Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Jim Binkley Email Security Network Security. 2 Jim Binkley warning: u lecture title has large oxymoron potential u email attachments largest source.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Jim Binkley Email Security Network Security. 2 Jim Binkley warning: u lecture title has large oxymoron potential u email attachments largest source."— Presentation transcript:

1 1 Jim Binkley Email Security Network Security

2 2 Jim Binkley warning: u lecture title has large oxymoron potential u email attachments largest source of security woe? –buffer overflow in 2nd place? u click on me... leads to perdition

3 3 Jim Binkley outline u architecture u threats –and what we can do about those threats u viruses/hoaxes/trojans/spam u cryptography and email u conclusions

4 4 Jim Binkley email server architecture u by definition email servers are L7 gateways u or put another way: proxy servers u email sent to company gateway (foo.com) –then forwarded to final recipient via: –1. SMTP –2. POP/IMAP u therefore the following slide is fundamental

5 5 Jim Binkley SMTP architecture (generalized) User Agent local MTA relay MTA per domain mail gateway relay MTA User Agent local MTA mail app, e.g., pine host sendmail mail app host sendmail foo.com mail gateway fuzz.foo.com Q Q

6 6 Jim Binkley or perhaps like this email server for foo.com smtp/tcp/25 pop or similar protocol win/ outlook pointyhair@foo.com

7 7 Jim Binkley or perhaps like this email server for foo.com smtp/tcp/25 sun workstation XMH user agent funnytie@foo.com

8 8 Jim Binkley remember: firewall and bastion- host architecture email server for foo.com smtp/tcp/25 sun workstation XMH user agent funnytie@foo.com FW lets in port 25/TCP to email server only Inet

9 9 Jim Binkley evil variation #1 (old) - email proxy internal email proxy server (no controls) spam sender spamee port 25 what are counter-measures?

10 10 Jim Binkley evil variation #2 (newish) - circuit proxy (web proxy) hacked box spam sender spamee port 25 what are counter-measures? socks relay

11 11 Jim Binkley re pop and similar protocols u TCP-based u username/password –password sent in the clear u file fetching, where files are email of course –files are put in “in-box” or in folder –or whatever abstraction email client uses u note pop protocol may be done on Internet (external) or intranet (internal)

12 12 Jim Binkley pop2/pop3/imap u pop2, tcp port 109 (outmoded) u pop3, tcp port 110 u imap (versions 2/4), tcp port 143 u basic idea: host uses TCP –ftp-like protocol –to get (and send) email thru “local” mail-server –smtp used to send email usually

13 13 Jim Binkley pop3 - RFC 1081, Nov 1988 u commands: –USER name –PASS string (plaintext) –QUIT –STAT # of messages for user, plus size of email in bytes –LIST [msgid] list of message-ids –RETR [msgid] - get a message –DELE msg –LAST - last msg-id

14 14 Jim Binkley some evolution over time u current RFCs –RFC 1939, May 1996 –APOP name digest extension allows the use of a MD5 digest (shared secret) –not widely used? u RFC 2449 talks about how to make pop more extensible u so what capability are we missing so far?

15 15 Jim Binkley imap (more complex) u RFC 3501, U. Washington, March 2003 u operations supported include: –remote manipulation of folders on server a la folders on local host –create/delete/rename mailboxes –check for new messages –delete messages –possible authentication might include: »TLS-based auth/encryption

16 16 Jim Binkley MIME - a terrible thing to waste u so the ever-popular MIME type is used u for attachments, which could consist of: –an executable file (destroy.exe, mybot.exe) –a word document (with a word basic virus) »same for powerpoint/excel –an interpreted file of some other kind »pdf/ps –a picture/song/movie/ASCII text

17 17 Jim Binkley what to expect of MIME? u it is true that in general attachments are NOT directly executed upon receipt (anymore) –you should have to do it yourself –know the defaults of your UA u nor should they be executed by simply looking at the email itself –know the defaults of your UA u but “execution” of attachments is in general a bad idea (word on foo.doc is a bad idea)

18 18 Jim Binkley smtp protocol aspects u envelope has TCP connection –ip src, ip dst: these are not spoofable, why? –MTA log information can be useful here for admins u email header has: –to: bob@dns (ip) –from: alice@foo.com (this is spoofable) u may have distribution-list for recipient –or mail-list –1-n expansion u distribution-list explosion may be at gateway or sender User Agent

