SECURITY PRACTICE AND SYSTEM

SECURITY
Prepared By:
Dr. Somya Dubey
 Electronic Mail security
◦ PGP, S/MIME
 IP security
 Web Security
 SYSTEMSECURITY:
◦ Intruders
◦ Malicious software
◦ viruses
◦ Firewalls.
 After web browsing, e-mail is the most widely used network-
reliant application.
 Mail servers, after web servers, are the most often attacked
Internet hosts.
 Basic e-mail offers little security, counter to public perception.
 Good technical solutions are available, but not widely used.
◦ If we understand why this is so, we might understand
something about why security is ‘hard’.
 RFC 822 defines a format for text email messages.
 An email message is considered to be made up of two portions:
 Its contents (or body) and headers.
 This is very similar to the way our manual postal system works.
 There also, we have letters (similar to email contents) and envelopes (similar
to email headers).
 Therefore, an email message consists of a number of header lines followed by
the actual message contents.
 A header line usually consists of a keyword, followed by a colon, followed
by the keyword’s arguments.
 Loss of confidentiality.
◦ E-mails are sent in clear over open networks.
◦ E-mails stored on potentially insecure clients and
mail servers.
 Loss of integrity.
◦ No integrity protection on e-mails; anybody be
altered in transit or on mail server.
 Lack of data origin authentication.
◦ Is this e-mail really from the person named in the From:field?
 Lack of non-repudiation.
◦ Can I rely and act on the content? (integrity)
◦ If so, can the sender later deny having sent it? Who is liable if I
have acted?
 Lack of notification of receipt.
◦ Has the intended recipient received my e-mail and acted on it?
◦ A message locally marked as ‘sent’ may not have been
delivered.
 What are the Options?
◦ Secure the server to client connections (easy thing first)
 https access to webmail
 Protection against insecure wireless access
◦ Secure the end-to-end email delivery
 The PGPs of the world
 Practical in an enterprise intra-network environment
 PGP provides a confidentiality and authentication service that can be used
for electronic mail and file storage applications.
 With the explosively growing reliance on electronic mail for every
conceivable purpose, there grows a demand for authentication and
confidentiality services.
 Phil Zimmerman is the father of the Pretty Good Privacy (PGP) protocol.
 The best available crypto algorithms to use & integrated them into a single
program
 PGP provides a confidentiality and authentication service that can be used
for electronic mail and file storage applications.
 It is independent of government organizations and runs on a wide range of
systems, in both free & commercial versions.
 PGP is an e-mail security program written by Phil
Zimmermann, based on the IDEA algorithm for
encryption of plaintext and uses the RSA Public Key
algorithm for encryption of the private key.
 PGP incorporates tools for developing a public-key
trust model and public-key certificate management.
 PGP is an open-source freely available
software package for e-mail security. It
provides authentication; confidentiality;
compression; e-mail compatibility; and
segmentation and reassembly.
 In PGP, it consists of the creation of a message digest
of the email message using the SHA-1 algorithm.
 The resulting message digest is then encrypted with the
sender’s private key. The result is the sender’s digital
signature.
 Here, the input message as well as the digital signature
are compressed together to reduce the size of the final
message that will be transmitted.
 For this, the famous ZIP program is used. ZIP is based
on the Lempel–Ziv algorithm.
 In this step, the compressed output of step 2 (i.e. the
compressed form of the original email and the digital
signature together) are encrypted with a symmetric key.
 For this, generally the IDEA algorithm in CFB mode is
used.
 In this case, the symmetric key used for encryption in
step 3 is now encrypted with the receiver’s public key.
 The output of step 3 and step 4 together form a digital
envelope.
 The Base-64 encoding (also called Radix-64 encoding or ASCII armour)
process transforms arbitrary binary input into printable character output.
 In this technique, the binary input is processed in blocks of 3 octets, or 24
bits.
 These 24 bits are considered to be made up of 4 sets, each of 6 bits.
 Each such set of 6 bits is mapped into an 8-bit output character in this
process.
 Every PGP user needs to have two sets of key rings:
(a) A ring of her own public-private key pairs, and
(b) A ring of the public keys of other users.
 Signing the message
 a. PGP retrieves the sender's private key from the private-key ring
using your_userid as an index. If your_userid was not provided in
the command, the first private key on the ring is retrieved.
 b. PGP prompts the user for the passphrase to recover the
unencrypted private key.
 c. The signature component of the message is constructed
 Encrypting the message
 a. PGP generates a session key and encrypts the message.
 b. PGP retrieves the recipient's public key from the public-key ring
using her_userid as an index.
 c. The session key component of the message is constructed.
 Decrypting the message
 a. PGP retrieves the receiver's private key from the private-key
ring, using the Key ID field in the session key component of the
message as an index.
 b. PGP prompts the user for the passphrase to recover the
unencrypted private key.
 c. PGP then recovers the session key and decrypts the message.
 Authenticating the message
 a. PGP retrieves the sender's public key from the public-key ring,
using the Key ID field in the signature key component of the
message as an index.
 b. PGP recovers the transmitted message digest.
 c. PGP computes the message digest for the received message
and compares it to the transmitted message digest to authenticate.
 (a) Introducer Trust: The introducer trust then specifies what
level of trust the introducer wants to allocate to other users in
the system. These levels are none, partial, and complete.
 (b) Certificate Trust:When a user A receives a certificate of
another user B issued by a third user C, depending on the level
of trust that A has in C, A assigns a certificate trust level to that
certificate while storing it.
 (c) Key Legitimacy: The objectives behind introducer trust
and certificate trust is to decide whether to trust the public key
of a user. In PGP terms, this is called key legitimacy.
 PGP defines the following simple rule to decide the key
legitimacy:
 The level of key legitimacy for a user is the weighted
trust level for that user.
 For instance, suppose we have assigned certain weights
to certificate trust levels.
 Regardless of the mechanism, eventually the process of
obtaining keys of other users and sending our
own to others creates what is called a web of trust between
groups of people.
 This keeps the public key ring getting bigger and bigger,
and helps secure the email communication.
 Whenever a user needs to revoke his/her public key
(because of loss of private key, etc), he/she needs
to send a key revocation certificate to the other users.
 This certificate is self-signed by the user with
his/her private key
 The Multipurpose Internet Mail Extensions (MIME) system extends the basic
email system by permitting users to send binary files using the basic email
system. MIME is defined in RFCs 2045
to2049.
 S/MIME (Secure/Multipurpose Internet Mail Extension) is a security
enhancement to the MIME Internet e-mail format standard, which in turn
provided support for varying content types and multi-part messages over the
text only support in the original Internet RFC822 email standard.
 MIME provides a number of new header fields that define information about
the body of the message, including the format of the body and any encoding
that is done to facilitate transfer. Most important, MIME defines a number of
content formats, which standardize representations for the support of
multimedia e-mail.
 Examples include text, image, audio, and video.
 The MIME specification adds five new headers to the email system, which
describe information about the body of the message:

