Electronic Mail Security
• E-mail – what it is and how it works.
• E-mail security threats.
• Secure e-mail standards and products - PGP and S/MIME.
E-mail – what it is and how it works
• What is an e-mail?
An e-mail is a message made up of a string of ASCII characters in a format specified by RFC 822
• Two parts, separated by blank line:
The header: sender, recipient, date, subject, delivery path,…
The body: containing the actual message content.
Example
From:zaki.masud@utem.edu.my
To: mothman@utem.edu.my
Cc: shahrinsahib@utem.edu.my
Subject: RFC 822 example
Date: Fri, 25 Aug 2008 13:58:49
This is just a test message to illustrate RFC 822. It’s not very long and it’s not very exciting. But you get the point.
Security provided in E-mail
• Confidentiality
• Data origin authentication
• Message integrity
• Non-repudiation of origin
• Key management
MIME = Multipurpose Internet Mail Extensions
Extends the capabilities of RFC 822 to allow e-mail to carry non-textual content, non-ASCII character sets, long messages.
Uses extra header fields in RFC 822 e-mails to specify form and content of extensions.
Supports a variety of content types, but e-mail still ASCII-coded for compatibility.
Specified in RFCs 2045-2049.
Example of MIME message
From: j.bloggs@rhul.ac.uk
To: Kenny.Paterson@rhul.ac.uk
Subject: That document
Date: Wed, 13 Nov 2002 19:55:47 -0000
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="---next part"
------next part
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Kenny, here’s that document I said I’d send. Regards, Joe
------next part
Content-Type: application/x-zip-compressed; name=“report.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename= “report.zip"
rfvbnj756tbGHUSISyuhssia9982372SHHS3717277vsgGJ77JS77HFyt6GS8
------next part—
How E-mails Transported?
MUA: Mail User Agent (Mail Client)
MTA: Mail Transport Agent (Mail Server)
E-mail Security Threats
• Two main group:
Threats to the security of e-mail itself
Threats to an organisation that are enabled by the use of e-mail.
• Loss of confidentiality.
E-mails are sent in clear over open networks.
E-mails stored on potentially insecure clients and mail servers.
Ensuring confidentiality may be important for e-mails sent within an organisation.
• Loss of integrity.
No integrity protection on e-mails; body can be altered in transit or on mail server.
• Lack of data origin authentication.
Is this e-mail really from the person named in the From: field?
How many Kenny.Paterson’s are there?
Recall SMTP directly over telnet allows forgery of all e-mail fields!
E-mail could also be altered in transit.
Even if the From: field looks fine, who was logged in as Kenny.Paterson when the e-mail was composed?
Sharing of e-mail passwords common.
• Lack of non-repudiation.
Can I rely and act on the content? (integrity)
If so, can the sender later deny having sent it? Who is liable if I have acted?
Example of stock-trading via e-mail.
• Lack of notification of receipt.
Has the intended recipient received my e-mail and acted on it?
A message locally marked as ‘sent’ may not have been delivered.
Threats Enabled by E-mail
Disclosure of sensitive information
It’s easier to distribute information by e-mail than it is by paper and snail mail.
Disclosure may be deliberate (and malicious) or unintentional.
Disclosure may be internal or external (e-mail crosses LANs as well as the Internet).
Disclosure may be of personal, inappropriate, commercially sensitive or proprietary information.
Can lead to loss of reputation and ultimately dismissal of staff.
S/MIME
• Originated from RSA Data Security Inc. in 1995.
• Further development by IETF S/MIME working group at:
www.ietf.org/html.charters/smime-charter.html.
• Version 3 specified in RFCs 2630-2634.
• Allows flexible client-client security through encryption and signatures.
• Widely supported, e.g. in Microsoft Outlook, Netscape Messenger, Lotus Notes.
PGP
• PGP=“Pretty Good Privacy”
• First released in 1991, developed by Phil Zimmerman, provoked export control and patent infringement controversy.
• Freeware: OpenPGP and variants:
www.openpgp.org, www.gnupg.org
• Commercial: formerly Network Associates International, now PGP Corporation at www.pgp.com
• OpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group.
www.ietf.org/html.charters/openpgp-charter.html
• Available as plug-in for popular e-mail clients, can also be used as stand-alone software.