19 19 Jim Binkley email header u added by some combination of MTA/UA u useful fields often suppressed by UAs –not all though u From: possibly added by MTA. spoofable u Received: usually added by MTA –multiple MTA additions common –added at the top (newer at the top) –at some point, not spoofable –this is what MTA uses to count for loop detection

20 20 Jim Binkley email header u Date: possibly added by MTA, but spoofable as UA can do it u To: can be suppressed u Message-Id: MTA should uniquely id sender u X-*: custom fields added for UA or for documentation sometimes u Subject: optional

21 21 Jim Binkley email may have infinite loops u A has.forward that says –B@foo.com u B has.forward that says –A@bar.com u email servers must detect this and delete messages u mailing lists can have infinite loops too

22 22 Jim Binkley the threats u click on me for a: –trojan horse: (BO and friends) »your host just became a porn-server –worm/virus like melissa/sql-slammer »melissa goes thru your “address book” and forwards itself to the address book recipients »sql-slammer immediately starts UDP thrashing of networking to forward itself –worm/virus like blaster »tcp syn attack on usoft/SCO or whomever? »what if they sue?

23 23 Jim Binkley click on this... u click on me cont: –you just became an email proxy server for Nigerian spam to be sent elsewhere –you just installed a virus that will delete some or all of your files –you just installed welchia/nachi that is going to start doing ICMP scans of local/remote nets –you just installed a word document virus that will infect word docs that you send yourself

24 24 Jim Binkley note social engineering potential available in subject line u hey cutie, for a good time “click on me” u “you just won 1 million dollars” u “if you don’t help, 5 million dollars will go to waste” u “hi from grandma” –it isn’t grandma –or it is grandma, but she sent you a virus »hmmm.... u and things we haven’t thought of yet...

25 25 Jim Binkley more threats u open email server (proxy server) –by accident –because of malicious intent »malware installed it »malware turned it on u so 3rd parties can send email thru your site and possibly have it appear to be from you u spam can cause blackholing in email land or worse (foo.com won’t talk to you anymore)

26 26 Jim Binkley pop password threat/sniffing u somebody can read your password and spoof you –due to sniffer in “wrong” network location u or simply read private email that doesn’t belong to them anyway via either SMTP or pop-like protocols –smtp/pop are plaintext protocols –data must be ASCII

27 27 Jim Binkley spam threat u amount of spam just keeps rising u spam filtering is not perfect –and can make serious mistakes due to admin goofs –or because the algorithm/s are not smart enough (a la web filtering for kids) u some spam is legitimate business –which does NOT mean that I want to get it –some is criminal fraud and some people fall for it

28 28 Jim Binkley identity threats u virus A on user box B (you are Z) –address book has Z@reallycool.edu –or web page from Z that has Z’s email address in it in web cache u Z now receives email from location X –hey Z, you tried to send email to Y@X that had a virus in it u but Z uses MH mail on a unix system...

29 29 Jim Binkley buffer exploits on email server software u sendmail has a spotty track record u buffer-exploits and other bugs have lead to u successful root exploits –loss of box... which doesn’t necessarily have anything to do with email/threat ironically

30 30 Jim Binkley solutions: u save attachments in a file –and run a virus checker on them –if you really really think you should get the file –unfortunately: you may have been the 1st person on the block to receive the new virus for which there is as of yet no signature u have a virus checker and keep it up to date u never or seldom accept attachments –which is nearly impossible

31 31 Jim Binkley local admins MAY filter for you u so local email server –runs spam filter »spamassassin in CECS –runs virus filter »just snip off those attachments in toto »or clip off the ones with known worms/viruses »signatured-based system here

32 32 Jim Binkley email gateway filter email server for foo.com smtp/tcp/25 pop or similar protocol win/ outlook pointyhair@foo.com spam and/or virus filtering here

33 33 Jim Binkley read your email on unix u.exe isn’t going to go anywhere u feed your.doc file to star office or open office u don’t do attachments in email client –GNU uudeview app can take files out of email –attachments are just *files* u some consideration has been given to notion of a “safe-house” or bomb-proof box

