Internet E-mail Security

Issues and standards for securing Internet e-mail

Laurence Lundblade QUALCOMM Inc., Eudora Division

The following are slides from a presentation on e-mail security, May 1997

---

Common Services

• Message body security:
• End-to-end encryption
• Authentication of sender
• End-to-end message integrity
• Download security (SASL/SSL/TLS for POP or IMAP)
• Prevents unauthorized download of your e-mail
• Useful to retrieve e-mail across a firewall
• Message submission (SASL/SSL/TLS for SMTP)
• Helps with authentication of sender
• Can be used to prevent SPAM injection

---

Transmission of a Message

---

Message Standards Reviewed

• Classic PGP - a defacto standard
• PGP/MIME - on the Internet standards track
• S/MIME - an industry consortium standard

---

Four Components

• Trust Management - How certificates are created, distributed and used
• Certificates - Data structure used to convey identity, algorithm keys and trust
• Algorithms - Cryptography used to secure messages
• Message Formats - Format of messages and data sent and received

---

Diagram of Four Components

---

Trust Management

• An open-ended category: client or server software network protocols certificate authorities systems for distributing and validating certificates
• Kinds of trust
• public trust
• enterprise trust
• web of trust
• direct trust

---

Trust Management: The Problem

• Encrypting for the wrong person (possibly the attacker)
• Not knowing that a message is authentic

Trust Management: Public Trust

• People & organizations are issued certificates by a public certificate authority.
• Can be verified by the public easily Likely to be either for fee or by a government
• Best solution for short interactions with unknown people, e.g., electronic commerce
• Usually part of a hierarchy of trust with a trusted “root”
• Examples:
• Passports, issued by governments, trusted everywhere “
• VISA, it’s everywhere you want to be”

---

Trust Management: Enterprise

• Certificates are issued by the organization
• Policy and trust controlled by organization
• Usually part of a hierarchy with a trusted “root”
• Breaks-down outside of organization
• Can be used across organizations with cross-certification
• Examples: QUALCOMM badges Conference badges Theater ticket

---

Trust Management: Web

• Individuals and organizations certify each other
• No central authority required
• No guarantee that trust can be established
• Requires understanding by users
• Examples:
• A person introduces one of his friends to another

---

Trust Management: Direct Trust

• The two parties authenticate each other directly
• Can be accomplished by:
• One time out of band verification of certificates
• Recognizing each others voice, e.g., a telephone call
• “What color socks where you wearing last time I saw you?”
• Simple, requires no central server or authority
• Requires understanding by users
• Can scale poorly
• Solves a significant part of the problem

---

Trust Management: PGP

• Today, PGP and PGP/MIME are primarily used to implement web and direct trust
• Not restricted to web and direct trust models
• Simple to set up and operate because no central infrastructure is required

---

Trust Management: S/MIME

• The S/MIME standard does not specify any trust model
• S/MIME can be used to implement nearly any trust model
• Certificates cannot be changed or signed multiple times
• Can’t be used for web of trust

---

Trust Management: Examples

• PGP: Trust mainly friends or parties you have personally established trust with
• Entrust, Netscape: Trust your organization, enterprise or your IS department, and who they say you should trust
• VeriSign, US Postal Service: Trust us! We’ll make sure everyone is who they say they are

---

Trust Management: Issues

• Trust can be established between two parties without a third party, without extensive infrastructure, and with fairly simple client implementations
• Important to understand how trust is established, conveyed and maintained for a particular implementation
• The kind of trust is determined by the standard and an implementation

---

Certificates

• Certificates are a data structure (in a file, or protocol message) used to convey identity and trust
• They usually include: Owner’s name, and/or e-mail address Owner's public key
• A signature which guarantees the above information

---

Certificates: PGP

• The PGP equivalent of a certificate is a “PGP key”.
• Its format is used exclusively by PGP Carries only basic data needed for a certificate
• Can be signed by many people, each indicating a different degree of trust
• PGP will soon support X.509 certificates

---

Certificates: X.509 for S/MIME

• S/MIME uses X.509 format certificates
• X.509 is used widely for other than secure e-mail
• X.509 certificates can carry a large variety of data fields:
• Validity dates
• Issuer name, issuer contact information, serial number
• “Policy” or nature of the trust that is conveyed

