Email Security Can an email be a secure communication method for delivering credit card authorization, credit card document, health records, financial statement, legal digital signature and virtual goods? Why yes and why not.
Outline • Background • Pretty good privacy • S/MIME • Recommended web sites
Background Threats to the security of e-mail itself • Loss of confidentiality • E-mails are sent in clear over open networks • E-mails stored on potentially insecure clients and mail servers • Loss of integrity • No integrity protection on e-mails; body can be altered in transit or on mail server • Lack of data origin authentication • Lack of non-repudiation • Lack of notification of receipt
Background Threats Enabled by E-mail • Disclosure of sensitive information • Exposure of systems to malicious code • Denial-of-Service (DoS) • Unauthorized accesses etc.
Background 900M 150,000 800M 125,000 700M 600M 100,000 500M 75,000 400M 300M 50,000 200M 25,000 100M 1996 1997 1998 1999 2000 2001 2002 2003 World-Wide Attack Trends Blended Threats (CodeRed, Nimda, Slammer) Denial of Service (Yahoo!, eBay) Infection Attempts Network Intrusion Attempts Malicious Code Infection Attempts* Mass Mailer Viruses (Love Letter/Melissa) Zombies Network Intrusion Attempts** Polymorphic Viruses (Tequila) 0 0 *Analysis by Symantec Security Response using data from Symantec, IDC & ICSA; 2003 estimated **Source: CERT
Background Spam Continues to Grow and Evolve
Background Exploits now appearing just5 days after the vulnerability is publicly disclosed! At its peak, 1 out of every 12 emails was infected with MyDoom! The Facts……… Code Red doubled its infection rate every37 minutes. Slammer doubled every 8.5 seconds, and infected 90% of unprotected servers in 10 minutes!
Background • In today’s electronic world, email is critical to any business being competitive. • In most cases it now forms the backbone of most organisations’ day-to-day activities, and its use will continue to grow. • According to the The Radicati Group’s study, “Microsoft Exchange and Outlook Analysis, 2005-2009,” the worldwide email market will grow from 1.2 billion mailboxes in 2005 to 1.8 billion mailboxes in 2009. • As email becomes more prevalent in the market, the importance of email security becomes more significant.
Background • Organizations are responsible for providing email security..
Question 1 • Is the digitally signed email is a secure email? • How about encrypted email?
Answer to Question 1 • Is the digitally signed email is a secure email? • How about encrypted email? No, Even though it authenticates the sender, but it not provide message integrity and message confidentiality. Encrypted email, when just message confidentiality is provided, is also not secure.
Background: Problems • Did you know that when you send your email messages, they do not go directly to recipient mailboxes? • Did you know that your Internet Service Provider (ISP) stores copies of all your email messages on its mail servers before it tries to deliver them? • Do you know that someday all the information kept on the servers can be easily used against you? • Email Security is a system-tray local SMTP server program for Windows that lets you send email messages directly from your PC to recipient mailboxes ensuring your email security and privacy by means of bypassing your ISP's mail servers where your relevant information can be stored and viewed. • Did you also know that when you send an email message to a list of email addresses, the respondents can see each other in the email message header? • You think it is secure?
Background What are the Options ? • Secure the server to client connections (easy thing first) • POP, IMAP over ssh, SSL • https access to webmail • Very easy to configure • Protection against insecure wireless access • Secure the end-to-end email delivery • The PGPs of the world • Still need to get the other party to be PGP aware • Practical in an enterprise intra-network environment
Background • In particular, the security implications associated with the management of email storage, policy enforcement, auditing, archiving and data recovery. • Managing large, active stores of information takes time and effort in order to avoid failures – failures that will impact the users and therefore the business, undoubtedly leading to lost productivity. • By considering the service email provides to the business, email management can be broken down into a number of components: mail flow, storage, and user access – both at the server and user levels. • Whilst each one of these components should be addressed separately, they must be viewed as part of a total security agenda.
Mail Flow • Mail flow can encompass many aspects of an email system. However, the security of mail flow is for the large part focused around the auditing and tracking of mails into and out of the organization. • Monitoring the content and ensuring that any email that has been sent and received complies with business policy is fundamental. • Proving who has sent or received email is a lawful requirement for many industries and email can often be used as evidence in fraud and human resource court cases. • Another key aspect of the management of mail flow security is the protection of the business from malicious or unlawful attacks. • It is at the gateway into the mail system where a business must protect itself via a variety of methods including hardware and software protection systems, such as spam filters and virus scanners.
Email Storage • Storing of the actual email data includes physical storage, logical storage, archiving systems as well as backup and recovery solutions. • The biggest security threat to any email storage system is the potential for mail data to be lost. • Most organizations see this threat as existing in the datacenter and spend many millions of pounds on securing it. • In fact, the threat is most likely to come from lost or stolen hardware, such as laptops containing offline email files. • When you consider that the number of employees working remotely is growing, including those who only work away from the office periodically, email security on laptops becomes more significant. • Providing a managed method of archiving and controlling this data is therefore essential.
