Enhancing email security with s mime
This presentation is the property of its rightful owner.
Sponsored Links
1 / 31

Enhancing Email Security with S/MIME PowerPoint PPT Presentation


  • 91 Views
  • Uploaded on
  • Presentation posted in: General

Enhancing Email Security with S/MIME. Chuck Connell, www.chc-3.com www.DominoAdministration.com , www.DominoSecurity.org. Introduction. Worked at Lotus from 90 to 95 Managed Notes C API team, architect in (short-lived) “enterprise applications” group, business partner technical liaison

Download Presentation

Enhancing Email Security with S/MIME

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Enhancing email security with s mime

Enhancing Email Security with S/MIME

Chuck Connell, www.chc-3.com

www.DominoAdministration.com,

www.DominoSecurity.org


Introduction

Introduction

  • Worked at Lotus from 90 to 95

  • Managed Notes C API team, architect in (short-lived) “enterprise applications” group, business partner technical liaison

  • Began my own business in 1995

  • Notes/Domino consulting, writing, teaching CS at Boston University

  • Security expert at www.SearchDomino.com


Outline

Outline

  • What is S/MIME?

  • Why do we care about it?

  • Secrecy, authentication, and integrity

  • Cryptography primer, including public key techniques and certificates

  • How S/MIME works

  • Where S/MIME is used in Notes/Domino

  • How to use S/MIME


Audience

Audience

  • Experienced with Notes, Domino, general email topics

  • Used some encryption/privacy tools

  • Not a security expert or mathematician (will skip gory details)

  • My goal is to explain a fairly complex topic to a generally knowledgeable computer audience


What is s mime

What is S/MIME?

  • When email was first developed, people could only send plain text messages

  • MIME was developed in early 90s to allow people to send pictures, sound, programs and general attachments -- “Multipurpose Internet Mail Extension”

  • MIME has no security features, can be read along its route or forged (easily)

  • S/MIME is a secure version of MIME


What does s mime give us

What does S/MIME give us?

  • Secrecy – Only intended recipient can read the message. (A thick envelope and trustworthy couriers.)

  • Authentication – Recipient knows the message came from the apparent sender. (An ink signature that you recognize.)

  • Integrity – Recipient knows the message was not changed en route. (Un-erasable ink in a letter.)


Cryptography primer

Cryptography primer

  • Secret key (a.k.a symmetric cipher)

  • Public key (a.k.a. asymmetric cipher)

    • Secrecy

    • Authentication

    • Secrecy and authentication

  • Hashing (a.k.a. message digest)

  • Public key certificate (X.509)


Symmetric cipher

Symmetric cipher

  • Dates back thousands of years

  • A “key” is scrambled into the message in a way that makes the message unreadable

  • Scrambling method can be pencil and paper, mechanical, or mathematical

  • Key can be numbers, letters, text from a book

  • Only way to read the message (easily) is to unscramble it with the same key

  • Sender and receiver must exchange key somehow


Symmetric cipher1

Symmetric cipher


Public key cryptography pkc

Public key cryptography (PKC)

  • Invented in 1970s

  • There are two keys; one public for all to see, the other kept secret to one person

  • Keys are pairs of large numbers, related to prime number theory

  • Message is scrambled with one key; only unscrambled easily with the other key

  • Can be used for secrecy, authentication, or both


Public key cryptography

Public key cryptography


Pkc for secrecy only

PKC for secrecy only

  • Chuck wants to send message that only Katie can read

  • Ciphertext = PKC(plaintext, katie’s public key)

  • Plaintext = PKC(ciphertext, katie’s private key)

  • Only Katie can decrypt the message, and Chuck does not have to send her a key


Pkc for authentication only

PKC for authentication only

  • Chuck wants to send message to Katie and prove it is from him

  • Ciphertext = PKC(plaintext1, chuck’s private key)

  • Chuck sends ciphertext and plaintext1

  • Plaintext2 = PKC(ciphertext, chuck’s public key)

  • Katie compares plaintext1 (sent) with plaintext2 (decrypted)

  • If they match, only Chuck could have sent the message.


Pkc for secrecy and authentication

PKC for secrecy and authentication

  • Chuck wants to send secret message to Katie and prove it is from him

  • Cipher1 = PKC(plaintext1, chuck’s private key)

  • Cipher2 = PKC(Cipher1 and plaintext1, katie’s public key)

  • Chuck sends Cipher2

  • Cipher1 and Plaintext1 = PKC(Cipher2, katie’s private key)

  • Plaintext2 = PKC(Cipher1, chuck’s public key)

  • Katie compares plaintext1 (sent) with plaintext2 (decrypted)


Hashing

Hashing

  • A one-way operation that is hard to undo

  • Often results in a shorter message, which is called a message digest

  • Example: “Let’s have breakfast at Dunkin Donuts”  “h7tfd8Fr”


Public key certificate

Public key certificate

  • But, there is a problem with PKC… How does Katie know it is really Chuck sending her the message. Someone could pretend to be Chuck.