• Functionality similar to S/MIME:
encryption for confidentiality.
signature for non-repudiation/authenticity.
• One level of processing only, so less flexible than S/MIME.
• Sign before encrypt, so signatures on unencrypted data.
Sigs can be detached and stored separately.
• PGP-processed data is base64 encoded and carried inside RFC822 message body.
Web Security
• Web security includes:
Security of server
Security of client
Network traffic security between a browser and a server
• SSL/TLS
• SSH
• SET
SSL/TLS
SSL/TLS widely used in Web browsers and servers to support ‘secure e-commerce’ over HTTP.
Built into Microsoft IE, Netscape, Mozilla, Apache, IIS
The (in)famous browser lock.
SSL architecture provides two layers:
SSL Record Protocol
Provides secure, reliable channel to upper layer.
Upper layer carrying:
SSL Handshake Protocol, Change Cipher Spec. Protocol, Alert Protocol, HTTP, any other application protocols.
SSL/TLS Applications
• Secure e-commerce using SSL/TLS.
• Client authentication not needed until client decides to buy something.
• SSL provides secure channel for sending credit card information, personal details, etc.
• Client authenticated using credit card information, merchant bears (most of) risk.
• Very successful (amazon.com, on-line supermarkets, airlines,…)
• Secure e-commerce: some issues.
No guarantees about what happens to client data (including credit card details) after session: may be stored on insecure server.
Does client understand meaning of certificate expiry and other security warnings?
Does client software actually check complete certificate chain?
Does the name in certificate match the URL of e-commerce site? Does the user check this?
Is the site the one the client thinks it is?
Is the client software proposing appropriate ciphersuites?
SSH – Secure Shell
Initially designed to replace insecure rsh, telnet utilities.
Secure remote administration (mostly of Unix systems).
Extended to support secure file transfer and e-mail.
Latterly, provide a general secure channel for network applications.
SSH-1 flawed, SSH-2 better security (and different architecture).
• SSH provides security at Application layer.
Only covers traffic explicitly protected.
Applications need modification, but port-forwarding eases some of this (see later).
Built on top of TCP, reliable transport layer protocol.
SSH Applications
• Anonymous ftp for software updates, patches...
No client authentication needed, but clients want to be sure of origin and integrity of software.
• Secure ftp.
E.g.upload of webpages to webserver using sftp.
Server now needs to authenticate clients.
Username and password may be sufficient, transmitted over secure SSH transport layer protocol.
• Secure remote administration.
SysAdmin (client) sets up terminal on remote machine.
SysAdmin password protected by SSH transport layer protocol.
SysAdmin commands protected by SSH connection protocol.
• Guerilla Virtual Private Network.
E.g. use SSH + port forwarding to secure e-mail communications.
SET
• SET = an open encryption and security specification designed to protect credit card transactions on the internet
• Use SSL to secure the communication links
• Main requirements
Confidentiality of payment and ordering information
Integrity of all transmitted data
Authentication of cardholder
Authentication of merchant
SET Security Issues
• Two pairs of PKs per entity
One pair for signing
One pair for exchanging keys
• Assumes full PKI is available
Including revocation
• Merchant does not see payment instrument used
How the Web Works – HTTP
• Hypertext transfer protocol (http).
• Clients request “documents” (or scripts) through URL.
• Server response with “documents”.
• Documents are not interpreted by http.
• Stateless protocol, request are independent.