Email Client Access • The email client is another threat to the security of a business’s mail system. • It is here that often the greatest threat to the businesses is found. • With the increased viability of email access via the internet, another level of process and control needs to be addressed. • Although secure when implemented properly the potential for people to illegally access this information is much higher. • Consequently, organizations must focus their attentions to not only addressing the immediate security threats of the standard mail client from viruses and the like, they also need to invest in strategies for the control of access to mail data via the internet.
Email Security • While sending, Email Security always breaks email messages addressed to a group of people to individual messages to ensure your security and security of your respondents. Also, Email Security does not leave any traces on your PC because it just gets your email messages from your email client and puts them in the recipient mailboxes at the same time without making any temporary files on your PC. Email Security supports all email programs like Outlook Express, Outlook, Eudora, etc. The email program you already use for sending and receiving messages can be connected to Email Security in a very easy way - just by using the word local host instead of your current SMTP host. Having done so, you can send messages in a usual manner. Install Email Security on your PC before it is too late!
Pretty Good Privacy • Philip R. Zimmerman is the creator of PGP. • PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications.
Why Is PGP Popular? • It is availiable free on a variety of platforms. • Based on well known algorithms. • Wide range of applicability • Not developed or controlled by governmental or standards organizations
Why Is PGP Popular? • It is available free worldwide in versions that run on a variety of platforms, including Windows, UNIX, Macintosh, and manymore. In addition, the commercial version satisfies users who want a product that comes with vendor support. • It is based on algorithms that have survived extensive public review and are considered extremely secure. Specifically, the package includes RSA, DSS, and Diffie-Hellman for public-key encryption; CAST-128, IDEA, and 3DES for symmetric encryption; and SHA-1 for hash coding. • It has a wide range of applicability, from corporations that wish to select and enforce a standardized scheme for encrypting files and messages to individuals who wish to communicate securely with others worldwide over the Internet and other networks. • It was not developed by, nor is it controlled by, any governmental or standards organization. For those with an instinctive distrust of "the establishment," this makes PGP attractive. • PGP is now on an Internet standards track (RFC 3156). Nevertheless, PGP still has an aura of an antiestablishment endeavor.
Notation • Ks =session key used in symmetric encryption scheme • PRa =private key of user A, used in public-key encryption scheme • PUa =public key of user A, used in public-key encryption scheme • EP = public-key encryption • DP = public-key decryption • EC = symmetric encryption • DC = symmetric decryption • H = hash function • || = concatenation • Z = compression using ZIP algorithm • R64 = conversion to radix 64 ASCII format
Operational Description • Consist of five services: • Authentication • Confidentiality • Compression • E-mail compatibility • Segmentation
Authentication • Consist of five services: • Authentication • Confidentiality • Compression • E-mail compatibility • Segmentation
PGP Cryptographic Functions - Authentication • The sender creates a message. • SHA-1 is used to generate a 160-bit hash code of the message. • The hash code is encrypted with RSA using the sender's private key, and the result is prepended to the message. • The receiver uses RSA with the sender's public key to decrypt and recover the hash code. • The receiver generates a new hash code for the message and compares it with the decrypted hash code. If the two match, the message is accepted as authentic.
PGP Cryptographic Functions - Confidentiality • The sender generates a message and a random 128-bit number to be used as a session key for this message only. • The message is encrypted, using CAST-128 (or IDEA or 3DES) with the session key. • The session key is encrypted with RSA, using the recipient's public key, and is prepended to the message. • The receiver uses RSA with its private key to decrypt and recover the session key. • The session key is used to decrypt the message.
PGP Cryptographic Functions – Confidentiality & Authentication • First, a signature is generated for the plaintext message and prepended to the message. • Then the plaintext message plus signature is encrypted using CAST-128 (or IDEA or 3DES), and the session key is encrypted using RSA (or ElGamal). • Furthermore, for purposes of third-party verification, if the signature is performed first, a third party need not be concerned with the symmetric key when verifying the signature. • In summary, when both services are used, the sender first signs the message with its own private key, then encrypts the message with a session key, and then encrypts the session key with the recipient's public key.
Compression • PGP compresses the message after applying the signature but before encryption • The placement of the compression algorithm is critical (ZIP- Appendix 15A) • The signature is generated before compression for two reasons: • It is preferable to sign an uncompressed message so that one can store only the uncompressed message together with the signature for future verification. If one signed a compressed document, then it would be necessary either to store a compressed version of the message for later verification or to recompress the message when verification is required. • Even if one were willing to generate dynamically a recompressed message for verification, PGP's compression algorithm presents a difficulty. The algorithm is not deterministic; various implementations of the algorithm achieve different tradeoffs in running speed versus compression ratio and, as a result, produce different compressed forms. However, these different compression algorithms are interoperable because any version of the algorithm can correctly decompress the output of any other version. Applying the hash function and signature after compression would constrain all PGP implementations to the same version of the compression algorithm.
E-mail Compatibility • The scheme used is radix-64 conversion (see appendix 15B). • The use of radix-64 expands the message by 33%. Radix-64 Coding
E-mail Compatibility • The scheme used is radix-64 conversion (see appendix 5B). • The use of radix-64 expands the message by 33%.
