electronic mail security
play

Electronic Mail Security December 7, 2000 email 2 Characteristics - PowerPoint PPT Presentation

Jun 19, 2023 •349 likes •677 views

email 1 Electronic Mail Security December 7, 2000 email 2 Characteristics File transfer, except. . . sender, receiver may not be present at the same time diversity (character sets, headers, . . . ) not a transparent channel (8 bit

  1. email 1 Electronic Mail Security December 7, 2000

  2. email 2 Characteristics File transfer, except. . . � sender, receiver may not be present at the same time � diversity (character sets, headers, . . . ) � not a transparent channel (8 bit data, CRLF) � often not within a common realm December 7, 2000

  3. email 3 Distribution Lists 1. send to list site, which distributes: � unknown membership (except for bounces. . . ) � geographical locality � size of list � avoid need for tree expansion 2. get list from maintainer and send � “list of lists” – at list server or at receiver (warning!) � can’t distinguish individuals from lists December 7, 2000

  4. email 4 Mail Forwarding MUA: user agent – may disappear temporarily MTA: message transfer agent – retries, route � corporate MTA (security gateway) � protocol translation (X.400, SMTP, Lotus Notes, . . . ) location: MX, manual routing: DNS December 7, 2000

  5. email 5 Internet Email � protocol: SMTP (RFC 821) ➠ ASCII commands, responses � addresses: RFC 822 � separate: headers (message), envelope (commands: from, to) � TCP, port 25 � DNS MX (mail exchange) records: domain ! MTA(s) � binary content, structure ➠ MIME (Multipurpose Internet Mail Extensions) December 7, 2000

  6. email 6 Security Services � privacy � authentication � integrity � non-repudiation � proof of submission � proof of delivery � message flow confidentiality (did Alice sent Bob a message?) � anonymity � containment (leakage) � audit December 7, 2000

  7. email 7 � accounting � self destruct � message sequence integrity December 7, 2000

  8. email 8 Establishing Public Keys � email: often no prior meeting of principals � ➠ use (chain of) certificates: x ’s public key is y , signed “Verisign” � selection of certificates – not complete trust or felon! � easily delivered with mail (but: size) December 7, 2000

  9. email 9 Privacy � multiple recipients ➠ repeated encryption of long message � ➠ only encrypt session key for each recipient � list exploder: get session key, re-encrypt for each recipient � local list: need key for each recipient December 7, 2000

  10. email 10 Email Faking host -t mx whitehouse.gov whitehouse.gov mail is handled (pri=100) by storm.eop.gov telnet storm.eop.gov 25 Trying 198.137.241.51... Connected to storm.eop.gov. Escape character is ’ˆ]’. 220 Storm.EOP.GOV -- Server ESMTP (PMDF V5.1-7 #6879) helo erlang.cs.umass.edu 250 Storm.EOP.GOV OK, [128.59.27.35]. mail from: hgs@somewhere.org 250 2.5.0 Address Ok. rcpt to: hgs@cs.columbia.edu 250 2.1.5 hgs@cs.columbia.edu OK. data 354 Enter mail, end with a single ".". a test . December 7, 2000

  11. email 11 250 2.5.0 Ok. quit December 7, 2000

  12. email 12 Email Tracing Received: from cs.columbia.edu (cs.columbia.edu [128.59.10.13]) by opus.cs.columbia.edu (8.8.5/8.6.6) with ESMTP id PAA07654 for <hgs@opus.cs.columbia.edu>; Thu, 10 Apr 1997 15:30:03 -0400 (EDT) Received: from Storm.EOP.GOV (SYSTEM@storm.eop.gov [198.137.241.51]) by cs.columbia.edu (8.8.5/8.6.6) with ESMTP id PAA16005 for <hgs@cs.columbia.edu>; Thu, 10 Apr 1997 15:29:58 -0400 (EDT) Received: from erlang.cs.umass.edu ([128.59.27.35]) by STORM.EOP.GOV (PMDF V5.1-7 #6879) with SMTP id <01IHJN1HAVHE000TEO@STORM.EOP.GOV hgs@cs.columbia.edu; Thu, 10 Apr 1997 15:29:42 EDT From: hgs@somewhere.org Date: Thu, 10 Apr 1997 15:29:42 -0400 (EDT) Date-warning: Date header was inserted by STORM.EOP.GOV To: hgs@opus.cs.columbia.edu Message-ID: <01IHJN3GBO8Q000TEO@STORM.EOP.GOV> MIME-version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-Length: 8 December 7, 2000

  13. email 13 a test December 7, 2000

  14. email 14 Source Authentication Address spoofing: � telnet to almost any SMTP server � some don’t insert appropriate Received From: header � one receiver or list: sign with public key � but: private key ➠ needs to authenticate/sign with exploder December 7, 2000