  • Public key certificates solve this problem (mostly)

  • A public key certificate contains

    • A person’s name

    • That person’s public key

    • Name of a trusted certifying authority (CA)

    • Digital signature of the CA, using their private key

  • Certificate can be verified with CA’s public key

  • X.509 is most common format


Questions

Questions ?


So what is s mime

So what is S/MIME?

  • S/MIME puts all these techniques together to create a practical, efficient, reasonably secure email protocol

  • Standard (symmetric) cipher – RC2 or TripleDES

  • Public key (asymmetric) cipher – RSA

  • Hashing – SHA-1 or MD5

  • (Mathematical details found in references)


S mime for secrecy only

S/MIME for secrecy only

  • Chuck’s email program creates a random key (session key) to be used in a symmetric cipher.

  • Chuck’s email program encrypts the message with the symmetric cipher and session key.

  • Chuck’s email program encrypts the session key with PKC and Katie's public key.

  • Chuck’s email program creates a package of: encrypted message, encrypted session key, his X.509 certificate, names of encryption algorithms.


S mime for secrecy continued

S/MIME for secrecy, continued

  • Chuck’s email program sends package to Katie. This is an S/MIME email message.

  • Katie’s email program receives package.

  • Katie's email program uses her private key (and named PKC method) to decrypt the session key.

  • Katie’s email program uses session key (and named symmetric cipher) to decrypt the message.


S mime for authentication only

S/MIME for authentication only

  • Chuck’s email program uses hash function to create message digest

  • Chuck’s email program encrypts message digest with PKC and his private key

  • Chuck’s email program creates a package of: original message, encrypted message digest, his X.509 certificate, names of encryption algorithms

  • Chuck’s email program sends package to Katie.

  • Katie's email program receives package


S mime for authentication continued

S/MIME for authentication, continued

  • Katie’s email program verifies Chuck’s X.509 certificate by testing signature of CA

  • Katie’s email program gets Chuck’s public key from his certificate

  • Katie's email program uses Chuck’s public key to decrypt the message digest

  • Katie's email program independently computes the message digest, using the same hash function

  • Katie's email program compares the two message digests to verify sender and message integrity


S mime for secrecy and authentication

S/MIME for secrecy and authentication

  • Message is authenticated just as shown above

  • Authenticated package is made secret, just as shown above

  • Secret package is sent to recipient

  • Receiver uses his/her private key to decrypt session key

  • Receiver uses session key to decrypt rest of secret package, yielding authenticated message

  • Receiver authenticates message, just as shown above


Questions1

Questions ?


So s mime is used for notes mail

So S/MIME is used for Notes mail?

  • No! For pure Notes email (Notes and Domino) S/MIME is not needed. Notes has its own, similar, methods.

  • S/MIME is used whenever pure Notes email is not available

    • From Notes, through Domino, to other email

    • From Notes, through standard server, to any email

    • From other email, through Domino, to any email


Using s mime

Using S/MIME

  • Get a digital identification

  • Set up Domino server for S/MIME

  • Use S/MIME with general email clients

  • Use S/MIME with Notes


Getting a digital identification

Getting a digital identification

  • A digital ID is

    • Your name

    • Public/private key pair

    • Public key certificate for this ID

  • Most popular vendors are www.Thawte.com and www.VeriSign.com

  • Thawte is free, but VeriSign is only $15/year and simpler to use


Setting up domino for s mime

Setting up Domino for S/MIME

  • Do nothing! (other than standard Internet mail set up)

  • (If anyone is aware of special settings that are required, please let me know.)


S mime with standard email clients e g outlook express

S/MIME with standard email clients (e.g. Outlook Express)

  • If you got your digital ID on this computer, it is already installed (Can see the ID with Start / Settings / Control Panel / Internet Options / Content / Certificates)

  • For secrecy, just press Encrypt

  • For authentication, just press Sign

  • When receiving a message, you will see security symbols near the attachment paperclip


Using s mime with notes

Using S/MIME with Notes

(Assuming digital ID already on Windows computer)

  • Export digital ID from Windows

  • Import digital ID to Notes ID file

  • Make sure this certificate will be used for Internet mail from Notes

  • Use digital ID as you send and receive email

    Demonstration…


For further reading

For further reading

  • Excellent online overview of cryptography: www.rsalabs.com/faq/

  • Cryptography and Network Security by William Stallings – Good general security textbook. www.amazon.com/exec/obidos/ASIN/0138690170

  • S/MIME Internet task force: www.imc.org/ietf-smime/index.html

  • Relationship between S/MIME and PGP/MIME: www.imc.org/smime-pgpmime.html


  • Login