Module IV

Email Security

Two Schemes used for Electronic mail security

 PGP (Pretty Good Privacy )

 S/MME(Secure/Multipurpose Internet Mail Extension)

Pretty Good Privacy (PGP)

PGP is mainly used for personal email security .It is an effort of a single person Phil
Zimmermann in 1991. PGP provides privacy,authentication,integrity and non-
repudiation.

Features

1. Selected the best cryptographic mechanisms (algorithms) as building blocks.

2. Integrated these algorithms into a general purpose application that is
independent of operating system and processor and that is based on a small set of
easy to use commands.
3. Made the package and its source code freely available via the Internet, bulletin
boards, and commercial networks such as America On Line (AOL).
4. Entered into an agreement with a company (Via crypt, now Network Associates) to
provide a fully compatible low cost commercial version of PGP.
5. Platform independent. It is available free worldwide in versions that run on many
different platforms, Windows, UNIX, Mac etc. In addition the commercial version
satisfies those who want vendor support.
6. Available free world wide via the internet
7. It was not created by or nor controlled by government or standard organization.
8. PGP is now on an Internet standards track (RFC 3156). Nevertheless, PGP still has
an aura of an anti-establishment endeavor.
Operational Description
PGP consists of the following five services:
1. Authentication
2. Confidentiality.
3. Compression
4. E-mail compatibility
5. Segmentation

1
Authentication

M-Plain Message
H-Hash Function
EP-Public Key Encryption
DP-Public key Decryption
PRa-Private Key of user A
PUa-Public key of a user A
Z-Compression
||- Concatenation
Z-1-Inverse Compression
Sender:

1. Generates message and a random number (session key) only for this message
2. Encrypts message with the session key using AES, 3DES, IDEA or CAST-128
3. Encrypts session key itself with recipient’s public key using RSA
4. Attaches it to message

Receiver:

1. Recovers session key by decrypting using his private key

2. Decrypts message using the session key

Confidentiality service provides no assurance to the receiver as to the identity of

sender (i.e. no authentication). Only provides confidentiality for sender that only the
recipient can read the message (and no one else)

2
Confidentiality & Authentication

EC-Symmetric Encryption

ED- Symmetric decryption

KS- Session Keyused in Symmetric Encryption algorithm

 can use both services on same message

 create signature & attach to message
 encrypt both message & signature
 attach RSA/ElGamal encrypted session key
 is called authenticated confidential.

Compression

As a default, PGP compresses the message after applying the signature but
before encryption. This has the benefit of saving space both for e-mail transmission
and for file storage. The placement of the compression algorithm, indicated by Z for
compression and Z - 1 for decompression is critical. The compression algorithm used
is ZIP.

 The signature is generated before compression for two reasons:

1. so that one can store only the uncompressed message together with signature for
later verification

3
 2. Applying the hash function and signature after compression would constrain all
PGP implementations to the same version of the compression algorithm as the
PGP compression algorithm is not deterministic
 Message encryption is applied after compression to strengthen
cryptographic security. Because the compressed message has less
redundancy than the original plaintext, cryptanalysis is more difficult.

Email Compatibility

When PGP is used, at least part of the block to be transmitted is encrypted, and
thus consists of a stream of arbitrary 8-bit octets. However many electronic mail
systems only permit the use of ASCII text. To accommodate this restriction, PGP
provides the service of converting the raw 8-bit binary stream to a stream of printable
ASCII characters. It uses radix-64 conversion, in which each group of three octets of
binary data is mapped into four ASCII characters. This format also appends a CRC to
detect transmission errors. The use of radix 64 expands a message by 33%, but still an
overall compression of about one-third can be achieved.

Segmentation/Reassembly

E-mail facilities often are restricted to a maximum message length. For example,
many of the facilities accessible through the Internet impose a maximum length of
50,000 octets. Any message longer than that must be broken up into smaller
segments, each of which is mailed separately.

To accommodate this restriction, PGP automatically subdivides a message that

is too large into segments that are small enough to send via e-mail. The segmentation
is done after all of the other processing, including the radix-64 conversion. Thus, the
session key component and signature component appear only once, at the beginning
of the first segment. Reassembly at the receiving end is required before verifying
signature or decryption.

4
 Four Aspects of PGP

PGP was designed to provide all four aspects of security, i.e., privacy,
integrity, authentication, and non-repudiation in the sending of email.

