Post on 21-Jan-2018
1
WWW.Prohackers.in
E-mail Security Protocol-1
Privacy Enhanced Mail (PEM)”
By:
-Vishal Kumar
(CEH, CHFI, CISE, MCP)
info@prohackers.in
2
WWW.Prohackers.in
Table of content
1. Introduction
2. E-mail Attacks and Issues
3. Email Message Structure 3.1 Attachment Size Limitation
3.2 Spam
3.3 Malware
3.4 Email Spoofing
3.5 Email Bombing
3.6 Flaming
3.7 Email Bankruptcy
4. Email Security Protocols 3.1 Privacy Enhanced Mail
1. The working of PEM
i. Canonical Conversation
ii. Digital Signature
iii. Encryption
iv. Base-64 Encoding
3
WWW.Prohackers.in
Introduction
We had discussed about the fundamental structure of E-Mail in our previous document
“Fundamental of Electronic Mail”. We had learned about its different part, flow of and e-
mail message from sender to recipient, the Header and response code etc. Now we are
moving towards the issues or threats related to the electronic mail (E-mail) and what are
the security protocols who provide the security to the E-mail message.
There are three main security protocols that play the most important role in providing the
security to the E-mail message: Privacy Enhanced Mail (PEM), Pretty Good Privacy (PGP)
and Secure MIME. Let’s discuss these security protocols in brief but before have a look
on some attacks related to the email.
E-Mail Attacks and Issues
Because of email contains the sensitive information hence the chances of attacks is more
possible on the email server and client. The attacker can steal the sensitive information
about the organization and can miss use it. Let’s discuss some popular E-mail attacks on E-
mail in brief.
Attachment size limitation
Email messages may have one or more attachments, which are additional files that are
appended to the email. Typical attachments include Microsoft Word documents, pdf
documents and scanned images of paper documents. In principle there is no technical
restriction on the size or number of attachments, but in practice email clients, servers
and Internet service providers implement various limitations on the size of files, or
complete email - typically to 25MB or less.
4
WWW.Prohackers.in
Spam
Email "spam" is the term used to describe unsolicited bulk email. The low cost of sending
such email meant that by 2003 up to 30% of total email traffic was already spam. and was
threatening the usefulness of email as a practical tool. The US CAN-SPAM Act of 2003
and similar laws elsewhere had some impact, and a number of effective anti-spam
techniques now largely mitigate the impact of spam by filtering or rejecting it for most
users, but the volume sent is still very high—and increasingly consists not of
advertisements for products, but malicious content or links.
Malware
A range of malicious email types exist. These range from various types of email scams,
including "social engineering" scams such as advance-fee scam "Nigerian letters", to
phishing, email bombardment and email worms.
Email spoofing
Email spoofing occurs when the email message header is designed to make the message
appear to come from a known or trusted source. Email spam and phishing methods typically
use spoofing to mislead the recipient about the true message origin. Email spoofing may be
done as a prank, or as part of a criminal effort to defraud an individual or organization. An
example of a potentially fraudulent email spoofing is if an individual creates an email which
appears to be an invoice from a major company, and then sends it to one or more
recipients. In some cases, these fraudulent emails incorporate the logo of the purported
organization and even the email address may appear legitimate.
Email bombing
Email bombing is the intentional sending of large volumes of messages to a target address.
The overloading of the target email address can render it unusable and can even cause the
mail server to crash.
5
WWW.Prohackers.in
Flaming
Flaming occurs when a person sends a message (or many messages) with angry or
antagonistic content. The term is derived from the use of the word "incendiary" to
describe particularly heated email discussions. The ease and impersonality of email
communications mean that the social norms that encourage civility in person or via
telephone do not exist and civility may be forgotten.
Email bankruptcy
Also known as "email fatigue", email bankruptcy is when a user ignores a large number of
email messages after falling behind in reading and answering them. The reason for falling
behind is often due to information overload and a general sense there is so much
information that it is not possible to read it all. As a solution, people occasionally send a
"boilerplate" message explaining that their email inbox is full, and that they are in the
process of clearing out all the messages.
E-Mail Security Protocols
As we know there are mainly three e-mail security protocols which play the most
important role in securing the E-mail messages. Let’s discuss these protocols in brief
1. Privacy Enhanced Mail (PEM):
The privacy Enhanced Mail (EPM) is an email security standard adopted by the Internet
Architecture Board (IAB) to provide secures electronic mail communication over the
internet. PEM was initially developed by the Internet Research Task Force (IRTF) and
Privacy Security Research Group (PSRG). PEM is described in four specification
documents, which are RFC number 1421 to 1424. PEM support the three main
cryptographic functions of encryption, non-repudiation and message integrity.
6
WWW.Prohackers.in
1. Canonical
Conversion
2. Digital Signature
3. Encryption
4. Base-64 Encoding
Fig: PEM operation
1.2. The Working of PEM
The broad-level steps in PEM are shown in the below image, as
shown, PEM is started with canonical conversion, which is followed
by signature, then by encryption and finally, Base-64 encoding.