 (a) MIME-Version
 (b) Content-Type
 (c) Content-Transfer-Encoding
 (d) Content-ID Identifies the MIME entities uniquely with reference to
multiple contexts.
 (e) Content-Description:Used when the body is not readable (e.g. video).
 a) MIME-Version This contains the MIME version number. This field
indicates that the message conforms to RFCs 2045 and 2046.
 (b) Content-Type -This describes the data contained in the body of the
message. The details provided are sufficient so that the receiver email
system can deal with the received email message in an appropriate manner.
The contents are specified as:
Type/Sub-type
 MIME specifies 7 content types, and 15 content sub-types.
 Like PGP, S/MIME provides for digital signatures and encryption of email messages.
 These content-types support four new functions:
 S/MIME prefers the usage of the following cryptographic
algorithms:
● Digital Signature Standard (DSS) for digital signatures
● Diffie–Hellman for encrypting the symmetric session keys
● RSA for either digital signatures or for encrypting the
symmetric session keys
● DES-3 for symmetric key encryption
 S/MIME supports the various cryptographic
algorithms:
 S/MIME secures a MIME entity with a signature, encryption, or both.
 The MIME entity is prepared as per the usual MIME rules.
 This is processed by S/MIME, along with security-related data, such as
identifiers of algorithms and digital certificates.
 The output of this process is called a Public Key Cryptography Standard
(PKCS) object.
 This PKCS object itself is now considered as a message content and is
wrapped inside MIME, with the addition of appropriate MIME headers.
 S/MIME supports digital signature, encryption or both.
 S/MIME processes the email messages along with the other security-related
data, such as the algorithms used and the digital certifiates to produce a
PKCS object.
 It is then treated like a message content.
 This means that appropriate MIME headers are added to it.
 For this purpose, S/MIME has two new content types and six new sub-types.
 S/MIME uses X.509V3 certificates.
 The key-management scheme used by S/MIME is a bit of a mixture of the
X.509 certificate hierarchy and the web of trust, as specified in PGP.
 Like PGP, S/MIME needs a configuration of the list of trusted keys and
CRLs(Certificate Revocation List). Certificates are signed by CAs, as
usual.
 An S/MIME user performs three key-management functions:
 Three additional features are proposed in the S/MIME :

(a) Signed Receipts :This message can be used as acknowledgment of an original message. This
provides proof of delivery of a message to the original sender. The recipient signs the entire
message (including the original message sent by the sender, the signature of the sender, and the
acknowledgment) and creates an S/MIME message type out of it.

(b) Security Labels: A security label may be added to a message to identify its sensitivity (how
confidential it is), access control (who can access it), and priority (secret, confidential, restricted,
etc.).

(c) Secure Mailing Lists: An S/MIME Mailing List Agent (MLA) can be created to take over
the processing that is required per recipient whenever a sender sends a message to multiple
users. For example, if a message is being sent to 10 recipients, it may have to be encrypted with
the 10 respective public keys of the recipients. An MLA can take a single incoming message,
perform the recipient specific encryption, and forward the message. This means that the original
sender needs to only encrypt the message once (with the public key of the MLA) and only send it
once (to the MLA). The MLA then does the remaining work