PGP uses a digital signature (a combination of hashing and public key

encryption) to provide integrity, authentication, and non-repudiation. PGP uses a
combination of secret key encryption and public key encryption to provide privacy.
Therefore, we can say that the digital signature uses one hash function, one secret
key, and two private-public key pairs.

PGP at Sender Site

 The e-mail message is hashed by using a hashing function to create a digest.

 The digest is then encrypted to form a signed digest by using the sender's
private key, and then signed digest is added to the original email message.
 The original message and signed digest are encrypted by using a one-time
secret key created by the sender.
 The secret key is encrypted by using a receiver's public key.
 Both the encrypted secret key and the encrypted combination of message and
digest are sent together.

5
PGP at the Receiver site

 The receiver receives the combination of encrypted secret key and message
digest is received.
 The encrypted secret key is decrypted by using the sender's private key to get
the one-time secret key.
 The secret key is then used to decrypt the combination of message and digest.
 The digest is decrypted by using the sender's public key, and the original
message is hashed by using a hash function to create a digest.
 Both the digests are compared if both of them are equal means that all the
aspects of security are preserved.

Disadvantages of PGP Encryption

6
  The Administration is difficult: The different versions of PGP complicate the
administration.
 Compatibility issues: Both the sender and the receiver must have compatible
versions of PGP. For example, if you encrypt an email by using PGP with one of
the encryption technique, the receiver has a different version of PGP which
cannot read the data.
 Complexity: PGP is a complex technique. Other security schemes use
symmetric encryption that uses one key or asymmetric encryption that uses two
different keys. PGP uses a hybrid approach that implements symmetric
encryption with two keys. PGP is more complex, and it is less familiar than the
traditional symmetric or asymmetric methods.
 No Recovery: Computer administrators face the problems of losing their
passwords. In such situations, an administrator should use a special program to
retrieve passwords. For example, a technician has physical access to a PC
which can be used to retrieve a password. However, PGP does not offer such a
special program for recovery; encryption methods are very strong so, it does not
retrieve the forgotten passwords results in lost messages or lost files.

S/MIME

S/MIME (Secure/Multipurpose Internet Mail Extension) is a security

enhancement to the MIME Internet e-mail format standard, which in turn provided
support for varying content types and multi-part messages over the text only support in
the original Internet RFC822 email standard. MIME allows encoding of binary data to
textual form for transport over traditional RFC822 email systems.

Multipurpose Internet Mail Extensions

MIME is an extension to the RFC 822 framework that is intended to address

some of the problems and limitations of the use of SMTP (Simple Mail Transfer
Protocol) or some other mail transfer protocol and RFC 822 for electronic mail.

Problems with RFC 822 and SMTP

 Executable files or other binary objects must be converted into ASCII. Various
schemes exist (e.g., Unix UUencode), but a standard is needed
7
  Text data that includes special characters (e.g., Hungarian text) cannot be
transmitted as SMTP is limited to 7-bit ASCII
 Some servers reject mail messages over a certain size
 Some common problems exist with the SMTP implementations which do not
adhere completely to the SMTP standards defined in RFC 821. They are:
 delete, add, or reorder CR and LF characters
 truncate or wrap lines longer than 76 characters
 remove trailing white space (tabs and spaces)
 pad lines in a message to the same length
 convert tab characters into multiple spaces

MIME is intended to resolve these problems in a manner that is compatible with

existing RFC 822 implementations and the specification is provided in RFC’s 2045
through 2049.

The MIME specification includes the following elements:

1. Five new message header fields are defined, which provide information about the
body of the message.

2. A number of content formats are defined, thus standardizing representations that

support multimedia electronic mail.

3. Transfer encodings are defined that protect the content from alteration by the mail
system.

MIME - New header fields

The five header fields defined in MIME are as follows:

 MIME-Version: Must have the parameter value 1.0. This field indicates that the
message conforms to RFCs 2045 and 2046.
 Content-Type: Describes the data contained in the body with sufficient detail
that the receiving user agent can pick an appropriate agent or mechanism to
represent the data to the user or otherwise deal with the data in an appropriate
manner.
 Content-Transfer-Encoding: Indicates the type of transformation that has been
used to represent the body of the message in a way that is acceptable for mail
transport.
8
  Content-ID: Used to identify MIME entities uniquely in multiple contexts.
 Content-Description: A text description of the object with the body; this is useful
when the object is not readable (e.g., audio data).