  15. email 15 Message Integrity � authentication always with message integrity � integrity without authentication: ransom note ➠ no system exists December 7, 2000

  16. email 16 Non-Repudiation � Alice cannot deny having sent message to Bob � may want plausible deniability public key: non-repudiable source authentication easy secret key: repudiable source authentication easy December 7, 2000

  17. email 17 Plausible Deniability with Public Keys � Bob knows message m from Alice � Bob can’t prove it to anyone else 1. Alice: picks secret S just for m f S g 2. Bob [ f S g ℄ 3. Bob Ali e 4. use S to compute MIC of m : DES CBC residue ! Bob: MIC( S ), [ f S g ℄ 5. Alice Ali e , m (separately . . . ) Bob ➠ Bob knows that message was from Alice (MIC) Bob can construct any message he likes December 7, 2000

  18. email 18 Non-Repudiation with Secret Keys � Bob prove to judge that Alice sent message � need notary N with secret S N , trusted by Bob, judge � N authenticates Alice N ➠ seal MD(“Alice”, � N : MIC with S m or MD, S N ) � sent m , seal to Bob � Bob verify message: share key with N or ask N � judge asks N if seal is valid December 7, 2000

  19. email 19 Proof of Submission � certified mail (proof of delivery) or certificate of mailing (evidence of mailing) � registered : + insurance � sign message digest, time-of-day December 7, 2000

  20. email 20 Proof of Delivery � certified, return receipt requested � requires cooperation of last MTA or receiver � can’t do receipt if and only if recipient got message (drop or refuse) December 7, 2000

  21. email 21 Message Flow Confidentiality and Anonymity � eavesdropper can’t tell � intermediary: anonymous remailer ( anon.penet.fi # , mary.indigo.ie ) � random delay � chop into pieces, hide size � remailer chains, with layers of encryption � if replies allows ➠ store mappings � mappings interoperate badly with mailing lists December 7, 2000

  22. email 22 Containment � limit distribution of email � security classes December 7, 2000

  23. email 23 Mail Transport Issues � Mail is almost 8-bit clean ➠ ESMTP � if you thought the USPS was mutilating mail. . . – end-of-line: CR, LF, CRLF – 8th bit: choke, clear – EBCDIC (rare) – X.400 – white space removal – long lines � data transfer � signatures break � SMTP: assume text; MIME: arbitrary data December 7, 2000

  24. email 24 Disguising Data as Text � canonicalization � encoding: binary into smaller character set ! 4 characters (32 bits) from 6-bit set (0x20 – uuencode : 3 octets (24 bits) [space] to 0x5f [ ]), 60 characters per line ! 4 characters: A, B, . . . , Z, a, . . . , z, 0, . . . , 9, +, / – base64 : 3 octets (24 bits) – quoted-printable (if mostly ASCII): =A0 (hex digits) December 7, 2000

  25. email 25 Names and Addresses receiving mailbox: for SMTP (foo@bar.com) “RFC 822” users: X.500 DN (/C=US/O=CIA/OU=drugs/PN=’Manuel Noriega’/) � PEM: translate RFC 822 based on messages received to X.500 � PGP: familiar names or name < email address > December 7, 2000

  26. email 26 Old Messages � is old message still valid (given key revocation, changes, . . . )? � problem: renege on old commitments by strategic key loss � ➠ notary signs � prove that message was generated after some date (why?) � include lottery number December 7, 2000

  27. email 27 S/MIME � RFC 2633: S/MIME Version 3 Message Specification � also: PGP (various versions), OpenPGP � uses CMS (cryptographic message syntax), RFC 2630, derived from PKCS#7 � SHA-1 (and MD5) for digests, DH for key encryption December 7, 2000

  28. email 28 S/MIME Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj December 7, 2000

  29. email 29 n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-- December 7, 2000

  30. email 30 S/MIME SignedData ::= SEQUENCE { version CMSVersion, digestAlgorithms DigestAlgorithmIdentifiers, encapContentInfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, signerInfos SignerInfos } DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifi SignerInfos ::= SET OF SignerInfo December 7, 2000

  31. email 31 S/MIME SignerInfo ::= SEQUENCE { version CMSVersion, sid SignerIdentifier, digestAlgorithm DigestAlgorithmIdentifier, signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, signatureAlgorithm SignatureAlgorithmIdentifier, signature SignatureValue, unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL } SignerIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] SubjectKeyIdentifier } SignedAttributes ::= SET SIZE (1..MAX) OF Attribute UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute Attribute ::= SEQUENCE { attrType OBJECT IDENTIFIER, attrValues SET OF AttributeValue } December 7, 2000

  32. email 32 AttributeValue ::= ANY SignatureValue ::= OCTET STRING December 7, 2000