34 34 Jim Binkley solutions for virus/spam detection u l. can be host-based –plenty of commercial possibilities u 2. can be gateway-based u 3. open-source systems? –clamav - clamav.elektrapro.com »virus database and src on sourceforge –spamassassin - eu.spamassassin.org »or see spamassassin.org

35 35 Jim Binkley note existence of blacklist mechanisms u site chooses to not accept email from you u because you are listed on some other site or in some database as a spammer u for example, see: –www.mail-abuse.org –ordb.org (open relay database) u razor.sourceforge.net –collaborative spam-tracking database u is shooting the victim a good idea?

36 36 Jim Binkley some apps have a worse track record than others u bad app list includes: –outlook –sendmail as MTA (buffer overflows and other problems, leading to successful root exploits) –pine/imapd have had problems –not just windows... u so: use something other than outlook on windows –eudora/web browser email client u unix: use something other than sendmail as MTA –smail/qmail others I know little about

37 37 Jim Binkley what could you do to? u make sure your windows system is NOT executing a worm/virus right now? –run a virus checker –use a netstat -a like app to see what ports you have open, and then periodically check for changes (you did that before you read email?) –run nmap from some other box to get the same information –ps would be nice...

38 38 Jim Binkley what role can crypto play in any email threat counter-measures? u may be of use to protect email from MTA to UA –to prevent prying eyes looking at content –or seeing pop password u may be use between UA/UA when content is secret u doesn’t help us with viruses though –hey it really is grandma and here is a nice virus for you...

39 39 Jim Binkley encrypted/email gateway filter email server for foo.com smtp/tcp/25 pop or smtp “encapsulated” inside stunnel (SSL) MTA or UA spam and/or virus filtering here

40 40 Jim Binkley what is the trust model? u for the previous slide u using ssl... u how does this differ from the https://foo.com web transaction –where you just purchased a widget from foo.com –and sent them your visa number?

41 41 Jim Binkley viruses/trojans/hoaxes/spam u usual virus definition (F. Cohen): “a program that replicates by ‘infecting’ other programs so that they contain a (possibly-evolved) copy of the virus” u emphasis is on: replication u not: damage, mayhem, and destruction u maybe a virus does good? is this likely?

42 42 Jim Binkley how many viruses are there? u nobody knows u wildlist states there are a few hundred “in the wild” –http://www.wildlist.org u some vendors state 60000... u viruses have variations...

43 43 Jim Binkley virus piggyback possibilities include: u floppy or harddisk boot sector u media like floppy or cdrom (probably in a file) u attached to an attachment (a file) –executable, or even an image file u as a visual basic program in a word.doc –so-called macro virus (macro and doc in same file) –word and excel both have had them u multipartite viruses (come back to this) u scripting virus (come back to this)

44 44 Jim Binkley virus might also u infect memory but not store itself in a file –sql/slammer infected memory –would go away on reboot –however suspend of course wouldn’t eliminate it u might infect memory anyway from a file –so that it can periodically make trouble u windows W32/Perrun virus –infects jpeg files, and makes them executable

45 45 Jim Binkley ok, so what’s a worm then? u F. Cohen regards worms as a subset of virus u some say: a worm is a program that copies itself u a virus does NOT copy itself, merely goes for a ride u we certainly have malware that does this: –click on it to activate it –then it acts as a worm to propagate itself (welchia) –or it sends more email for the next “click on me” cycle –so worm/virus is not an unfair term

46 46 Jim Binkley virus activity along these lines: u user executes a program (or boots...) –note that one may have programs on windows installed to auto-run at boot –possibly the trojan runs at this point –UNIX system boot might start something out of /etc/initd or /etc/rc scripts –UNIX user (especially root) might have bomb in.login/.cshrc (time for a story)

47 47 Jim Binkley virus overview, continued: u virus code is SOMEHOW executed –instead of before the legitimate program u virus code may terminate and hand control off to legitimate program –or run in background u viruses often have bugs –and sometimes the virus bugs are more dangerous than the virus –commercial/open-source code has some pressure to remove the bugs. virus writers do not seek bug reports

