the algorithm can correctly decompress the output of any other version. Applying the hash function and signature after compression would constrain all PGP implementations to the same version of the compression algorithm.
32
E-mail CompatibilityE-mail Compatibility
The scheme used is radix-64 conversion (see appendix 15B).The use of radix-64 expands the message by 33%.
Radix-64 Coding
33
Characters Conversion
34
E-mail CompatibilityE-mail Compatibility
The scheme used is radix-64 conversion (see appendix 5B).The use of radix-64 expands the message by 33%.
35
Radix-64 ConversionRadix-64 ConversionFor example, consider the 24-bit raw text sequence 00100011 01011100 10010001,
which can be expressed in hexadecimal as 235C91.
We arrange this input in blocks of 6 bits:001000 110101 110010 010001The extracted 6-bit decimal values are 8, 53, 50, 17.
Looking these up in Table radix-64 encoding as the followingcharacters: I1yR.
If these characters are stored in 8-bit ASCII format with parity bit set to zero, we have
01001001 00110001 01111001 01010010
In hexadecimal, this is 49317952.
36
Radix-64 ConversionRadix-64 Conversion
To summarize,
Input DataBinary representation 00100011 01011100 10010001Hexadecimal representation 235C91
Radix-64 Encoding of Input DataCharacter representation I1yRASCII code (8 bit, zero parity) 01001001 00110001 01111001 01010010Hexadecimal representation 49317952
37
Segmentation and Segmentation and ReassemblyReassembly
E-mail facilities often are restricted to a maximum message length. For example, many of the facilities accessible through the Internet impose a maximum length of 50,000 octets.
Any message longer than that must be broken up into smaller segments, each of which is mailed separately.
To accommodate this restriction, PGP automatically subdivides a message that is too large into segments that are small enough to send via e-mail.
The segmentation is done after all of the other processing, including the radix-64 conversion.
Thus, the session key component and signature component appear only once, at the beginning of the first segment. At the receiving end, PGP must strip off all e-mail headers and reassemble the entire original block before performing the steps illustrated in Figure 15.2b.
38
39
Summary of PGP Services Summary of PGP Services
Function Algorithm Used Digital Signature DSS/ SHA or
RSA/ SHA Message Encryption
CAST or I DEA or three-key triple DES with Diffi e-Hellman or RSA
Compression ZI P E-mail Compatibility
Radix-64 conversion
Segmentation -
RevisionRevisionWhen a mailbox is popped using standard POP3 protocol, the username and password are sent in the clear over the internet. What kind of threats could be in this scenario? How to prevent them?
40
AnswerAnswerWhen a mailbox is popped using standard POP3 protocol, the username and password are sent in the clear over the internet. What kind of threats could be in this scenario? How to prevent them?
This means, that anyone with the ability to "listen in" on your mail client's login session with your mail server can easily retrieve your username and password as well as read your email. In addition, once they have your password, they could read your email without your knowledge or permission or they could even send SPAM email from your accountThe best way to ensure no one can get your password (at least not without going to a huge amount of trouble) is to POP your email using a Secure Socket Layer (SSL) connection. This means that all data exchanged between your mail client and the server is encrypted with a digital security certificate making it [pretty close to] impossible for anyone with malicious intentions to steal your email and/or password.
41
42
Cryptography Keys & RingsCryptography Keys & Rings
43
Cryptography Keys & RingsCryptography Keys & Rings
PGP makes use of four types of keys: one-time session symmetric keys, public keys, private keys, and passphrase-based symmetric keys (explained subsequently). Three separate requirements can be identified with respect to these keys:
A means of generating unpredictable session keys is needed.
We would like to allow a user to have multiple public-key/private-key pairs. One reason is that the user may wish to change his or her key pair from time to time. When this happens, any messages in the pipeline will be constructed with an obsolete key. Furthermore, recipients will know only the old public key until an update reaches them. In addition to the need to change keys over time, a user may wish to have multiple key pairs at a given time to interact with different groups of correspondents or simply to enhance security by limiting the amount of material encrypted with any one key. The upshot of all this is that there is not a one-to-one correspondence between users and their public keys. Thus, some means is needed for identifying particular keys.
Each PGP entity must maintain a file of its own public/private key pairs as well as a file of public keys of correspondents.
44
Format of PGP MessageFormat of PGP Message
45
Key RingsKey Rings
46
Key RingsKey Rings
Timestamp: The date/time when this key pair was generated.
Key ID: The least significant 64 bits of the public key for this entry.Public key: The public-key portion of the pair.
Private key: The private-key portion of the pair; this field is encrypted.
User ID: Typically, this will be the user's e-mail address (e.g., [email protected]). However, the user may choose to associate a different name with each pair (e.g., Stallings, WStallings, WilliamStallings, etc.) or to reuse the same User ID more than once.