Web Vulnerabilities
• http://www.w3.org/Security/Faq
• Revealing private information on server
• Intercept of client information
• Execute unauthorized programs
• Denial of service
How to Secure the Web
• Authentication:
Basic (username, password)
Can be used along with cookie
Digest
• Access control via addresses
• Multi-layered:
S-http (secure http), just for http
Proposed by CommerceNet, pretty much dead
SSL (TLS), generic for TCP
https: http over SSL
IPSec
HTTP Authentication – Basic
• Client doesn’t know which method
• Client attempts access (GET, PUT, …) normally
• Server returns
“401 unauthorized”
Realm: protection space
• Client tries again with (user:password)
Passwords in the clear
Repeated for each access
From Basic Authentication to Forms and Cookies
• Not all sites use basic authentication
• Many instead ask the user to type username/password into a HTML form
• Server looks up the user and sends back a cookie
• The browser (client) resends the cookie on subsequent requests
HTTP Access Control - Digest
• Server sends www-authenticate parameters:
Realm
Domain
Nonce, new for each 401 response
E.G. H(client-IP:timestamp:server-secret)
Algorithm
E.G., MD5
• Client sends authorization response:
Same nonce
H(A1), where a1=user:realm:password, and other information
Steal H(A1)
Only good for realm
HTTPS
• HTTPS = Secure Hypertext Transfer Protocol
• HTTPS is a communications protocol designed to transfer encrypted information between computers over the World Wide Web (WWW)
• Essentially an implementation of HTTP
• Commonly used Internet protocol using an SSL
• Used to enable online purchasing or the exchange of private information and resources over insecure networks
Why HTTPS combines with SSL and How?
• HTTPS combines with SSL to enable secure communication between a client and a server
• Steps:
Client requests a secure transaction and informs the encryption algorithms and key sizes that it support (by assessing a URL with HTTPS)
Server sends the requested server certificate (encrypted server’s public key, list of supported ciphers and key sizes in order of priority)
Client then generates a new secret symmetric session key based on the priority list sent by the server. Client compares the certificate issued by CA and confirmed that certificate is belongs to the server intended for communication
If valid and certificate confirmed, client encrypts a copy of the new session key it generated with the server public key obtained from the certificate. Then, client sends the new encrypted key to server
Server decrypts the new session key with its own private key.
Upon completed, both client and server have the same secret session key and use to secure communication and data transport.
Secure File Transfer Protocol (S/FTP)
• S/FTP is an interactive file transfer program
• Similar to ftp
• Performs all operations over an encrypted ssh transport
• Use many features of ssh such as public key authentication and compression
• S/FTP connects and logs into the specified host, then enters an interactive command mode
END OF LECTURE 6
Review Question ( Lab 6 )
1. Discuss the potential perpetrators that can threaten Network security and it goal for attacking network services.
In general network security can been said as a prevention from nosy people from getting data they are not authorized or worse yet, modify messages intended for other recipients. It is concerned with people trying to access remote services that are not authorized to use. Most problems are intentionally caused by malicious people trying to gain some benefit or bring harm to someone else.
2. Network security problems can be divided roughly into FOUR (4) intertwined areas, List and explain in details each area.
· Secrecy, also called confidentiality, has to do with keeping information out of the hands of unauthorized users. It protects against disclosure of information to entities not authorized to have that information. Entities might be people or organization.
· Authentication deals with determining whom you are talking to before revealing sensitive information or entering into a business deal.
· Non-Repudiation deals with signatures. It protects user against the threat that the value or existence of the data might be changed in a way inconsistent with the recognized security policy.
· Integrity control how can you be sure that a message you received was really the one sent and not something that a malicious adversary modified in transit.
3. What is the significance difference between the wireshark output in Task 1 and Task 2; explain in detail the function of IPSec in Task 2?
During Task 1, wireshark successful captured both username and password in File Transfer Protocol (FTP). Username = ‘administrator’ and Password = ‘abc123’. But all these things not happen in Task 2, this is because both username and password are already encrypted even the data are captured. This is because in the Task 2, we using IPSec to secure FTP Transaction. IPSec is one of the solutions to safeguard the transmission of data over FTP from being seen by an unauthorized user. It will protect the information from being manipulated.
4. What is the benefit of using IPSec?
IPSec is typically used to attain confidentiality, integrity, and authentication in the transport of data across insecure channels. Though it's original purpose was to secure traffic across public networks, it's implementations are often used to increase the security of private networks as well, since organizations cannot always be sure if weaknesses in their own private networks are susceptible to exploitation. If implemented properly, IPSec provides a private channel for sending and exchanging vulnerable data whether the data is email, ftp traffic, news feeds, partner and supply chain data, medical records, or any other type of TCP/IP based data.