48 48 Jim Binkley virus components u 1. infective routine –which should check to make sure that it doesn’t reinfect the target over and over u 2. a payload - possibly some annoying action that the virus takes –plays music or deletes a file or eliminates itself u 3. a trigger - some event that triggers payload delivery u trigger + payload == logic bomb

49 49 Jim Binkley virus algorithm u look for infectable objects –if any found, infect them –else exit (or wait a while and try again) –if trigger exists (next slide) deliver payload u so virus may take direct action or be memory-resident

50 50 Jim Binkley boot-sector infectors u mostly dependent on DOS floppy disks being handed back/from u their day may be past –especially if you do NOT exchange disks u non-trivial in terms of system understanding –probably written in assembler for one thing u if hard-disk infected, common for virus to infect any floppies inserted

51 51 Jim Binkley file viruses (parasitic) u worms here are probably most successful of this breed u question: just how many files are infected when virus is executed? –all.exe files? –just the ones in this directory? –only win.exe ? –or some common.dll file?

52 52 Jim Binkley more on file viruses u.com,.exe, dll, vxd, screensaver (.scr) u font files u.pif (program info file),.bat,.lnk –pif file used to store info about dos programs executed under windows u in theory, extensions mean something on windows u and mean nothing on unix

53 53 Jim Binkley virus types continued u multipartite virus: a virus that uses more than one way to get executed –boot sector and file both infected u multipolar virus: malware that contains more than one threat: –super-worm that uses Usoft dcom vulnerability, checks out sql bug, and includes BO as a side- dish

54 54 Jim Binkley macro virus u Microsoft Office apps are the target u historically gave us first multi-platform virus –here is a.doc file, and you can infect your: »1. DOS box »2. apple box u visual basic for applications u macro language cannot be easily unbound from app’s own command facility u can infect global template, modify commands, menus, etc.

55 55 Jim Binkley virus types, continued u script virus: fuzzy distinction between macro virus and script virus u e.g., some script written in VB script –can be embedded in html scripts –executed by html-aware email clients thru Windows Scripting Host facility u VBscript and Jscript seem more friendly to viruses than javascript u UNIX shellscript always possible

56 56 Jim Binkley one last type: u memetic virus: meme is unit of cultural transmission –a gene of culture... u this simply means: “a virus of the mind” u these are simply hoaxes about viruses in the strict sense –and in the loose sense, email like “chain letters” or bad jokes...

57 57 Jim Binkley good times virus (doesn’t exist) u good times virus: famous example of memetic virus u email arrives that claims that a good times virus may arrive real soon now u may delete your hard disk files, cause your CPU to catch on fire, or make your mouse leap out the window u a “hoax” could be real: “quick, delete u be aware that hoaxes do exist, but you still should probably check with local IT, or virus sites

58 58 Jim Binkley good point re virus containment: u let’s say you get a modern commercial virus checker system for windows u and it auto-updates its signatures everytime you login u a so-called “flash worm” (like the sql-slammer) can cross the Inet in 5 minutes u on the other hand a virus/worm that rides on the back of email takes time u so: what are pros/cons of auto signature update?

59 59 Jim Binkley characteristics of viruses u stealth - virus attempts to conceal its presence –if payload is HIGHLY noticeable does tend to be a giveaway, huh? –there are 2 kinds of tools for detecting viruses: –1. anomaly detectors (something changed) –2. signature-based detection (pattern X was found in file Y, or memory location Z) –stealth virus may present a new form of anomaly...

60 60 Jim Binkley characteristics, cont. u polymorphism: polymorphic viruses attempt to change their “body” when they infect u goal: defect signature analysis u examples: –change order of instructions –introduce noise bytes (nops) –or use encryption

61 61 Jim Binkley antivirus utilities u functions may include: u 1. integrity checking (checksum-based) u 2. behavior monitor (establish baseline and watch for deviation) u 3. may look for signatures in various ways –including database of signatures u 4. or for back-doors, dos and ddos malware as well u 5. may simply check for garbage files u 6. look for so-called “spyware”

62 62 Jim Binkley what can virus detector do? u tell you that you have a problem u possibly cleanup the damage –fix boot-sector –delete macro virus –delete file? or part of file u system file deletion is risky –backups are important and must be part of the process u windows registry mod is risky