S/MIME Functionality

S/MIME has a very similar functionality to PGP. Both offer the ability to sign and/or
encrypt messages.

Functions

S/MIME provides the following functions:

 Enveloped data: This consists of encrypted content of any type and encrypted
content encryption keys for one or more recipients.
 Signed data: A digital signature is formed by taking the message digest of the
content to be signed and then encrypting that with the private key of the signer.
The content plus signature are then encoded using base64 encoding. A signed
data message can only be viewed by a recipient with S/MIME capability.
 Clear-signed data: As with signed data, a digital signature of the content is
formed. However, in this case, only the digital signature is encoded using base64.
As a result, recipients without S/MIME capability can view the message content,
although they cannot verify the signature.
 Signed and enveloped data: Signed-only and encrypted-only entities may be
nested, so that encrypted data may be signed and signed data or clear-signed data
may be encrypted.

Cryptographic Algorithms

S/MIME uses the following terminology, taken from RFC 2119 to specify the
requirement level:

 Must: The definition is an absolute requirement of the specification. An

implementation must include this feature or function to be in conformance with the
specification.
 Should: There may exist valid reasons in particular circumstances to ignore this
feature or function, but it is recommended that an implementation include the
feature or function.

9
 IP Security Overview
Internet Protocol security (IPsec) is a framework of open standards for
protecting communications over Internet Protocol (IP) networks through the use of
cryptographic security services. IPsec supports network-level peer authentication,
data origin authentication, data integrity, data confidentiality (encryption), and replay
protection.

Need for IPsec

In Computer Emergency Response Team (CERT)’s 2001 annual report it listed

52,000 security incidents in which most serious types of attacks included IP spoofing,
in which intruders create packets with false IP addresses and exploit applications that
use authentication based on IP and various forms of eavesdropping and packet
sniffing, in which attackers read transmitted information, including logon information
and database contents. In response to these issues, the IAB included authentication
and encryption as necessary security features in the next-generation IP i.e. IPv6.

Applications of IPsec
IPsec provides the capability to secure communications across a LAN, across
private and public wide area networks (WAN’s), and across the Internet.

• Secure branch office connectivity over the Internet: A company can build a secure
virtual private network over the Internet or over a public WAN. This enables a
business to rely heavily on the Internet and reduce its need for private networks,
saving costs and network management overhead.

• Secure remote access over the Internet: An end user whose system is equipped
with IP security protocols can make a local call to an Internet service provider (ISP)
and gain secure access to a company network. This reduces the cost of toll
charges for travelling employees and telecommuters.

• Establishing extranet and intranet connectivity with partners: IPsec can be used
to secure communication with other organizations, ensuring authentication and
confidentiality and providing a key exchange mechanism.

• Enhancing electronic commerce security: Even though some Web and electronic
commerce applications have built-in security protocols, the use of IPsec enhances
that security.
10
The principal feature of IPsec enabling it to support varied applications is that it can
encrypt and/or authenticate all traffic at IP level. Thus, all distributed applications,
including remote logon, client/server, e-mail, file transfer, Web access, and so on,
can be secured.

Benefits of IPsec

The benefits of IPsec are listed below:

• IPsec in a firewall/router provides strong security to all traffic crossing the

perimeter

• IPsec in a firewall is resistant to bypass

• IPsec is below transport layer (TCP, UDP), hence transparent to applications

• IPsec can be transparent to end users

• IPsec can provide security for individual users if needed (useful for offsite workers
and setting up a secure virtual sub network for sensitive applications)

11
 IP Security Architecture
To understand IP Security architecture, we examine IPsec documents first and then
move on to IPsec services and Security Associations.
IPsec Documents
The IPsec specification consists of numerous documents. The most important of these,
issued in November of 1998, are RFCs 2401, 2402, 2406, and 2408:
• RFC 2401: An overview of security architecture.
• RFC 2402: Description of a packet authentication extension to IPv4 and IPv6.
• RFC 2406: Description of a packet encryption extension to IPv4 and IPv6.
• RFC 2408: Specification of key management capabilities.

