1 / 23

Internet Security 1 ( IntSi1 )

Internet Security 1 ( IntSi1 ). 7 Secure Email. Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA). Communication layers. Security protocols. Application layer. ssh , S/MIME, PGP, Kerberos , WSS. Transport layer. SSL, TLS. Network layer. IPsec.

minty
Download Presentation

Internet Security 1 ( IntSi1 )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Security 1 (IntSi1) 7 Secure Email Prof. Dr. Andreas SteffenInstitute for Internet Technologies and Applications (ITA)

  2. Communication layers Security protocols Application layer ssh, S/MIME, PGP, Kerberos, WSS Transport layer SSL, TLS Network layer IPsec Data Link layer [PPTP, L2TP], IEEE 802.1X,IEEE 802.1AE, IEEE 802.11i (WPA2) Physical layer Quantum Cryptography Security Protocols for the OSI Stack

  3. Internet Security 1 (IntSi1) 7.1 S/MIME

  4. From: trinity@matrix.orgTo: neo@matrix.orgMIME–Version: 1.0Content–Type: multipart/mixed;boundary=boundary1 --boundary1 Content–Type: text/plain; charset=us-asciiDear Neo, please study the attached Word document.--boundary1 Content–Type: application/msword; name="Matrix.doc"Content–Transfer–Encoding: base64ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfH 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbTrfv=--boundary1-- MIME – Multipurpose Internet Mail ExtensionRFC 1521 / RFC 1522

  5. Content–Type: multipart/signed; protocol="application/pkcs7–signature"; micalg=sha1; boundary=boundary1 --boundary1 Content–Type: text/plainThis is a clear-signed message.--boundary1 MIME entity to be signed Content–Type: application/pkcs7–signature; name=smime.p7sContent–Transfer-Encoding: base64Content–Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfH 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbTrfv=--boundary1-- S/MIME – Signed Message Format IRFC 1847 / RFC 2311 / PKCS #7

  6. Content–Type: multipart/signed; protocol="application/pkcs7–signature"; micalg=sha1; boundary=boundary1 --boundary1 Content–Type: multipart/mixed; boundary=boundary2 ... multipart message with various MIME-types ...--boundary1 Content–Type: application/pkcs7–signature; name=smime.p7sContent–Transfer-Encoding: base64Content–Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfH 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbTrfv=--boundary1-- S/MIME – Signed Message comprisingMultiple Attachments

  7. versiondigestAlgorithmscontentInfocertificates (OPTIONAL)crls (OPTIONAL)signerInfos (SET OF) empty field (content carried inseparate MIME entity) several signers possible versionissuerAndSerialNumberdigestAlgorithmauthenticatedAttributesdigestEncryptionAlgorithmencryptedDigestunauthenticatedAttributes signature PKCS #7 – Public Key Cryptography StandardCryptographic Message Syntax Standard • ASN.1 structure for the SignedData content type • ASN.1 structure for the SignerInfo type

  8. DigestAlgorithm#1 DigestAlgorithm#2 DigestAlgorithm#n Private Key#1 Private Key#2 Private Key#n Signature#1 Signature #2 Signature#n Signed Message with Multiple Signatures MIME Entity (single-part or multi-part)

  9. Signed Email MessageMicrosoft Outlook 2007

  10. Content–Type: application/pkcs7–mime; smime–type=signed–data; name=smime.p7mContent–Transfer-Encoding: base64Content–Disposition: attachment; filename=smime.p7m ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfH 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbTrfv= S/MIME – Signed Message Format IIRFC 2311 / PKCS #7 • MIME contentcarriedwithin PKCS#7 Signed Data Object • This alternative signingformatisoptionallyusedby MS Outlook • Pro: MIME contentis not pronetochangesofthetransferencodingenforcedby intermediate mailtransferagents. • Contra: In order toreadtheemedded MIME message, thereceiver‘smailclient must support S/MIME.

  11. S/MIME – Configuration OptionsMicrosoft Outlook 2007

  12. Content–Type: application/pkcs7–mime; smime–type=enveloped–data; name=smime.p7mContent–Transfer-Encoding: base64Content–Disposition: attachment; filename=smime.p7m ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfH 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbTrfv= several recipients possible(encrypted symmetric key) versionrecipientInfosencryptedContentInfo contentTypecontentEncryptionAlgorithmencryptedContent encrypted MIME entity(single-part or multi-part) S/MIME – Encrypted Message FormatRFC 2311 / PKCS #7 • ASN.1 structure for the EnvelopedData content type

  13. RandomKey Symmetric Encryption Algorithm Encrypted MIME Entity Public Key#1 Public Key#2 Public Key#n EncryptedKey #1 EncryptedKey #2 EncryptedKey #n Encrypted Message with Multiple RecipientsEnvelope using Symmetric Encryption MIME Entity (single-part or multi-part)

  14. Encrypted Email MessageMicrosoft Outlook 2007

  15. Signed and Encrypted Email MessagesMozilla Thunderbird

  16. Content–Type: application/pkcs7–mime; smime–type=signed–data; ... signedData SignedData ::= { ... contentInfo} MIME entity to be signed MIME entity to be encrypted Content–Type: application/pkcs7–mime; smime–type=enveloped–data; ... envelopedData EnvelopedData ::= { ... encryptedContentInfo} encrypted MIME entity S/MIME – Signed and Encrypted Messages ISigning before Encryption • Signature(s) not visible before decryption (Anonymity)

  17. Content–Type: application/pkcs7–mime; smime–type=signed–data; ... signedData SignedData ::= { ... contentInfo} MIME entity to be signed Content–Type: application/pkcs7–mime; smime–type=enveloped–data; ... envelopedData EnvelopedData ::= { ... encryptedContentInfo} MIME entity to be signed encrypted MIME entity S/MIME – Signed and Encrypted Messages IIEncryption before Signing • Signature(s) can be checked before decryption (Trust)

  18. Signing before EncryptionMicrosoft Outlook 2007

  19. S/MIME – Managing CertificatesMozillaThunderbird

  20. S/MIME – Certificates (ownandotherpeople‘s)MozillaThunderbird

  21. S/MIME – CertificationAuthoritiesMozillaThunderbird

  22. S/MIME – Account SettingsMozillaThunderbird

  23. Antje Bob Antje Kool CA #3 #2 #2 #0 Kool CA Kool CA Kool CA Kool CA S/MIME Summary • Sign Antje Bodo Signwithprivate key Verifywithpublickey Verifywithpublickey • Encrypt Dear Bodo,… Dear Antje,… Antje Bodo Antje Bodo Decryptwithprivate key Encryptwithpublickey

More Related