63 63 Jim Binkley some anti-virus vendors u avg anti-virus: www.grisoft.com –free home version u Network Associates –www.nai.com u Norton –www.symantec.com u F-prot anti-virus –www.complex.is and/or www.f-secure.com

64 64 Jim Binkley some rules: u 1. check on hoaxes, they could be true BUT –don’t forward it... u 2. don’t trust attachments –even if they come from somebody you know –you could ask person X (over the telephone) if they sent you an attachment u 3. re virus detection software –keep it up to date –remember there could always be a new virus that they haven’t dealt with as of yet –however, in general the vendors are fast

65 65 Jim Binkley more rules u if you are an admin, think twice about turning on this “feature” –automatically inform sender X that they sent you a virus –remember *Melissa* u try not to install random software on your box u turn off auto-execution of macros –maybe they can send you.pdf,.ps,.rtf ?

66 66 Jim Binkley more rules u patch it until you bleed u back it up (see previous rule)

67 67 Jim Binkley trojans u trojan horse: a program that does something unexpected u in virus terms, the payload does the unexpected thing u this definition is very ambiguous –could apply to all buggy programs... –does it apply to all Microsoft software then? u usually we mean it does something bad... u it may do something “good” or at least innocuous as a stealth technique

68 68 Jim Binkley trojans, cont. u some suggest that a trojan is not a virus u because it cannot replicate u others disagree... u trojan might: –1. try to gain unauthorized access –2. deny service –3. modify or destroy data with authorization u social engineering often important

69 69 Jim Binkley trojans, cont. u social engineering is often important part –“but the giant horse statue on wheels was really beautiful...” u some therefore define a trojan as: –a worm (or virus) with a high degree of social engineering –“click on me cutie!” is therefore a trojan/virus/worm thingee u so just what does trojan mean?

70 70 Jim Binkley trojans, cont. u so is a rootkit kind of a giant mega-trojan? u See Dave Dittrich’s rootkit faq: u http://staff.washington.edu/dittrich/misc/faq s/lrk4.faq u note that windows and unix both have had root kits “published” in the hacker community

71 71 Jim Binkley destructive trojans u common for trojan to do its damage at once u might even simply exec del/deltree/format u pkzip “trojan” deleted files –trojan didn’t bother to act like pkzip –possible that worry over it was worse than actual impact u chernobyl virus: attempted to overwrite the system BIOS and erase hard drive

72 72 Jim Binkley privacy-invasion trojans u passwords are a common target u old unix hack: –put login up on serial console –save passwords in a file/email to somewhere –login attempt may succeed or fail

73 73 Jim Binkley back door trojans u Ken Thompson and his trojanized C compiler u just what is a back door anyway? –Morris Worm: sendmail DEBUG is example u this term is also used for remote access systems like back orifice, netbus, etc.

74 74 Jim Binkley spam u spam is basically just like a weed: u weed: a plant you don’t want u spam: email you don’t want –usually attempt to sell you something –may attempt to steal from you though »identity theft as a side effect, steal visa card info »bank account info, kidnap you for ransom –email addresses gleaned from the web, USENET news, and lists sold by spammers

75 75 Jim Binkley what can be done about spam? u blacklist spammers u prevent open-relays u auto-detect spam at the gateway and delete it –but spammers are fighting back by inserting lots of “invisible” words in html –OR AVOIDING UPPERCASE!!! u or via legislation? –“hey spammer, please put ADV in your subject line” u or suggestions for charging for email? u any ideas?

76 76 Jim Binkley encryption and email u terminology and basic ideas u pem u s/mime u pgp

77 77 Jim Binkley security services for email u privacy - 3rd party can’t see your content u authentication - Bob knows it came from Alice u integrity - Bob knows the content didn’t change u non-repudiation - recipient can prove that sender sent the mail (sender can’t deny it) u proof of submission - sender knows that mail was indeed put into the system u proof of delivery - sender knows that recipient got it.

78 78 Jim Binkley a few more from the KPS book u message flow confidentiality - third party cannot even know that you sent a message u anonymity - recipient can’t tell who the sender is u containment - network can keep security levels of messages from leaking out to certain regions u how many of these principles exist in the real world of SMTP email? –common/uncommon/maybe in military circles?

