1

WWW.Prohackers.in

E-mail Security Protocol-1

Privacy Enhanced Mail (PEM)”

By:

-Vishal Kumar

(CEH, CHFI, CISE, MCP)

info@prohackers.in

2

WWW.Prohackers.in

Table of content

1. Introduction

2. E-mail Attacks and Issues

3. Email Message Structure 3.1 Attachment Size Limitation

3.2 Spam

3.3 Malware

3.4 Email Spoofing

3.5 Email Bombing

3.6 Flaming

3.7 Email Bankruptcy

4. Email Security Protocols 3.1 Privacy Enhanced Mail

1. The working of PEM

i. Canonical Conversation

ii. Digital Signature

iii. Encryption

iv. Base-64 Encoding

3

WWW.Prohackers.in

Introduction

We had discussed about the fundamental structure of E-Mail in our previous document

“Fundamental of Electronic Mail”. We had learned about its different part, flow of and e-

mail message from sender to recipient, the Header and response code etc. Now we are

moving towards the issues or threats related to the electronic mail (E-mail) and what are

the security protocols who provide the security to the E-mail message.

There are three main security protocols that play the most important role in providing the

security to the E-mail message: Privacy Enhanced Mail (PEM), Pretty Good Privacy (PGP)

and Secure MIME. Let’s discuss these security protocols in brief but before have a look

on some attacks related to the email.

E-Mail Attacks and Issues

Because of email contains the sensitive information hence the chances of attacks is more

possible on the email server and client. The attacker can steal the sensitive information

about the organization and can miss use it. Let’s discuss some popular E-mail attacks on E-

mail in brief.

Attachment size limitation

Email messages may have one or more attachments, which are additional files that are

appended to the email. Typical attachments include Microsoft Word documents, pdf

documents and scanned images of paper documents. In principle there is no technical

restriction on the size or number of attachments, but in practice email clients, servers

and Internet service providers implement various limitations on the size of files, or

complete email - typically to 25MB or less.

4

WWW.Prohackers.in

Spam

Email "spam" is the term used to describe unsolicited bulk email. The low cost of sending

such email meant that by 2003 up to 30% of total email traffic was already spam. and was

threatening the usefulness of email as a practical tool. The US CAN-SPAM Act of 2003

and similar laws elsewhere had some impact, and a number of effective anti-spam

techniques now largely mitigate the impact of spam by filtering or rejecting it for most

users, but the volume sent is still very high—and increasingly consists not of

advertisements for products, but malicious content or links.

Malware

A range of malicious email types exist. These range from various types of email scams,

including "social engineering" scams such as advance-fee scam "Nigerian letters", to

phishing, email bombardment and email worms.

Email spoofing

Email spoofing occurs when the email message header is designed to make the message

appear to come from a known or trusted source. Email spam and phishing methods typically

use spoofing to mislead the recipient about the true message origin. Email spoofing may be

done as a prank, or as part of a criminal effort to defraud an individual or organization. An

example of a potentially fraudulent email spoofing is if an individual creates an email which

appears to be an invoice from a major company, and then sends it to one or more

recipients. In some cases, these fraudulent emails incorporate the logo of the purported

organization and even the email address may appear legitimate.

Email bombing

Email bombing is the intentional sending of large volumes of messages to a target address.

The overloading of the target email address can render it unusable and can even cause the

mail server to crash.

5

WWW.Prohackers.in

Flaming

Flaming occurs when a person sends a message (or many messages) with angry or

antagonistic content. The term is derived from the use of the word "incendiary" to

describe particularly heated email discussions. The ease and impersonality of email

communications mean that the social norms that encourage civility in person or via

telephone do not exist and civility may be forgotten.

Email bankruptcy

Also known as "email fatigue", email bankruptcy is when a user ignores a large number of

email messages after falling behind in reading and answering them. The reason for falling

behind is often due to information overload and a general sense there is so much

information that it is not possible to read it all. As a solution, people occasionally send a

"boilerplate" message explaining that their email inbox is full, and that they are in the

process of clearing out all the messages.

E-Mail Security Protocols

As we know there are mainly three e-mail security protocols which play the most

important role in securing the E-mail messages. Let’s discuss these protocols in brief

1. Privacy Enhanced Mail (PEM):

The privacy Enhanced Mail (EPM) is an email security standard adopted by the Internet

Architecture Board (IAB) to provide secures electronic mail communication over the

internet. PEM was initially developed by the Internet Research Task Force (IRTF) and

Privacy Security Research Group (PSRG). PEM is described in four specification

documents, which are RFC number 1421 to 1424. PEM support the three main

cryptographic functions of encryption, non-repudiation and message integrity.

6

WWW.Prohackers.in

1. Canonical

Conversion

2. Digital Signature

3. Encryption

4. Base-64 Encoding

Fig: PEM operation

1.2. The Working of PEM

The broad-level steps in PEM are shown in the below image, as

shown, PEM is started with canonical conversion, which is followed

by signature, then by encryption and finally, Base-64 encoding.