Recommend

Chapter 5 Electronic Mail Security -Pretty Good Privacy (PGP) -S/MIME 1 Need for E-Mail

Chapter 5 Electronic Mail Security -Pretty Good Privacy (PGP) -S/MIME 1 Need for E-Mail

Chapter 5 Electronic Mail Security -Pretty Good Privacy (PGP) -S/MIME 1 Need for E-Mail Security E-mail is necessary for E-Commerce Daily communication E-Mail is also very public, allowing for access at each point from the

1.1k views • 23 slides
Electronic Mail: SMTP &amp; % smtp1.tex February 3, 1998 ' $ AIS 2 Electronic mail

Electronic Mail: SMTP &amp; % smtp1.tex February 3, 1998 ' $ AIS 2 Electronic mail

' $ AIS 1 Electronic Mail: SMTP &amp; % smtp1.tex February 3, 1998 ' $ AIS 2 Electronic mail Asynchronous exchange of data sender does not know when (if) data reaches receiver client mail message user transfer agent (MUA)

280 views • 14 slides
Electronic Mail Security Slide 1 Characteristics File transfer, except... sender, receiver

Electronic Mail Security Slide 1 Characteristics File transfer, except... sender, receiver

email 1 Electronic Mail Security Slide 1 Characteristics File transfer, except... sender, receiver may not be present at the same time diversity (character sets, headers, ...) not a transparent channel (8 bit data, CRLF) often

699 views • 16 slides
Electronic Mail Overview Electronic mail History Format of email RFC 822, MIME,

Electronic Mail Overview Electronic mail History Format of email RFC 822, MIME,

Electronic Mail Overview Electronic mail History Format of email RFC 822, MIME, email addresses Sending email SMTP, DNS Retrieving email POP, IMAP, Web-based 2 Flashback to the 70s ARPANET just recently came

437 views • 40 slides
Electronic Mail Overview Electronic mail History Format

Electronic Mail Overview Electronic mail History Format

Electronic Mail Overview Electronic mail History Format of email RFC 822, MIME, email addresses Sending email SMTP, DNS Retrieving

636 views • 41 slides
Electronic Mail 4: Application Protocols: SMTP and others Last Modified: 2/3/2003 8:07:08 PM

Electronic Mail 4: Application Protocols: SMTP and others Last Modified: 2/3/2003 8:07:08 PM

Electronic Mail 4: Application Protocols: SMTP and others Last Modified: 2/3/2003 8:07:08 PM 2: Application Layer 2: Application Layer 1 2 Electronic Mail Electronic Mail: mail servers outgoing message queue user mailbox user Three

527 views • 13 slides
Electronic Mail CSCI 466: Networks Keith Vertanen

Electronic Mail CSCI 466: Networks Keith Vertanen

Electronic Mail CSCI 466: Networks Keith Vertanen Fall 2011 Overview Electronic mail History Format of email RFC 822, MIME,

614 views • 40 slides
Is DANE the Future of Secure Mail? Evaluation of DNS-based Authentication of Named Entities in

Is DANE the Future of Secure Mail? Evaluation of DNS-based Authentication of Named Entities in

Chair for Network Architectures and Services Technische Universit at M unchen Is DANE the Future of Secure Mail? Evaluation of DNS-based Authentication of Named Entities in the Context of Electronic Mail Security Stefan Fochler April 7,

987 views • 57 slides
Via Electronic Mail June 10, 2010 Honorable Gregory B. Jaczko Chairman Nuclear Regulatory

Via Electronic Mail June 10, 2010 Honorable Gregory B. Jaczko Chairman Nuclear Regulatory

Via Electronic Mail June 10, 2010 Honorable Gregory B. Jaczko Chairman Nuclear Regulatory Commission Mail Stop O-16G4 Washington, DC 20555-0001 Re: Comments to Policy Issue Vote Paper on Blending of Low Level Radioactive Waste and

176 views • 4 slides
Electronic Mail Prof. Indranil Sen Gupta Professor, Dept. of Computer Science &amp; Engineering

Electronic Mail Prof. Indranil Sen Gupta Professor, Dept. of Computer Science &amp; Engineering

Electronic Mail Prof. Indranil Sen Gupta Professor, Dept. of Computer Science &amp; Engineering Indian Institute of Technology Kharagpur 1 Introduction Most heavily used application on the Internet. Simple Mail Transfer Protocol

555 views • 27 slides
PGP from: Cryptography and Network Security Fifth Edition by William Stallings Lecture slides by

PGP from: Cryptography and Network Security Fifth Edition by William Stallings Lecture slides by

PGP from: Cryptography and Network Security Fifth Edition by William Stallings Lecture slides by Lawrie Brown (*) (*) adjusted by Fabrizio d'Amore Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear, the