79 79 Jim Binkley key distribution basics u depends on public-key or private key u as well as –alice to bob (1/1) –alice to alice-fan-club (1/N) –funnytie-the-admin to alice (email gateway to UA) »pop can be put in an encryption wrapper »MTA to MTA can be put in an encryption wrapper

80 80 Jim Binkley ways to distribute public keys u Alice and Bob exchange public keys out of band –brief-case man or IETF floppy/pgp party u Alice gets Bob’s key from “some kinda” key infrastructure –PKI - public-key instrastructure –it might exist locally u Alice sends public-keys in her email signed by her (Bob has to have her public-key though)

81 81 Jim Binkley ways to distribute private keys u out of band –brief-case man –telephone conversation –of course it doesn’t scale u Alice and Bob get tickets from a KDC –this scales to an enterprise but so far has not scaled beyond an enterprise

82 82 Jim Binkley privacy/threats u sniffer may see your email in plaintext u email gateway admin may read your email –or have been compromised by a black-hat –or FBI may want to read it to find terrorists u end to end encryption is a reasonable goal –as end to end encryption is always better than any intermediate measure (say gateway to UA)

83 83 Jim Binkley privacy, really u even if it is public-key based: u 1. we generate a symmetric session key and use it because we want to minimize exposure of the long-term key u 2. we use symmetric encryption because it is faster than asymmetric encryption

84 84 Jim Binkley logical steps as follows: u alice generates a random number N u alice uses N as a symmetric key and encrypts the msg: (msg(cybercrud), K(s)) u K(s) is encrypted with Bob’s public key u Alice then sends (msg(cc), (encrypted K(s)) u possible algorithms include: AES, and RSA

85 85 Jim Binkley authentication of the source u spoofing can happen easily u and in point of fact IS HAPPENING A LOT these days... u alice can digitally sign the message –OR SEND A CHAIN OF CERTIFICATES u bob can verify with alice’s public key u note that message here can just be: –ASCII message (signature cybercrud) u recipient may NOT have sender’s public key (may not care)

86 86 Jim Binkley certificate chain u Alice signs her email –and includes her public key signed by goodbart the admin (cert), cert for goodbart-the-admin –which is signed by uberbart-the-admin u Bob already has uberbart-the-admin cert u therefore can verify goodbart/alice

87 87 Jim Binkley in the real-world what cons exist u for the notion of using public-key crypto u to sign messages u can all messages be signed? u what if all messages were signed? u would a system that uses a “callback” help here: –A sends B email. B sends email back to A to see if A sent the message?

88 88 Jim Binkley how to do source authentication with public-key crypto: u use message-digest algorithm to produce hash for message: (msg, hash) u Bob knows what md algorithm is used (say HMAC-SHA) u Alice signs hash not msg with her private key: (msg, hash, signature-cybercrud) u remember: email is ASCII so cybercrud must be ASCII too (even if still cybercrud)

89 89 Jim Binkley now let’s do it with private keys u alice can prove to bob that they both know the same key u call this MIC - message integrity code or u call this MAC - message authentication code u value also serves as integrity checker u various ways to compute this

90 90 Jim Binkley MIC/MAC example: u take MD of msg == hash (128 bits say) u encrypt hash with secret key u send {msg, encrypted hash}

91 91 Jim Binkley integrity problem u Juliet sends Romeo this message: u “forget me not!” u Juliet’s father intercepts it and changes it to u “forget me now!” (one letter change...) u if we authenticate the message, we should also make sure it does not change u either due to malice, or accident u secure mail schemes due both or neither

92 92 Jim Binkley non-repudiation u to repudiate means to deny you sent the message u government might want the opposite –U.S. president can deny his leaked invasion plan for France that he sent to the newspapers –call this plausible deniability u with public keys, non-repudiation is easy, hard to provide repudiation for src auth. u private keys are the opposite

93 93 Jim Binkley public-keys u non-repudiation, Alice signed it with her private key u Bob verified it, therefore it is Alice as u long as Alice has her own private key u she could claim that Evil Bart stole her computer and took it her private key... u but wait Alice, your authentication system uses all 3 auth. schemes... (you know/are/have)