47
We are now in a position to show how these key rings are used in message transmission and reception. For simplicity, we ignore compression and radix-64 conversion in the following discussion. First consider message transmission (refer next slides) and assume that the message is to be both signed and encrypted. The sending PGP entity performs the following steps:
Signing the messagePGP retrieves the sender's private key from the private-key ring using your_userid as an index. If your_userid was not provided in the command, the first private key on the ring is retrieved.PGP prompts the user for the passphrase to recover the unencrypted private key.The signature component of the message is constructed.
Encrypting the messagePGP generates a session key and encrypts the message.PGP retrieves the recipient's public key from the public-key ring using her_userid as an index.The session key component of the message is constructed.
Key Rings are used in Message Key Rings are used in Message Generation/TransmissionGeneration/Transmission
48
Key Rings are used in Message Key Rings are used in Message Generation/TransmissionGeneration/Transmission
49
Decrypting the messagePGP retrieves the receiver's private key from the private-key ring, using the Key ID field in the session key component of the message as an index.PGP prompts the user for the passphrase to recover the unencrypted private key.PGP then recovers the session key and decrypts the message.
Authenticating the messagePGP retrieves the sender's public key from the public-key ring, using the Key ID field in the signature key component of the message as an index.PGP recovers the transmitted message digest.PGP computes the message digest for the received message and compares it to the transmitted message digest to authenticate.
PGP ReceptionPGP Reception
50
PGP ReceptionPGP Reception
Key Management for PGP
Public keys for encrypting session keys / verifying signatures.Private keys for decrypting session keys / creating signatures.Where do these keys come from and on what basis can they be trusted?
PGP Key Management
PGP adopts a trust model called the web of trust.No centralised authority Individuals sign one another’s public keys, these “certificates” are stored along with keys in key rings.PGP computes a trust level for each public key in key ring.Users interpret trust level for themselves.
PGP Trust Levels
Trust levels for public keys dependent on: Number of signatures on the key;Trust level assigned to each of those signatures.
Trust levels recomputed from time to time.
PGP Key Mgmt Issues
Original intention was that all e-mail users would contribute to web of trust.Reality is that this web is sparsely populated.How should security-unaware users assign and interpret trust levels?Later versions of PGP support X.509 certs.
55
The Use of TrustThe Use of TrustAlthough PGP does not include any specification for establishing certifying authorities or for establishing trust, it does provide a convenient means of using trust, associating trust with public keys, and exploiting trust information.
Key legitimacy fieldIndicates the extent to which PGP will trust that this is a valid public key for this user (highest level of trust – computed by PGP
Signature trust fieldIndicates the degree to which this PGP user trust the signer to certify public key
Owner trust fieldIndicates the degree to which this public key is trusted to sign other public key certificates ( assigned by user)
See Table 15.2 See Table 15.2
(W. Stallings)(W. Stallings)
56
The Use of TrustThe Use of Trust
Table 15.2Table 15.2
57
PGP Trust Model ExamplePGP Trust Model Example
58
PGP Trust Model ExamplePGP Trust Model Example
Note that all keys whose owners are fully or partially trusted by this user have been signed by this user, with the exception of node L. Such a user signature is not always necessary, as the presence of node L indicates, but in practice, most users are likely to sign the keys for most owners that they trust. So, for example, even though E's key is already signed by trusted introducer F, the user chose to sign E's key directly.We assume that two partially trusted signatures are sufficient to certify a key. Hence, the key for user H is deemed legitimate by PGP because it is signed by A and B, both of whom are partially trusted.A key may be determined to be legitimate because it is signed by one fully trusted or two partially trusted signatories, but its user may not be trusted to sign other keys. For example, N's key is legitimate because it is signed by E, whom this user trusts, but N is not trusted to sign other keys because this user has not assigned N that trust value. Therefore, although R's key is signed by N, PGP does not consider R's key legitimate. This situation makes perfect sense. If you wish to send a private message to some individual, it is not necessary that you trust that individual in any respect. It is only necessary that you are sure that you have the correct public key for that individual.Figure (page 35) also shows an example of a detached "orphan" node S, with two unknown signatures. Such a key may have been acquired from a key server. PGP cannot assume that this key is legitimate simply because it came from a reputable server. The user must declare the key legitimate by signing it or by telling PGP that it is willing to trust fully one of the key's signatories.
59
Revoking Public Revoking Public KeysKeys
The owner issue a key revocation certificate.Normal signature certificate with a revote indicator.Corresponding private key is used to sign the certificate.
60
Secure/Multipurpose Internet Mail Extension Secure/Multipurpose Internet Mail Extension (S/MIME)(S/MIME)
61
S/MIMES/MIME
S/MIME uses public key certificates conforming to standard X.509 and signed by a certification agency. In other respects, S/MIME is quite similar to PGP.
S/MIME is not studied in any detail on this course and is not examinable.Details of the scheme are available in Chapter 15 of Stalling (Cryptography and Network Security (Principles and Practices)) if you are interested.