Radix-64 Conversion • For example, consider the 24-bit raw text sequence 00100011 01011100 10010001, • which can be expressed in hexadecimal as 235C91. • We arrange this input in blocks of 6 bits: • 001000 110101 110010 010001 • The extracted 6-bit decimal values are 8, 53, 50, 17. • Looking these up in Table radix-64 encoding as the following • characters: I1yR. • If these characters are stored in 8-bit ASCII format with parity bit set to zero, we have • 01001001 00110001 01111001 01010010 • In hexadecimal, this is 49317952.
Radix-64 Conversion • To summarize, • Input Data • Binary representation 00100011 01011100 10010001 • Hexadecimal representation 235C91 • Radix-64 Encoding of Input Data • Character representation I1yR • ASCII code (8 bit, zero parity) 01001001 00110001 01111001 01010010 • Hexadecimal representation 49317952
Segmentation and Reassembly • E-mail facilities often are restricted to a maximum message length. For example, many of the facilities accessible through the Internet impose a maximum length of 50,000 octets. • Any message longer than that must be broken up into smaller segments, each of which is mailed separately. • To accommodate this restriction, PGP automatically subdivides a message that is too large into segments that are small enough to send via e-mail. • The segmentation is done after all of the other processing, including the radix-64 conversion. • Thus, the session key component and signature component appear only once, at the beginning of the first segment. At the receiving end, PGP must strip off all e-mail headers and reassemble the entire original block before performing the steps illustrated in Figure 15.2b.
Revision • When a mailbox is popped using standard POP3 protocol, the username and password are sent in the clear over the internet. What kind of threats could be in this scenario? How to prevent them?
Answer • When a mailbox is popped using standard POP3 protocol, the username and password are sent in the clear over the internet. What kind of threats could be in this scenario? How to prevent them? • This means, that anyone with the ability to "listen in" on your mail client's login session with your mail server can easily retrieve your username and password as well as read your email. • In addition, once they have your password, they could read your email without your knowledge or permission or they could even send SPAM email from your account • The best way to ensure no one can get your password (at least not without going to a huge amount of trouble) is to POP your email using a Secure Socket Layer (SSL) connection. This means that all data exchanged between your mail client and the server is encrypted with a digital security certificate making it [pretty close to] impossible for anyone with malicious intentions to steal your email and/or password.
Cryptography Keys & Rings • PGP makes use of four types of keys: one-time session symmetric keys, public keys, private keys, and passphrase-based symmetric keys (explained subsequently). Three separate requirements can be identified with respect to these keys: • A means of generating unpredictable session keys is needed. • We would like to allow a user to have multiple public-key/private-key pairs. • One reason is that the user may wish to change his or her key pair from time to time. When this happens, any messages in the pipeline will be constructed with an obsolete key. Furthermore, recipients will know only the old public key until an update reaches them. • In addition to the need to change keys over time, a user may wish to have multiple key pairs at a given time to interact with different groups of correspondents or simply to enhance security by limiting the amount of material encrypted with any one key. The upshot of all this is that there is not a one-to-one correspondence between users and their public keys. Thus, some means is needed for identifying particular keys. • Each PGP entity must maintain a file of its own public/private key pairs as well as a file of public keys of correspondents.
Key Rings • Timestamp: The date/time when this key pair was generated. • Key ID: The least significant 64 bits of the public key for this entry. • Public key: The public-key portion of the pair. • Private key: The private-key portion of the pair; this field is encrypted. • User ID: Typically, this will be the user's e-mail address (e.g., firstname.lastname@example.org). However, the user may choose to associate a different name with each pair (e.g., Stallings, WStallings, WilliamStallings, etc.) or to reuse the same User ID more than once.
Key Rings are used in Message Generation/Transmission • We are now in a position to show how these key rings are used in message transmission and reception. For simplicity, we ignore compression and radix-64 conversion in the following discussion. • First consider message transmission (refer next slides) and assume that the message is to be both signed and encrypted. The sending PGP entity performs the following steps: • Signing the message • PGP retrieves the sender's private key from the private-key ring using your_userid as an index. If your_userid was not provided in the command, the first private key on the ring is retrieved. • PGP prompts the user for the passphrase to recover the unencrypted private key. • The signature component of the message is constructed. • Encrypting the message • PGP generates a session key and encrypts the message. • PGP retrieves the recipient's public key from the public-key ring using her_userid as an index. • The session key component of the message is constructed.
PGP Reception • Decrypting the message • PGP retrieves the receiver's private key from the private-key ring, using the Key ID field in the session key component of the message as an index. • PGP prompts the user for the passphrase to recover the unencrypted private key. • PGP then recovers the session key and decrypts the message. • Authenticating the message • PGP retrieves the sender's public key from the public-key ring, using the Key ID field in the signature key component of the message as an index. • PGP recovers the transmitted message digest. • PGP computes the message digest for the received message and compares it to the transmitted message digest to authenticate.