1 / 8

Lecture 19: PEM and S/MIME

Lecture 19: PEM and S/MIME. history PEM establishing keys public key hierarchy message structure message headers encryption and integrity protection modes S/MIME. PEM & S/MIME. Privacy Enhanced Mail (PEM)

neron
Download Presentation

Lecture 19: PEM and S/MIME

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 19: PEM and S/MIME • history • PEM • establishing keys • public key hierarchy • message structure • message headers • encryption and integrity protection modes • S/MIME

  2. PEM & S/MIME • Privacy Enhanced Mail (PEM) • Developed by IETF, to add encryption, source authentication & integrity protection to e-mail • Allows both public & secret long-term keysMessage key is always symmetric • Specifies a detailed certification hierarchy • Secure/MIME (S/MIME) • PEM never took off; CA hierarchy difficult to realize • S/MIME: PEM design incorporated into MIME

  3. Establishing Keys • interchange key – long term key used for connection • secret key crypto (never used) – Alice and Bob’s shared key the key has to be exchanged out-of-band • public key crypto – Alice and Bob’s public keys, • look up each others certificates in directory (never used) • include cert chains in the message • needs public key hierarchy

  4. PEM Certificate Hierarchy • The root CA: “Internet Policy Registration Authority” (IPRA) • “Policy Certification Authorities”: Second-level, CA-certifying CAs, each with a different policy: • High Assurance (HA): very-secure • implemented on secure platforms • regulates that the child CAs (also HACAs) enforce the same rules • Discretionary Assurance (DA): secure • requires that the child CAs own their names • No Assurance (NA): no constraints • can be used to certify Internet personas (pseudonyms) • Lower-level CAs, certifying individuals or other CAs

  5. Structure of PEM Messages • whole or part of the message can be protected • protected part specified as -----BEGIN PRIVACY-ENHANCED MESSAGE----- . . . -----END PRIVACY-ENHANCED MESSAGE----- • different types of data: • ordinary, unsecured • integrity-protected, unmodified (MIC-CLEAR) • integrity-protected, encoded (MIC-ONLY) • encrypted, integrity-protected, encoded (ENCRYPTED)

  6. PEM Headers • Marker: -----BEGIN PRIVACY-ENHANCED MESSAGE----- • PEM header, inc. protection type (MIC-CLEAR etc.) • IV for DES-CBC (for ENCRYPTED only) • Chain of certificates, from sender to IPRA • MIC • Encrypted message key (for ENCRYPTED only) • Message • Marker: -----END PRIVACY-ENHANCED MESSAGE-----

  7. Encryption & Integrity Protection Modes Encryption: Typically DES in CBC mode Integrity Protection (Message Authentication): • MIC: MD2 or MD5 of the message (previously included DES CBC-MAC) • signed by sender’s private key • encrypted if the message is encrypted(against guessable plaintext attack) • message header not protected (problematic) • solution: include header info in the text

  8. S/MIME vs. PEM • Incorporated into MIME; no other encoding • Any sequence of sign & encrypt is supported (each as a recursive MIME encapsulation) • Has more options than PEM • ASN.1 header encoding • No prescribed certification hierarchy • Has a good prospect of deployment for commercial & organizational usage

More Related