S/Mime email security
-
Upload
apurva-choudhary -
Category
Documents
-
view
50 -
download
0
description
Transcript of S/Mime email security
206114009 1
Electronic Mail Security: S/MIME
Apurva ChoudharyMtech I Year
Roll No. 206114009
19/03/2015
206114009 2
Overview:
• RFC 5322• MIME• S/MIME
19/03/2015
206114009 3
S/MIME
• Secure/Multipurpose Internet Mail Extension.
• Security enhancement to the MIME Internet e-mail
format standard.
• Underlying e-mail formats
– RFC 5322
– MIME19/03/2015
206114009 4
RFC 5322
• Defines a format for text messages
19/03/2015
Message
Envelope Contents
Information needed to accomplish transmission
Compose the object to be delivered to the
recipient
206114009 5
Message format
19/03/2015
header body
Header
Body
206114009 6
Why MIME???
19/03/2015
206114009 7
Limitations of SMTP, RFC 5322 and other mail transfer protocols:
Executable file/Binary object cannot be sent.
National language characters cannot be sent
SMTP is limited to 7-bit ASCII
Message size limit
Common problems in servers:
Delete, Add, or Reorder of CR and LF characters
Truncate or Wrap lines longer than 76 characters
Removal of trailing white space
Pad lines in a message to the same length
Convert tab characters into multiple spaces
19/03/2015
206114009 8
Multipurpose Internet Mail Extension (MIME)
• Defines new message header fields
• Defines a number of content formats
– Standardizing representation for multimedia contents
• Defines transfer encodings
– Protects the content from alteration by the mail system
19/03/2015
206114009 9
Header FieldsMIME-Version
• Describes the data contained in the body
Content-Type
• Indicates the type of the transformation that has been used to represent the body of the message
Content-Transfer-Encoding
• Description of the object in the body of the message • Useful when content is not readable (e.g., audio data)
Content-ID
Content-Description
19/03/2015
206114009 10
MIME Content Types
19/03/2015
206114009 11
MIME Message
19/03/2015
From: 206114009 <[email protected]> To: [email protected] Subject: Formatted Text Mail MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=boundary42
-boundary42 Content-Type: text/plain This is a plain text message
-boundary42 Content-Type: text/enriched This is an enriched message -boundary42
206114009 12
MIME Transfer EncodingEncoding type Description
7 bit Short lines of ASCII characters
8 bit Short lines with non-ASCII characters
binary Long messages with non-ASCII characters
Quoted-printable Encoded such that data are recognized by humans i.e. printable ASCII characters
Base 64 Encodes data by mapping 6-bit of input to 8 bit of output; All are printable ASCII character
X-token A named non-standard encoding
19/03/2015
206114009 13
S/MIME
• Secure / Multipurpose Internet Mail Extension
• Security enhancement to MIME
• Provides similar services as PGP
• A standard way for email encryption and signing
• Handles digital signatures
19/03/2015
206114009 14
Functions provided by S/MIME• Enveloped data – Encrypted content and associated keys
• Signed data – Encoded message + encoded signed message digest
• Clear-signed data – Clear text message + encoded signed message
digest • Signed and enveloped data – Nested signed and encrypted entities
19/03/2015
206114009 15
Cryptographic Algorithms
Hash functions: SHA-1 & MD5
Digital signatures: DSS
& RSA
Session key encryption:
ElGamal & RSA
Message encryption: Triple-
DES, AES and others
19/03/2015
206114009 16
S/MIME Messages
MIME entity •Prepared according to normal rules of MIME message preparation
PKCS object •MIME entity + algorithm identifiers + certificates
Message Content •PKCS object + MIME header
19/03/2015
a)Securing MIME Entity:
206114009 1719/03/2015
b) envelopedData:
206114009 18
• Select a message digest algorithm(SHA or MD5)
• Compute message digest
• Encrypt the message digest with the signer’s
private key
• Prepare SignerInfo
19/03/2015
c) signededData:
206114009 19
• Another mechanism for signature
• Process does not involve transforming the
message to be signed
• Recipients with MIME capability but no
S/MIME capability can read the incoming
messages19/03/2015
d) Clear Signing:
206114009 20
S/MIME Certificate Processing
• Uses public key certificates (version 3 of X.509)
• User Agent’s key management functionality:
– Key generation
– Registration
– Certificate storage and retrieval
19/03/2015
206114009 21
THANK YOU
19/03/2015