The documents are divided into seven groups, as depicted in following figure:

12
Architecture: Covers the general concepts, security requirements, definitions, and
mechanisms defining IPsec technology
• Encapsulating Security Payload (ESP): Covers the packet format and general
issues related to the use of the ESP for packet encryption and, optionally,
authentication.
• Authentication Header (AH): Covers the packet format and general issues related to
the use of AH for packet authentication.
• Encryption Algorithm: A set of documents that describe how various encryption
algorithms are used for ESP.
• Authentication Algorithm: A set of documents that describe how various
authentication algorithms are used for AH and for the authentication option of ESP.
• Key Management: Documents that describe key management schemes.
• Domain of Interpretation (DOI): Contains values needed for the other documents to
relate to each other. These include identifiers for approved encryption and
authentication algorithms, as well as operational parameters such as key lifetime.

IPsec Services
The IPsec services are as follows:

 Connectionless Integrity:- Data integrity service is provided by IPSec via AH

which prevents the data from being altered during transmission.

 Data Origin Authentication:- This IPSec service prevents the occurrence of

replay attacks, address spoofing etc., which can be fatal

13
  Access Control:- The cryptographic keys are distributed and the traffic flow is
controlled in both AH and ESP protocols, which is done to accomplish access
control over the data transmission.

 Confidentiality:- Confidentiality on the data packet is obtained by using an

encryption technique in which all the data packets are transformed into
ciphertext packets which are unreadable and difficult to understand.
 Limited Traffic Flow Confidentiality:- This facility or service provided by
IPSec ensures that the confidentiality is maintained on the number of packets
transferred or received. This can be done using padding in ESP.
 Replay packets Rejection:- The duplicate or replay packets are identified and
discarded using the sequence number field in both AH and ESP.
Security Associations
A security association is uniquely identified by three parameters:
• Security Parameters Index (SPI): A bit string assigned to this SA and having local
significance only. The SPI is carried in AH and ESP headers to enable the receiving
system to select the SA under which a received packet will be processed.
• IP Destination Address: Currently, only unicast addresses are allowed; this is the
address of the destination endpoint of the SA, which may be an end user system or a
network system such as a firewall or router.
• Security Protocol Identifier: This indicates whether the association is an AH or ESP
security association.
Authentication Header
The Authentication Header provides support for data integrity and authentication
of IP packets. The data integrity feature ensures that undetected modification to a
packet's content in transit is not possible. The authentication feature enables an end
system or network device to authenticate the user or application and filter traffic
accordingly; it also prevents the address spoofing attacks observed in today's Internet.
The AH also guards against the replay attack. Authentication is based on the use of a
message authentication code (MAC), hence the two parties must share a secret key.
The Authentication Header consists of the following fields:

14
 IPSec Authentication Header

• Next Header (8 bits): Identifies the type of header immediately following this header.
• Payload Length (8 bits): Length of Authentication Header in 32-bit words, minus 2.
For example, the default length of the authentication data field is 96 bits, or three 32-bit
words. With a three-word fixed header, there are a total of six words in the header, and
the Payload Length field has a value of 4.
• Reserved (16 bits): For future use.
• Security Parameters Index (32 bits): Identifies a security association.
• Sequence Number (32 bits): A monotonically increasing counter value, discussed
later.
• Authentication Data (variable): A variable-length field (must be an integral number
of 32-bit words) that contains the Integrity Check Value (ICV), or MAC, for this packet.

Encapsulating Security Payload

The Encapsulating Security Payload provides confidentiality services, including
confidentiality of message contents and limited traffic flow confidentiality. As an
optional feature, ESP can also provide an authentication service.
ESP Format
The following figure shows the format of an ESP packet. It contains the following fields :

15
 IPSec ESP format

 Security Parameters Index (32 bits): Identifies a security association.
 Sequence Number (32 bits): A monotonically increasing counter value; this
provides an anti-replay function, as discussed for AH.
 Payload Data (variable): This is a transport-level segment (transport mode) or
IP packet (tunnel mode) that is protected by encryption.
 Padding (0-255 bytes): This field is used to make the length of the plaintext to
be a multiple of some desired number of bytes. It is also added to provide
confidentiality.
 Pad Length (8 bits): Indicates the number of pad bytes immediately preceding
this field.
 Next Header (8 bits): Identifies the type of data contained in the payload data
field by identifying the first header in that payload (for example, an extension
header in IPv6, or an upper-layer protocol such as TCP).
 Authentication Data (variable): A variable-length field (must be an integral
number of 32-bit words) that contains the Integrity Check Value computed over
the ESP packet minus the Authentication Data field.

16