PEM allows for three security options when sending an e-mail

message. These options are:

Signature only (step 1 and 2)

Signature and Base-64 encoding (step 1,2 and 4)

Signature, Encryption and Base-64 encoding (step 1 to 4)

Let us now discuss the four steps shown in the above figure. Note that these four steps

are performed by the receiver in reverse direction to retrieve the original plane text

message.

Step 1: Canonical Conversion

There a distinct possibility that the sender and the receiver of an e-mail message use

computers that have different architectures and operating systems. This is because the

internet works on any computer that has a TCP/IP stack, regardless of the architecture

or operating system. Therefore, it is quite possible that the same thing is represented

Privacy Enhance Mail (PEM)

Encryption Non-repudiation Message integrity

Fig: Security Features offered by PEM

7

WWW.Prohackers.in

differently in these different computers. This can create problems when creating

message digests, and therefore, digital signature.

Consequently, PEM transforms each e-mail message into an abstract, canonical

representation. This means that regardless of the architecture and the operating system

of the sending and receiving computers, the e-mail message always travel in uniform,

independent format.

Step 2: Digital Signature

This is typical process of digital signature that we had studied many times cryptography

technique. It is start by creating a message digest of the e-mail message using an

algorithm such as MD2 or MD5, as shown in the below image.

The message digest thus created and then encrypted with the senders private key to

form the sender’s digital signature. The process shown below:

E-mail message

To: visahlkumar@gmail.com

From: info@prohackers.in

Subject: Our Meetings

…………………………

1001010111

1011011101

0111011010

001010-------

---------

Message-digest

algorithm

(MD2 or MD5)

Message Digest

Fig: Message-digest creation of the original e-mail message

Original

E-mail Message

8

WWW.Prohackers.in

Step 3: Encryption

In this step the original e-mail and the digital signature are encrypted together with

symmetric key. For this, the DES or DES-3 algorithms in CBC (Cipher Block Chaining) mode

are used. This is shown I the below image:

DES or DES-3

in CBC Mode

Digital Signature

E-mail message

To:

visahlkumar@gmail.com

From: info@prohackers.in

Subject: Our Meetings

…………………………

Encryption Encrypted

Result

Fig: Encryption in PEM

9

WWW.Prohackers.in

Step 4: Base-64 Encoding

This is the last step in PEM. The base-64 encoding (also called Radix-64 encoding or

ASCII armour) process transforms arbitrary binary input into printable character output.

In this technique, the binary input is processed in block of 3 octets, or 24 bits. These 24

bits are considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits is

mapped into an 8-bit output character inn this process. This concept is showing the below

image (note that the value in the figure is just for example purpose)

This seems to be a fairly straightforward process. However, one key question is what is

the logic used for mapping a 6-bit input block into an output 8-bit blocks? For this a

mapping table used which is explained in below example:

In our example of Base-64 encoding, let us consider a 24-bit raw stream

011001110100100110101000.

Input bit stream

Divided into 24-bit blocks

Each 24-bit divided into four 6-bit blocks

6-bit blocks mapped to 8-bit blocks

10100100100101101110110011010010100001110001…….

10100101 00101001 10110001

101001 010010 110001 100110

10011010 00100101 00101011 11000110

Fig: Base-64 encoding concept

10

WWW.Prohackers.in

24-bit Input

Divided into four 6-bit blocks

Write there decimal equivalents

Map to Base-64 table

011001110100100110101000

011001 110100 101000 100110

01011010 00110000 01101111 01101101

Fig: Base-64 encoding concept

25 52 40 38

Z 0 o m

Write ASCII equivalent binary

11

WWW.Prohackers.in

Char. Dec. Char. Dec. Char. Dec.

A 0 W 22 s 44

B 1 X 23 t 45

C 2 Y 24 u 46

D 3 Z 25 v 47

E 4 a 26 w 48

F 5 b 27 x 49

G 6 c 28 y 50

H 7 d 29 z 51

I 8 e 30 0 52

J 9 f 31 1 53

K 10 g 32 2 54

L 11 h 33 3 55

M 12 i 34 4 56

N 13 j 35 5 57

O 14 k 36 6 58

P 15 l 37 7 59

Q 16 m 38 8 60

R 17 n 39 9 61

S 18 o 40 + 62

T 19 p 41 / 63

U 20 q 42

V 21 r 43 = (Padding)

Fig: Base-64 encoding Table

12

WWW.Prohackers.in

Thanks for reading this presentation

Please give us your feedback at

info@prohackers.in

Your feedback is most valuable for us for improving the presentation

You can also suggest the topic on which you want the presentation

Website: www.prohackers.in

FB page: www.facebook.com/theprohackers2017

Join FB Group: www.facebook.com/groups/group.prohackers/

Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A

***Thanks***