Lecture 07 PGP and S/MIME

1
Lecture 07 PGP and S/MIME

• Supakorn Kungpisdan, Ph.D.
• supakorn_at_mut.ac.th

2
Roadmap

• Overview of Emails
• Email Services and Security
• PGP (Pretty Good Privacy)
• S/MIME

3
Overview of Electronic Mail

• Three major components
• user agents (UAs)
• mail servers
• simple mail transfer protocol SMTP
• Mail Transfer Agents (MTAs)
• User Agent
• Known as mail reader
• composing, editing, reading mail messages
• e.g., Eudora, MS Outlook, Outlook Express,
  Netscape Messenger
• outgoing, incoming messages stored on server

4
Electronic Mail (cont.)

• Mail Servers
• mailbox contains incoming messages for user
• message queue of outgoing (to be sent) mail
  messages
• SMTP protocol
• Deliver emails from user agent to users mail
  server
• Deliver emails between mail servers

5
SMTP Protocol

• Uses TCP to reliably transfer email message from
  client to server, port 25
• Direct transfer sending server to receiving
  server via many Mail Transfer Agents (MTAs)

1
2
6
3
4
5
6
Mail Access Protocols
SMTP
access Protocol POP3, IMAP, or HTTP
receivers mail server

• SMTP delivery/storage to receivers server
• Mail access protocol retrieval from server
• POP Post Office Protocol RFC 1939
• authorization (agent lt--gt server) and download
• IMAP Internet Mail Access Protocol RFC 1730
• more features (more complex)
• manipulation of stored messages on server
• HTTP (web-based email) Hotmail , Yahoo! Mail,
  etc.

7
POP3 (more) and IMAP

• More about POP3
• 2 modes of operations download and delete and
  download and keep
• Previous example uses download and delete mode.
• Bob cannot re-read e-mail if he changes client
  machine
• Download-and-keep copies of messages on
  different clients
• POP3 is stateless across sessions

• IMAP
• Keep all messages in one place the server
• Allows user to organize messages in folders
  inbox, sent items, draft
• IMAP keeps user state across sessions
• names of folders and mappings between message IDs
  and folder name

8
Roadmap

• Overview of Email
• Email Services and Security
• PGP (Pretty Good Privacy)
• S/MIME

9
Email Security

• email is one of the most widely used and regarded
  network services
• currently message contents are not secure
• may be inspected either in transit
• or by suitably privileged users on destination
  system

10
Email Security Enhancements

• confidentiality
• protection from disclosure
• authentication
• of sender of message
• message integrity
• protection from modification
• non-repudiation of origin
• protection from denial by sender

11
Roadmap

• Overview of Email
• Email Services and Security
• PGP
• S/MIME

12
Pretty Good Privacy (PGP)

• developed by Phil Zimmermann
• widely used de facto secure email
• provides confidentiality and authentication
  services for email and file storage applications.
• selected best available crypto algs to use
• integrated into a single program
• on Unix, PC, Macintosh and other systems
• originally free, now also have commercial
  versions available

13
Summary of PGP Services
14
Authentication

• Use SHA-1/RSA or SHA-1/DSS
• Signature can be detached from the message
• To log signature
• To use when more than one party must sign the
  document e.g. contract signing

compression
decompression
15
Confidentiality

• Use symmetric-key encryption e.g. CAST-128, IDEA,
  or 3DES
• Sender generates a 128-bit key (used only one
  time) and encrypts with receivers public key
• Use RSA or encryption using DH (called Elgamal)
  for encryption

Symmetric key
Public-key encryption
Symmetric encryption
16
Confidentiality and Authentication

• Append signature to the message and encrypt using
  a session key
• The session key then is encrypted with receivers
  public key

17
Compression

• PGP compresses a message after signing but before
  encryption
• Use ZIP as compression algorithm
• Signature is generated before compression
• Can store uncompressed message and signature for
  future verification
• Different versions of compression algos provide
  different quality and formats
• Applying hash function and signature after
  compression would constrain PGP implementation
• Encryption after compression strengthens
  cryptographic security
• Less redundancy, more difficult to cryptanalysis

18
Email Compatibility

• when using PGP will have binary data to send
  (encrypted message etc)
• however email was designed only for text
• hence PGP must encode raw binary data into
  printable ASCII characters
• uses radix-64 algorithm
• maps 3 bytes to 4 printable chars
• also appends a CRC
• PGP also segments messages if too big

