Security SMIME IT352 | Network Security |Najwa AlGhamdi 1

Protocol Overview 1.Simple Mail Transfer Protocol (SMTP) – It is an Internet standard for transmission across Internet Protocol (IP) networks. – Through this protocol,a mail sender communicates with a mail receiver by issuing command strings and supplying necessary data over a TCP connection. IT352 | Network Security |Najwa AlGhamdi 2

Protocol Overview IT352 | Network Security |Najwa AlGhamdi 3 A typical example of sending a message via SMTP to two mailboxes (alice and theboss) located in the same mail domain (example.com or localhost.com) is reproduced in the following session exchange

Protocol Overview SMTP Drawbacks 1.SMTP cannot transmit text data that includes national language characters because these are represented by 8-bit codes with values of 128 decimal or higher, and SMTP is limited to 7-bit ASCII. 2.SMTP servers may reject mail message over a certain size. 3.SMTP gateways that translate between ASCII to EBCDIC suffer translation problems. IT352 | Network Security |Najwa AlGhamdi 4

Protocol Overview 2. Multipurpose Internet Mail Extensions (MIME) – is an Internet standard that extends the format of to support: 1.Text in character sets other than ASCII 2.Non-text attachments 3.Message bodies with multiple parts MIME's use has grown beyond describing the content of to describe content type in general including for the web. SMTP/MIME l is transmitted via SMTP in MIME format. IT352 | Network Security |Najwa AlGhamdi 5

Protocol Overview MIME specification includes the following elements: 1.Five new message header fields. These fields provide information about the body of the message. 1.MIME veriosn 2.Content-Type : describe the data contain in the body. 3.Content transfer encoding: indicate the type of transformation that has been used to represent the body of the message in a way that is acceptable for mail transport. 4.Content ID. 5.Content description. 2.A number of content formats are defined, thus standardizing representations that supports multimedia . 3.Transfer encodings are defined that enable that protect any content format to be altered by the mail system. IT352 | Network Security |Najwa AlGhamdi 6

Protocol Overview MIME specification includes the following elements: 2. A number of content formats are defined, thus standardizing representations that supports multimedia . IT352 | Network Security |Najwa AlGhamdi 7

Example of multipart message From: Nathaniel Borenstein To: Ned Freed Subject: Sample message MIME-Version: 1.0 Content-type: multipart/mixed; boundary=“ simple boundary“ This is the preamble. It is to be ignored, though it is a handy place for mail composers to include an explanatory note to non-MIME conformant readers. --simple boundary This is implicitly typed plain ASCII text. It does NOT end with a linebreak. --simple boundary Content-type: text/plain; charset=us-ascii This is explicitly typed plain ASCII text. It DOES end with a linebreak. --simple boundary-- This is the epilogue. It is also to be ignored. IT352 | Network Security |Najwa AlGhamdi 8

Protocol Overview MIME specification includes the following elements: 3.Transfer encodings are defined that enable that protect any content format to be altered by the mail system. IT352 | Network Security |Najwa AlGhamdi 9

S/MIME (Secure/Multipurpose Internet Mail Extensions) security enhancement to MIME have S/MIME support in many mail agents – MS Outlook, Mozilla, Mac Mail etc

S/MIME Functions S/MIME is very similar to PGP. Both offer the ability to sign and/or encrypt messages. S/MIME Security Functions : 1.Enveloped data: This consists of encrypted content of any type and encrypted content encryption keys for one or more users. This functions provides privacy and data security. 2. Signed data: A digital signature is formed by signing the message digest and then encrypting that with the signer private key. The content and the signature are then encoded using base64 encoding. This function provides authenticity, message integrity and non-repudiation of origin.

S/MIME Functions S/MIME Security Functions : 3. Clear signed data: In this case a digital signature of the content is formed, However only the signature is encoded with base Signed and enveloped data: (2) & (1) may be nested : 1.Encrypted data could be signed. 2.Or signed data could be encrypted.

S/MIME Cryptographic Algorithms digital signatures: DSS & RSA hash functions: SHA-1 & MD5 session key encryption: ElGamal & RSA message encryption: AES, Triple- DES, RC2/40 and others MAC: HMAC with SHA-1

S/MIME Messages  A MIME entity may be an entire message or one or more of the subparts of the message.  S/MIME secures a MIME entity with a signature, encryption, or both to form a MIME wrapped ( public-key cryptography specifications ) PKCS object  A PKCS Object is then treated as message content.  have a range of content-types: enveloped data signed data clear-signed data registration request certificate only message

S/MIME - Message Enveloped Data:Pseudorandom session key (3DES or RC2/40) ׁ (3DES or RC2/40) ׁׁ Certific ate RecipientInfo M enveloped- data + Encrypt the session key Diffie-Hellman / RSA Recipient ’ s public key

S/MIME Message SignedData: M Hash function SHA-1 or MD5 Encryption Sender ’ s private key Certific ate SignerI nfo Base64 encoding

S/MIME - Message Clear signing:  Clear signing is achieved using the multipart content type with a signed sub-type. Two parts:  Clear text (or any MIME type) encoded in base64.  SignedData.

S/MIME - Message Content-Type: multipart/signed; protocol= “ application/pkcs7-signature ” ; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 --boundary42-- This parameter indicates that this is a two part clear- signed entity. This parameter indicates the type of message digest used. SignerInfo Header Unsigne d Data

S/MIME - Message Registration request: A user will apply for certification authorities + Subject’s name Public-key in bit-string representation … CertificationRequestInfo User ’ s private key Public- key ID ? PKCS 10 CACACACA

S/MIME - Message Certificate-only message:  Used to transport certificates.  contains only certificates or a certificate revocation list (CRL).  Sent in response to a registration request.

S/MIME - Message Creating a Certificates-only Message: Step 1: The certificates are made available to the CMS generating process which creates a CMS object of type signedData. Step 2: The CMS signedData object is enclosed in an application/pkcs7-mime MIME entity.  The smime-type parameter for a certs-only message is "certs-only".  The file extension for this type of message is ".p7c".

S/MIME Certificate Processing S/MIME uses X.509 v3 certificates The key-management scheme used by S/MIME is in some ways managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust each client has a list of trusted CA’s certs and own public/private key pairs & certs certificates must be signed by trusted CA’s