Secure E-mail Systems

Distribution Lists

• Remote exploder: Send to a distribution list maintainer; it sends to all

• Local exploder: Get the list from the distribution list manager; send it to all yourself

• Possibility of infinite loop

• Comparison (page 503)

Security Services for E-Mail• Privacy• Authentication • Integrity• Non-repudiation• Proof of submission• Proof of delivery• Proof of delivery• Message flow confidentiality• Anonymity• Containment• Audit• Accounting• Self destruct (http://www.willselfdestruct.com/secure/submit

http://www.newscientist.com/article.ns?id=dn8459http://www.sdmessage.com/

http://online.wsj.com/public/article/SB115698239989350052-UVfk3ol8fkMATSzIQbYJuJ3P9Po_20060929.html?mod=tff_main_tff_top

• Message sequence integrity

Establishing Keys

• Get other party’s Public keys

• Establish secret keys through KDC like server

Privacy

• Forwarders (http://support.globat.com/sc/index.php/Forwarders)

• End-to-end privacy: If there is only recipient, sender would encrypt using the recipient's public key.

If there are more than one recipients, the message needs to be encrypted using multiple public keys.

• If there is a distribution exploder, the sender can encrypt the message using a one-time key, and send the encrypted message and key to the distributor. Exploder will re-encrypt S with its public key and send it along with the encrypted message.

Authentication of the Source and Message Integrity

• Source authentication– Based on public key---digital signature– Based on secret keys---MAC and MIC

• Message integrity---digest

• Non-repudiation:– With Public key---digest– With secret keys---Using a trusted third

party/notary

S/MIME

What is MIME?• Multipurpose Internet Mail Extensions • It is the official proposed standard format for extended Internet electronic

mail. • Internet e-mail messages consist of two parts, the header and the body. • The header forms a collection of field/value pairs structured to provide

information essential for the transmission of the message. The body is normally unstructured unless the e-mail is in MIME format.

• MIME defines how the body of an e-mail message is structured. The MIME format permits e-mail to include enhanced text, graphics, audio, and more in a standardized manner via MIME-compliant mail systems.

• However, MIME itself does not provide any security services. The purpose of S/MIME is to define such services, following the syntax given in PKCS #7 for digital signatures and encryption. The MIME body section carries a PKCS #7 message, which itself is the result of cryptographic processing on other MIME body sections.

• S/MIME (Secure / Multipurpose Internet Mail Extensions) is a protocol that adds digital signatures and encryption to Internet MIME.

• S/MIME has been endorsed by a number of leading networking and messaging vendors, including ConnectSoft, Frontier, FTP Software, Qualcomm, Microsoft, Lotus, Wollongong, Banyan, NCD, SecureWare, VeriSign, Netscape, and Novell.

• http://www.marknoble.com/tutorial/smime/smime.aspx

• http://www.dartmouth.edu/~pkilab/pages/Using_SMIME_e-mail.html