---

Certificates: SPKI certs

• SPKI: “Simple Public Key Infrastructure”
• A recent alternative to X.509
• Each certificate contains only essential information
• Examples:
• Name and public key for identity
• Bank reference and public key for anonymous payments
• Plain public key for authorization

Certificates: Issues

• What kind of trust information is carried? (e.g., the policy)
• Certificate interoperable depends on the algorithm used to generate the public key
• Security depends on the user picking the correct certificate, not a forged one.
• This can be aided by:
• Having the e-mail address and other info in the certificate
• Good user interface and implementation of secure e-mail client
• Smart cards and certificate “wallets”

---

Algorithms

• Core cryptographic functions used to secure messages
• Three kinds of algorithms are used
• Public key algorithms, e.g., RSA, El Gamal, DSS, Elliptic curves
• Secret key algorithms, e.g., DES, IDEA, RC-2, RC-5
• Message Digest, e.g., MD-5, SHA-1

---

Algorithms: PGP & PGP/MIME

• PGP allows use of many different algorithms, but in practice only one set is commonly used:
• Public key: RSA, 512 to 2048 bit keys, moving to El Gamal/DSS
• Secret key: IDEA, 128 bit keys
• Message Digest: MD-5 now, moving to SHA-1
• PGP is strong crypto, and not exportable

---

Algorithms: S/MIME

• S/MIME also allows the use of nearly any set of algorithms.
• An implementation guide that is part of the standard makes specific recommendations to insure interoperability
• Public Key: RSA
• Secret Key: DES, Triple DES, RC-2, RC-5
• Message Digest: MD-5, SHA-1
• S/MIME has two profiles:
• Weak and exportable
• Strong and non-exportable

---

Algorithms: Issues

• Public Review - It takes a few years of public review to know a new algorithms is secure - be cautious about new ones, especially ones that aren’t published
• Interoperability - What is encrypted using one algorithm can’t be decrypted by another. Thus, for true global interoperability we must standardize on a very small set of algorithms. The algorithm choice affect certificates as well as messages

---

Message Formats: General

• Some message formats are oriented around text and files, others secure the full MIME message
• Every standard (PGP, S/MIME, MOSS, MSP...) uses a different format, and they don’t interoperate
• Format concern in two places:
• The “inside” format of the message before it is secured
• The “outside” format of the secured message as it is sent

---

Message Formats:

• MIME “Multipurpose Internet Mail Extension”
• It provides:
• Type tagging mechanism (e.g. image, HTML, encrypted)
• Transfer encoding for binary data
• Structures e-mail message into parts and sub-parts
• Is very stable and an Internet standard
• Is widely deployed in e-mail clients today

---

Message Formats: MIME Uses

• Adding attachments including their type and file name
• Including inline images International character sets
• Integrating voice mail with Internet e-mail
• Bundling components of an HTML page in e-mail
• Representing secured messages

---

Message Formats: Picture

---

Message Formats: Clear-signing

• Message are not encrypted
• Signed to guarantee identity of sender and integrity of message
• Solves the Internet mail forgery problem
• Recipients without secure e-mail software should be able to read the message as if it were a normal message

---

Message Formats: PGP

• Secures plain text messages or files which then may be attached
• Does not secure multimedia, HTML, inline audio and images
• Is easy to integrate with e-mail software
• Uses a text format that works very well for clear signing.

---

Message Formats: PGP/MIME

• Secures full MIME structure of message including
• Attachments
• Order of attachments
• HTML, including MIME/HTML
• Voice, images, multimedia
• Apple-double format for MIME transmission of Macintosh files
• Uses RFC-1847 format for clear-signing full MIME structure of message

---

Message Formats: S/MIME

• Secures full MIME structure just as PGP/MIME
• Uses two formats for clear-signing:
• The RFC-1847 format is useful when all recipients must be able to read the message regardless of whether or not they can verify it
• The “SignedData” format is useful when it is more critical that the message be verifiable in all circumstances, than that it can be read in all circumstances

---

Message Formats: Issues

• Plain text-oriented formats are easy to integrate with the mail program
• MIME formats are harder to integrate Consider which clear-signing formats an implementation supports
• Consider how a particular implementation integrates with the mail program. You should be able to reply, forward, file, search and open attachments for a secured message in your mail program as if it were any other message