5. Explain what are AH and ESP in IPSec protocol suite?
· Authentication Header (AH): ties data in each packet to a verifiable signature (similar to PGP email signatures) that allows you to verify both the identity of the person sending the data and that the data has not been altered.
· Encapsulation Payload (ESP): scrambles the data (and even certain sensitive IP addresses) in each packet using hard core encryption. So a sniffer somewhere on the network doesn’t get anything usable.
6. Explain in detail how to enable IPSec option in a Linux environment.
There are different methods in order to enable IPSec in Linux platform. One of the simplest methods to is installing and enables a program named ipsec-tools. IPSec-tools is a package that based on Kame Project’s OpenBSD tools. The newest stable versions 0.72 that can be download at
http://sourceforge.net/projects/ipsec-tools/files/ipsec-tools/0.7.2/.
Methods of Installation:
1) Firstly download ipsec-tools-0.7.2.tar.gz or other version of ipsec-tools from http://sourceforge.net/projects/ipsec-tools/files/ . After download, saves the file on any folder in hard drive and open the terminal and targeted the folder where the ipsec-tools is saved.
2) Make sure that the current user have privilage as root. Switch user to root with “#su root” and includes the password in order to access root account.
3) Extract the file by using command “# tar zxf ipsec-tools-x.y.z.tar.gz” with the x.y.z as the version of the ipsec tools. Example: “# tar zxf ipsec-tools-0.7.2.tar.gz”
4) Next, target the terminal to ipsec-tools-x.y.z (x.y.z = version of ipsec-tools) by using “# cd (location of ipsec-tools folder)”
5) Proceed to install ipsec-tools by using command:
# ./configure --prefix=/usr --sysconfdir=/etc # make # make install |
|
6) Wait until installation of ipsec-tools complete
7) For Ubuntu user, user can automatically download and install ipsec-tools by using “sudo apt-get install ipsec-tools” command
Writing the configuration file:
1) Before running ipsec-tools, configuration file must be writing first. The configuration should be name as /etc/ipsec.conf
2) Below is the example of ipsec.conf:
# Configuration for 192.168.1.100 # Flush the SAD and SPD flush; spdflush; # Attention: Use this keys only for testing purposes! # Generate your own keys! # AH SAs using 128 bit long keys add 192.168.1.100 192.168.2.100 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6; add 192.168.2.100 192.168.1.100 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b; # Security policies spdadd 192.168.1.100 192.168.2.100 any -P out ipsec esp/transport//require ah/transport//require; spdadd 192.168.2.100 192.168.1.100 any -P in ipsec esp/transport//require ah/transport//require; |
|
3) For the example configuration above, the configuration are made for host that using 192.168.1.100 address that interconnect with host that use 192.168.2.100 address. The configuration implements MD5 type encryption that uses 0xc0291ff014dccdd03874d9e8e4cdf3e6 key for connection from 192.168.1.100 to 192.168.2.100 and using 0x96358c90783bbfa3d7b196ceabe0536b key from incoming connection from 192.168.2.100 to 192.168.1.100. Make notes that, the key above are for experiment purposed, make sure that user generated other key for actual use. Next, user need to add security policy that allows outgoing and incoming connection by using #spdadd command.
4) After finish writing configuration, make sure that user change access control of the configuration file in order to been unreadable by other person by using #chmod command. For save use, “chmod 750 ipsec-tools.conf” which allowing full control for owner and only read and execute access for group use while the other should not be able to see the configuration file.
Enabling the IPSec-tools program
1) After finishing writing the configuration, user can enable the IPSec-tools which following the configuration file by using “# setkey -f /etc/ipsec.conf” commands.
2) User also can enable permanently the ipsec-tools by adding “/usr/sbin/setkey -f /etc/ipsec.conf” on /etc/rc.d/rc.local file
7. Are there any other methods to secure FTP connection other than using IPSec? (List at least 3 methods)
i. SQL Server Integration Services)
ii. SFTP (secure FTP with SSH2 protocol)
iii. FTPS (FTP over SSL) site