19
Segmentation and Reassembly

• Email normally has max length of 50,000
  characters
• PGP provides segmentation of email messages after
  radix-64 conversion
• Session-key component and signature appear only
  once at the beginning of the first segment
• At receiving end, PGP removes headers and
  reassemble segments

20
PGP Operation Summary
21
Cryptographic Keys and Key Rings

• Four types of keys used
• One-time session symmetric keys
• Public keys
• Private keys
• Passphrase-based symmetric keys

22
Session Key Generation

• Each session key is used only once to encrypt and
  decrypt a message.
• Different algos use different lengths of keys
• 128 bits for CAST-128 and IDEA
• 168 bits or 3DES
• uses random inputs taken from previous uses and
  from keystroke timing of user

23
PGP Key Rings

• each PGP user has a pair of keyrings
• public-key ring contains all the public-keys of
  other PGP users known to this user, indexed by
  key ID
• private-key ring contains the public/private key
  pair(s) for this user, indexed by key ID
  encrypted keyed from a hashed passphrase
• security of private keys thus depends on the
  pass-phrase security

24
PGP Message Generation
25
PGP Message Reception
26
PGP Key Management

• rather than relying on certificate authorities
• in PGP every user is own CA
• can sign keys for users they know directly
• forms a web of trust
• trust keys have signed
• can trust keys others have signed if have a chain
  of signatures to them
• key ring includes trust indicators
• users can also revoke their keys

27
Roadmap

• Overview of Email
• Email Services and Security
• PGP (Pretty Good Privacy)
• S/MIME

28
S/MIME

• Secure Multi-purpose Internet Mail Extension
• security enhancement to MIME email
• original Internet RFC822 email was text only
• MIME provided support for varying content types
  and multi-part messages
• with encoding of binary data to textual form
• S/MIME added security enhancements
• have S/MIME support in many mail agents
• eg MS Outlook, Mozilla, Mac Mail etc

29
Mail Message Format

• RFC 822 standard for text message format
• header lines, e.g.,
• To
• From
• Subject
• body
• the message, 7-bit ASCII characters only

header
blank line
body
30
MIME

• Enable sending multimedia messages or attachments
  with non-ASCII format
• Additional lines in msg header declare MIME
  content type

From alice_at_crepes.fr To bob_at_hamburger.edu
Subject Picture of yummy crepe. MIME-Version
1.0 Content-Transfer-Encoding base64
Content-Type image/jpeg base64 encoded data
..... ......................... ......base64
encoded data
MIME version
method used to encode data
multimedia data type, subtype, parameter
declaration
encoded data
31
The Received Message

• Received from crepes.fr by hamburger.edu 12 Oct
  98 152739 GMT
• From alice_at_crepe.fr
• To bob_at_hamburger.edu
• Subject Picture of yummy crepe.
• MIME-Version 1.0
• Content-Transfer-Encoding base64
• Content-Type image/jpeg
• base64 encoded data . . . . .
• . . . .. . . . .. . . . .
• . . . . Base64 encoded data

32
MIME Content Types
text/plain
image/jpeg
33
MIME Transfer Encodings
34
S/MIME Functionality

• Getting a digital ID for emails
• Enveloped data
• Consist of encrypted content and encrypted
  encryption key
• Signed data
• Hash then sign with private key of signer then
  encode with base64
• Can be viewed only by a S/MIME supported
  recipient
• Clear-signed data
• Only signature is encoded with base64
• Non-S/MIME user can view, but not verify it

35
S/MIME Cryptographic Algorithms

• digital signatures DSS RSA
• hash functions SHA-1 MD5
• session key encryption ElGamal RSA
• message encryption AES, Triple-DES, RC2/40 and
  others
• MAC HMAC with SHA-1
• have process to decide which algs to use

36
Rules of Sending Agents

1. If sending agent (SA) has a list of preferred
   decrypting algos from receiver, SA SHOULD choose
   the first on the list.
2. IF SA has no such list but received encrypted
   msgs, SA SHOULD use the same encryption algo that
   was used on the last message received.
3. If SA has no knowledge and want to take the risk,
   SA uses 3DES

37
S/MIME Content Types

• Special types based on public-key cryptography.