PEM allows for three security options when sending an e-mail
message. These options are:
Signature only (step 1 and 2)
Signature and Base-64 encoding (step 1,2 and 4)
Signature, Encryption and Base-64 encoding (step 1 to 4)
Let us now discuss the four steps shown in the above figure. Note that these four steps
are performed by the receiver in reverse direction to retrieve the original plane text
message.
Step 1: Canonical Conversion
There a distinct possibility that the sender and the receiver of an e-mail message use
computers that have different architectures and operating systems. This is because the
internet works on any computer that has a TCP/IP stack, regardless of the architecture
or operating system. Therefore, it is quite possible that the same thing is represented
Privacy Enhance Mail (PEM)
Encryption Non-repudiation Message integrity
Fig: Security Features offered by PEM
7
WWW.Prohackers.in
differently in these different computers. This can create problems when creating
message digests, and therefore, digital signature.
Consequently, PEM transforms each e-mail message into an abstract, canonical
representation. This means that regardless of the architecture and the operating system
of the sending and receiving computers, the e-mail message always travel in uniform,
independent format.
Step 2: Digital Signature
This is typical process of digital signature that we had studied many times cryptography
technique. It is start by creating a message digest of the e-mail message using an
algorithm such as MD2 or MD5, as shown in the below image.
The message digest thus created and then encrypted with the senders private key to
form the sender’s digital signature. The process shown below:
E-mail message
To: visahlkumar@gmail.com
From: info@prohackers.in
Subject: Our Meetings
…………………………
1001010111
1011011101
0111011010
001010-------
---------
Message-digest
algorithm
(MD2 or MD5)
Message Digest
Fig: Message-digest creation of the original e-mail message
Original
E-mail Message
8
WWW.Prohackers.in
Step 3: Encryption
In this step the original e-mail and the digital signature are encrypted together with
symmetric key. For this, the DES or DES-3 algorithms in CBC (Cipher Block Chaining) mode
are used. This is shown I the below image:
DES or DES-3
in CBC Mode
Digital Signature
E-mail message
To:
visahlkumar@gmail.com
From: info@prohackers.in
Subject: Our Meetings
…………………………
Encryption Encrypted
Result
Fig: Encryption in PEM
9
WWW.Prohackers.in
Step 4: Base-64 Encoding
This is the last step in PEM. The base-64 encoding (also called Radix-64 encoding or
ASCII armour) process transforms arbitrary binary input into printable character output.
In this technique, the binary input is processed in block of 3 octets, or 24 bits. These 24
bits are considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits is
mapped into an 8-bit output character inn this process. This concept is showing the below
image (note that the value in the figure is just for example purpose)
This seems to be a fairly straightforward process. However, one key question is what is
the logic used for mapping a 6-bit input block into an output 8-bit blocks? For this a
mapping table used which is explained in below example:
In our example of Base-64 encoding, let us consider a 24-bit raw stream
011001110100100110101000.
Input bit stream
Divided into 24-bit blocks
Each 24-bit divided into four 6-bit blocks
6-bit blocks mapped to 8-bit blocks
10100100100101101110110011010010100001110001…….
10100101 00101001 10110001
101001 010010 110001 100110
10011010 00100101 00101011 11000110
Fig: Base-64 encoding concept
10
WWW.Prohackers.in
24-bit Input
Divided into four 6-bit blocks
Write there decimal equivalents
Map to Base-64 table
011001110100100110101000
011001 110100 101000 100110
01011010 00110000 01101111 01101101
Fig: Base-64 encoding concept
25 52 40 38
Z 0 o m
Write ASCII equivalent binary
11
WWW.Prohackers.in
Char. Dec. Char. Dec. Char. Dec.
A 0 W 22 s 44
B 1 X 23 t 45
C 2 Y 24 u 46
D 3 Z 25 v 47
E 4 a 26 w 48
F 5 b 27 x 49
G 6 c 28 y 50
H 7 d 29 z 51
I 8 e 30 0 52
J 9 f 31 1 53
K 10 g 32 2 54
L 11 h 33 3 55
M 12 i 34 4 56
N 13 j 35 5 57
O 14 k 36 6 58
P 15 l 37 7 59
Q 16 m 38 8 60
R 17 n 39 9 61
S 18 o 40 + 62
T 19 p 41 / 63
U 20 q 42
V 21 r 43 = (Padding)
Fig: Base-64 encoding Table
12
WWW.Prohackers.in
Thanks for reading this presentation
Please give us your feedback at
info@prohackers.in
Your feedback is most valuable for us for improving the presentation
You can also suggest the topic on which you want the presentation
Website: www.prohackers.in
FB page: www.facebook.com/theprohackers2017
Join FB Group: www.facebook.com/groups/group.prohackers/
Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A
***Thanks***