62
S/MIMES/MIME
Secure/Multipurpose Internet Mail ExtensionS/MIME will probably emerge as the industry standard.PGP for personal e-mail security
63
Simple Mail Transfer Protocol (SMTP, RFC Simple Mail Transfer Protocol (SMTP, RFC 822)822)
SMTP Limitations - Can not transmit, or has a problem with:
executable files, or other binary files (jpeg image)
“national language” characters (non-ASCII)
messages over a certain size
ASCII to EBCDIC translation problems
lines longer than a certain length (72 to 254 characters)
64
Header fields in MIMEHeader fields in MIME
MIME-Version: Must be “1.0” -> RFC 2045, RFC 2046
Content-Type: More types being added by developers (application/word)
Content-Transfer-Encoding: How message has been encoded (radix-64)
Content-ID: Unique identifying character string.
Content Description: Needed when content is not readable text (e.g.,mpeg)
67
S/MIME FunctionsS/MIME Functions
Enveloped Data: Encrypted content and encrypted session keys for recipients.
Signed Data: Message Digest encrypted with private key of “signer.”
Clear-Signed Data: Signed but not encrypted.
Signed and Enveloped Data: Various orderings for encrypting and signing.
68
Algorithms UsedAlgorithms Used
Message Digesting: SHA-1 and MDS
Digital Signatures: DSS
Secret-Key Encryption: Triple-DES, RC2/40 (exportable)
Public-Private Key Encryption: RSA with key sizes of 512 and 1024 bits, and Diffie-Hellman (for session keys).
69
User Agent RoleUser Agent Role
S/MIME uses Public-Key Certificates - X.509 version 3 signed by Certification AuthorityFunctions:
Key Generation - Diffie-Hellman, DSS, and RSA key-pairs.
Registration - Public keys must be registered with X.509 CA.
Certificate Storage - Local (as in browser application) for different services.
Signed and Enveloped Data - Various orderings for encrypting and signing.
70
User Agent RoleUser Agent Role
Example: Verisign (www.verisign.com)
Class-1: Buyer’s email address confirmed by emailing vital info.
Class-2: Postal address is confirmed as well, and data checked against directories.
Class-3: Buyer must appear in person, or send notarized documents.
E-mail Security RisksE-mail Security Risks
E-mail Security Risks: E-mail Security Risks: MalwareMalware
E-mail Security Risks: E-mail Security Risks: MalwareMalware
E-mail Security Risks: E-mail E-mail Security Risks: E-mail spoofingspoofing
E-mail Attachment E-mail Attachment SecuritySecurity
E-mail Attachment E-mail Attachment SecuritySecurity
E-mail SpammingE-mail Spamming
Protecting E-mail Protecting E-mail SpammingSpamming
E-mail Bombing and Chain E-mail Bombing and Chain LetterLetter
Defend against E-mail Defend against E-mail securitysecurity
7 ways to Secure Your 7 ways to Secure Your Company’s EmailCompany’s Email
Encrypt e-mail and server connections. It’s important to employ e-mail encryption software and to also make sure the connection between servers is encrypted as well, using SSL, Transport Layer Security (TLS).Verify. It’s critical to know that the person who sent the e-mail is indeed the person to whom the e-mail is attributed, and it’s vital to know the data in the e-mail hasn’t been altered along the way. Look for software, such as the tools available from PGP, that let you digitally sign an encrypted document.Be wary of Web-based e-mail. The experts advise caution when using Web-based e-mail accounts. “Web-based e-mail accounts are regularly targeted for attacks,’’ If you are using a Web-based browser, you need to ensure the connection is encrypted with Secure Sockets Layer (SSL) protection. Check for https in the Web address.
81
Educate employees. The best security technology in the world can’t mitigate one of the primary sources of risk for your business: human curiosity. It’s not just a matter of securing outgoing e-mail; your company’s data can be at risk with incoming mail as well. The malware is delivered when the curious recipient clicks on the URL in the e-mail to visit a website. “Educate your employees about not following unsolicited invitations to click,’’. Update software. a lot of businesses just set up e-mail and leave it. Stay on top of e-mail server software.” Understanding vulnerabilities and religiously installing updates and patches is critical. Make sure you’re receiving updates from the vendor when it comes to anti-spam protection software.
82
Scan e-mail for content. using a software product that will filter for content such as inappropriate language and images, both incoming to provide a professional work environment and outgoing to protect your company’s reputation. Content can also be scanned for information you don’t want sent externally, such as social security numbers and credit card account data.Vet your vendor. Chances are you’ll turn to a third party for e-mail security. “Don’t trust vendor promises. Try all products. Get references from people you know and trust.”
83
84
Recommended Web Recommended Web SitesSites
PGP home page: www.pgp.comMIT distribution site for PGPS/MIME CharterS/MIME Central: RSA Inc.’s Web Site