38
Securing a MIME Entity

• Use signature, encryption, or both
• MIME entity plus some security-related data e.g.
  algo identifiers and certificates are processed
  by S/MIME to produce a PKCS object
• The PKCS object is then wrapped in MIME.
• It is converted into 7-bit ASCII by base64
• Types
• EnvelopedData
• SignedData
• Clear Signing
• etc.

39
EnvelopedData

• Application/pkcs7-mime is used
• Each resulting entity (an object) is represented
  in a form of Basic Encoding Rules (BER) (e.g.
  binary format).
• BER is then converted to ASCII by base64
• Process
• Generate a pseudorandom session key
• Encrypt the session key with recipients public
  key
• Prepare a block of RecipientInfo
• contains ID of recipients cert, ID of encryption
  algos, and encrypted session key
• Encrypt the message with the session key
• RecipientInfo encrypted content envelopedData
• envelopedData is then encoded into base64

40
EnvelopedData (cont.)

• Content-Type application/pkcs7-mime
• smime-typeenveloped-data name-smime.p7m
• Content-Transfer-Encoding base64
• Content-Disposition attachment
• filenamesmime.p7m
• Fdskfjhglasfhgksd4nkdfngiewksa4dnfk76sdgklsdnfksld
  fjbvfsldkfvlskdnfvlks4dnf2lkvs3ndflkvsdnvskdfvnksl
  dnfvklsdnvks9ldnvlksnkadlnslkn3dlsknfskldnflksdnfl
  vsdnlklkdsnvlksdnlskdnkdfslfnvsfq
• Recipient converts back to binary and decrypts
  the session key using his/her private key, and
  decrypts the message using the session key

41
SignedData

• signedData can be used with one or more signers.
• Process
• Select a hash algo (SHA or MD5)
• Computer hash value of the content
• Sign the hash value using signers private key
• Prepare block of SignerInfo that contains
• Signers cert including a set of necessary certs
  to trace root CA
• ID of hash algo,
• ID of encryption algo,
• encrypted hash value
• signedData hash ID, the message, SignerInfo
• signedData is then converted into base64

42
SignedData (cont.)

• Content-Type application/pkcs7-mime
• smime-typesigned-data name-smime.p7m
• Content-Transfer-Encoding base64
• Content-Disposition attachment
• filenamesmime.p7m
• Sdflgnsnbdsflkdvlsmvldsldsn4ssdlfkmvldsfmvfadmfvsm
  faadnva/vlsadnvfkadnvskjdnfvlsfdvmqaanfsd4kjdnvsdf
  nvskdjnfv534ksdjnfdsnfdkdjfsjh5sdhklsjhgskjghiwuer
  hwjenfkjnfkjshdfjksdgvjksdvjskdfvnsjdkf5
• To verify signature, convert back to binary, use
  the signers public key to decrypt the hash
  value. Then compare the hash values

43
Clear Signing

• The message is sent in clear for non-S/MIME user.
• A multipart/signed message has two parts
• MIME if not in 7-bit ASCII, converted into ASCII
• Signed MIME processed in the same manner as
  signedData

44
Clear Signing (contd)
This email has many parts

• Content-Type multipart/signed
• protocolapplication/pkcs7-signature
• micalgsha1 boundaryboundary42
• --boundary42
• Content-Type text/plain
• This is a clear-signed message.
• --boundary42
• Content-Type application/pkcs7-signature
• namesmime.p7s
• Content-Transfer-Encoding base64
• Content-Disposition attachment
  filenamesmime.p7s
• Sdflgnsnbdsflkdvlsmvldsldsn4ssdlfkmvldsfmvfadmfvsm
  faadnva/vlsadnvfkadnvskjdnfvlsfdvmqaanfsd4kjdnvsdf
  nvskdjnfv534ksdjnfdsnfdkdjfsjh5sdhklsjhgskjghiwuer
  hwjenfkjn
• --boundary42--

45
Questions?
46
Quiz

• 1. ?????????????????????? zip ????????????
  Digital Signature ??????????????????
• 2. ???????????????????????????????????????????????
  2 ?????????????????????????????????????????
  End-to-end authentication ??? Encryption
  ????????????? frame format ??? IPSec packet
  ?????????????????????????
• 1) Transport adjacency ?????????? authentication
  ???? encryption
• 2) Transport SA ?????? bundle ????? Tunnel SA
  ??????? encryption ???? authentication
• 3) Tunnel SA ?????? bundle ????? Tunnel SA
  ??????? authentication ???? encryption

47
Quiz (cont.)