471 views • 31 slides
Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction Cunsheng Cunsheng Ding Ding HKUST, Hong Kong, CHI NA HKUST, Hong Kong, CHI NA Secure Elect ronic Transact ions An applicat ion-layer secur it y

483 views • 24 slides
MAIL SECURITY AND THE DNS John Levine STANDCORE LLC ICANN 65 | Marrakech MAIL AND SMTP ARE VERY

MAIL SECURITY AND THE DNS John Levine STANDCORE LLC ICANN 65 | Marrakech MAIL AND SMTP ARE VERY

MAIL SECURITY AND THE DNS John Levine STANDCORE LLC ICANN 65 | Marrakech MAIL AND SMTP ARE VERY VERY OLD Message format from RFC 733 in 1977 SMTP from RFC 788 in 1981 Both pretty much the same today, with a lot of extensions DNS

868 views • 32 slides
Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Electronic voting System security of electronic voting Stephen McCamant Exercise sets 2

424 views • 10 slides
November 14, 2011 F 202.344.8300 Via Electronic Mail Richard M. Thomas, Esquire Associate

November 14, 2011 F 202.344.8300 Via Electronic Mail Richard M. Thomas, Esquire Associate

T 202.344.4000 November 14, 2011 F 202.344.8300 Via Electronic Mail Richard M. Thomas, Esquire Associate General Counsel Office of Government Ethics 1201 New York Avenue, NW Suite 500 Washington, DC 20005-3917 Re: Comments to Proposed

256 views • 24 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Outline Elections and their security CSci 5271 Introduction to Computer Security System

Outline Elections and their security CSci 5271 Introduction to Computer Security System

Outline Elections and their security CSci 5271 Introduction to Computer Security System security of electronic voting Electronic voting Announcements intermission Stephen McCamant University of Minnesota, Computer Science &amp; Engineering

420 views • 5 slides
Senior Counsel February 19, 2016 BY HAND DELIVERY AND ELECTRONIC MAIL Luly E. Massaro,

Senior Counsel February 19, 2016 BY HAND DELIVERY AND ELECTRONIC MAIL Luly E. Massaro,

Raquel J. Webster Senior Counsel February 19, 2016 BY HAND DELIVERY AND ELECTRONIC MAIL Luly E. Massaro, Commission Clerk Rhode Island Public Utilities Commission 89 Jefferson Boulevard Warwick, RI 02888 RE: Docket 4592 - National

349 views • 18 slides
CS 457 Networking and the Internet Fall 2016 Electronic Mail: SMTP [RFC 2821] uses TCP

CS 457 Networking and the Internet Fall 2016 Electronic Mail: SMTP [RFC 2821] uses TCP

CS 457 Networking and the Internet Fall 2016 Electronic Mail: SMTP [RFC 2821] uses TCP to reliably transfer email message from client to server, port 25 direct transfer: sending server to receiving server three phases of

472 views • 11 slides
Institutional Presentation January, 2020 Security and Agility in Electronic Processes Summary

Institutional Presentation January, 2020 Security and Agility in Electronic Processes Summary

Institutional Presentation January, 2020 Security and Agility in Electronic Processes Summary About the Company Service Lines Petronect on the market Sustainability 1 Security and Agility in Electronic Processes About the Company

829 views • 25 slides
Institutional Presentation December, 2019 Security and Agility in Electronic Processes Summary

Institutional Presentation December, 2019 Security and Agility in Electronic Processes Summary

Institutional Presentation December, 2019 Security and Agility in Electronic Processes Summary About the Company Service Lines Petronect on the market Sustainability 1 Security and Agility in Electronic Processes About the Company

982 views • 25 slides
Electronic Communication Lecture 5 COMPSCI111 Todays lecture u Looking at how different

Electronic Communication Lecture 5 COMPSCI111 Todays lecture u Looking at how different

Electronic Communication Lecture 5 COMPSCI111 Todays lecture u Looking at how different types of electronic communication work u Email u Instant messaging u Forums u Issues with electronic communication u Spam u Netiquette u Security

511 views • 29 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 15: Electronic Mail Security Outline of this Lecture 1. Email security

580 views • 31 slides
Chapter 2 part B: outline 2.3 FTP 2.4 electronic mail SMTP, POP3, IMAP 2.5 DNS Application

Chapter 2 part B: outline 2.3 FTP 2.4 electronic mail SMTP, POP3, IMAP 2.5 DNS Application

Chapter 2 part B: outline 2.3 FTP 2.4 electronic mail SMTP, POP3, IMAP 2.5 DNS Application Layer 2-1 FTP: the file transfer protocol file transfer FTP FTP FTP user client server interface user remote file at host local file

413 views • 14 slides

More recommend