94 94 Jim Binkley plausible deniability/public key u Alice picks a secret key S u encrypts S with Bob’s public key {S}bob. u signs {S}bob, with her private key. u uses S to compute a MAC for message m. –use DES to compute CBC residue of m u sends the MAC, signed S, and M to Bob u Bob can’t prove that Alice sent him M, u he can only prove she signed S

95 95 Jim Binkley non-repudiation with secret keys u there exists notary N trusted by Bob and the judge u Alice sends M to N, and N knows it came from Alice u N does a computation on M with a secret key, getting H, which N seals to the message u e.g., MD(Alice’s name, message, S(n), time) u N sends message on to Bob with seal u Bob can later get N to state to judge that message is real...

96 96 Jim Binkley anonymity u anonymous remailers have existed for quite some time u historically have been cracked down upon u why would you guess? u if you could send anonymous email, could you send it to an anonymous destination?

97 97 Jim Binkley 3 types of cryptographic email u 1. PEM - early development in IETF –digital signatures and privacy –assumed certificate hierarchy u 2. S/MIME - MIME with PEM-like crypto –assumes same certificate hierarchy as found with ssl in web-world u 3. PGP - similar crypto to PEM –several versions –“web of trust”; i.e., exchange of public keys is not PGP’s problem

98 98 Jim Binkley ASCII versus the world? u SMTP email uses ASCII by definition u line in theory uses u unfortunately we also have email clients that want to mix html with email u or creative ways to send binary data encoded in ASCII cybercrud (base64) u we can pack characters with 6 bits of data into ASCII bytes, expanding info by 1/3rd u ASCII cybercrud is needed for cryptoemail

99 99 Jim Binkley crypto email mechanisms u must use ASCII, but encode parts of it for cryptographic needs u resulting message if not encrypted should be readable by humans but may not be u message may be sent in two forms then, plaintext and in cybercrud format

100 100 Jim Binkley Privacy-Enhanced-Mail/PEM u 4 RFCs u RFC 1421 - message formats u RFC 1422 - CA hierarchy u RFC 1423 - base set of crypto algorithms u RFC 1424 - mail message formats for certificates u MIME was also on the way, RFC 2045 u S/MIME, RFC 2633, took PEM design principles and plopped them into MIME format

101 101 Jim Binkley infrastructure note u we assume pgp is at the client/server u but email gateways do not understand it u so this (as with most L4/L7 uses) is –end to end

102 102 Jim Binkley PEM designers u assumed both private keys and public keys would be used u S/MIME sticks to public keys u assumes many protocols including –RSA, DSS –DES, 3DES, AES

103 103 Jim Binkley PEM message u PEM block has: ------ BEGIN PRIVACY-ENHANCED MESSAGE ---- cybercrud -------END PRIVACY-ENHANCED MESSAGE ---- u PEM can deal with these types of info: 1. plaintext 2. integrity-protected only (MIC-CLEAR term is used) 3. intregrity-protected encoded data (MIC-ONLY) 4. encoded, encrypted, integrity-protected (ENCRYPTED)

104 104 Jim Binkley order of operations for the last for encryption, not signing u compute integrity check on message u create random encryption session key u encrypt message, and hash u then encode key, hash, encrypted message so that mailers can deal with it

105 105 Jim Binkley see text, p. 531 and 532 for examples u...

106 106 Jim Binkley PEM certificate hierarchy u defined hierarchy based on X.500 names u this is hierarchical tree u e.g., assume /world/us/oregon/multnomah u /world/us/ CA that issues certs for /world/us/oregon, etc. u eventually there must be global hierarchy u PEM designers wanted PEM to work before said hierarchy existed, therefore mail could include chain of certs

107 107 Jim Binkley a word from Ancient Rome “Sed quis custodiet ipsos custodes?” Juvenal’s satires not: “who cleans up after the custodians”... (thanks to Dave Aucsmith)

108 108 Jim Binkley problems include: u we may assume organizations are strict about issuing certificates u but what if commercial cert-authority X gives a cert. to anyone? –how trustworthy is that? u or if organization B refuses to accept certs from organization X as a matter of policy –they are at war... u what if CA private key is compromised? u what if private key for the ROOT CA was compromised?

109 109 Jim Binkley other problems u how does a university and its students differ u from a defense contractor and its employees u Intel and its employees? u should a university require mandatory drug testing? u RSA patent existed and did not expire until 2000, some did not care for RSA monopoly

110 110 Jim Binkley Certificate Revocation List u obviously certificates need to time out u how do we notify the world? u proposal: list old/bad certificates and circulate it u what problems can you see with the idea of a certificate revocation list? u any other ways certificates might be revoked?

111 111 Jim Binkley S/MIME u naturally uses MIME to deal with encoding u S/MIME info is placed inside MIME wrapper u can send cleartext signed message u can encode said message u Context-type: application/pkcs7-signature –a signature is encluded as a mime-type

112 112 Jim Binkley GAAAAA! u S/MIME uses ASN.1 to encode header info and data. u not as readable as PEM (in a twisted sort of way)

113 113 Jim Binkley S/MIME certificate hierarchy u does not assume ONE public key infrastructure u may use pubic certifier like Verisign/Thawte –different levels of assurance for customers u may get certs within an organization –list certs within organization in directory like LDAP u Alice gets Bob to mail her his certificates –perhaps Bob has cert signed by self-signed root certificate that Alice already has

114 114 Jim Binkley so what about the following scenario? u Krazyizona decrees that digital signatures are legally binding u Attorney General of Krazyizona sets up state CA for issuing certs u Alice gets such a cert and intends to use it –for signing her bills –and sending secret messages to Bob, who she is dating u what could go wrong in such a scenario?

115 115 Jim Binkley PGP u homework assignment will be issued at this point

116 116 Jim Binkley PGP u created by Phil Zimmerman as “guerilla freeware” u classic version used RSA and IDEA u author wanted it to be distributed freely –but US considered it dangerous at the time –Phil got to go to court u PGP was therefore free abroad, because RSA patent was US-only

117 117 Jim Binkley Phil’s Quote “ If privacy is outlawed, only outlaws will have privacy” P.Z.

118 118 Jim Binkley several versions u do not necessarily interoperate u PGP classic version (idea/RSA) u patent-free version used DSS, DH, 3DES –src code was published as book as books had no export restrictions u IETF redesigned and called their version “Open PGP” –Gnu Privacy Guard (GPG) is a variation on that

119 119 Jim Binkley PGP overview u pgp can send –authenticated –encrypted email u can also –encrypt files –protect file integrity

120 120 Jim Binkley key distribution u you decide which users to trust u and how trustworthy are the keys anyway –depending on how you got them u you need the other party’s public key u PGP fingerprint: crypto hash of key –you can thus use this info (say from a web site, or on a business card) to sanity check a key that you get, and avoid a MTM attack

121 121 Jim Binkley certificates u are possible u and so are certificate paths u you may have a key for Eduard –signed by Jim –signed by Bob u servers exist with PGP keys on them u PGP signing parties have occurred

122 122 Jim Binkley key ring u a key ring is a PGP data structure that contains public keys –info about people –certificates u you can decide how much you trust certain keys/people –none/partial/complete –you might not trust certs signed by Fred, but you will still verify messages from him

123 123 Jim Binkley final thoughts u consider the trust model for email: u you get email from –strangers –business partners inside/outside enterprise –friends/family u so email from grandma has a virus... –if you and grandma use PGP does that help? u where exactly could crypto/email be useful?

124 124 Jim Binkley what are the real threats with email? u how does the speed of virus/worm transmission impact things? u do you think spam is a fixable problem? u when can we send attachments securely? u what about the problem of identity spoofing –anyway to fix that? u can we detect spam and delete it before it even gets to the user? –all email from AOL/yahoo must be spam?

Download ppt "1 Jim Binkley Email Security Network Security. 2 Jim Binkley warning: u lecture title has large oxymoron potential u email attachments largest source."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.

Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
E-mail-I CS-3505 Wb_e-mail-I.ppt. Email 4 The most useful feature of the internet 4 Lots of different email programs, but most of them can talk to each.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Cryptography 101 Frank Hecker

Cryptography 101 Frank Hecker
1 Lecture 18: E-Mail Security issues specific to email security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.

1 Lecture 18: Security issues specific to security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Similar presentations

Ads by Google