Electronic Mail Security

Why Study Security? After web browsing, is the most widely used network-reliant application. Mail servers, after web servers, are the most often attacked Internet hosts. Basic offers little security, counter to public perception. Good technical solutions are available, but not widely used.

Threats to Loss of confidentiality. s are sent in clear over open networks. s stored on potentially insecure clients and mail servers. Loss of integrity. No integrity protection on s; anybody be altered in transit or on mail server ect.

Threats to Lack of notification of receipt. Has the intended recipient received my and acted on it? A message locally marked as sent may not have been delivered.

security What are the Options? Secure the server to client connections (easy thing first) https access to webmail Protection against insecure wireless access Secure the end-to-end delivery The PGPs of the world Practical in an enterprise intra-network environment

security based Attacks Active content attack Clean up at the server Buffer over-flow attack Fix the code Trojan Horse Attack Web bugs (for tracking) Mangle the image at the mail server

security Software for encrypting messages has been widely available for more than 15 years, but the -using public has failed to adopt secure messaging. This failure can be explained through a combination of: technical, community, and usability factors

Types of electronic mail security Pretty Good Privacy S/Mime Secure Standards and Products Other now defunct standards: PEM (privacy enhanced mail), X.400. S/MIME. We focus on PGP

PGP (Pretty Good Privacy) PGP use: public keys for encrypting session keys / verifying signatures. private keys for decrypting session keys / creating signatures.

PGP (Pretty Good Privacy) PGP Key Rings PGP supports multiple public/private keys pairs per sender/recipient. Keys stored locally in a PGP Key Ring – essentially a database of keys. Private keys stored in encrypted form; decryption key determined by user- entered pass-phrase.

PGP (Pretty Good Privacy) Key Management for PGP Public keys for encrypting session keys / verifying signatures. Private keys for decrypting session keys / creating signatures. Where do these keys come from and on what basis can they be trusted?

PGP (Pretty Good Privacy) PGP adopts a trust model called the web of trust. No centralised authority Individuals sign one anothers public keys, these certificates are stored along with keys in key rings. PGP computes a trust level for each public key in key ring. Users interpret trust level for themselves.

PGP (Pretty Good Privacy) Trust levels for public keys dependent on: Number of signatures on the key; Trust level assigned to each of those signatures. Trust levels recomputed from time to time.

PGP (Pretty Good Privacy) An attacker may socially engineer himself into a web of trust, or some trustable person may change. Then he could falsify public keys. This breaks most of the security. PGP binaries can be corrupted when they are obtained. The PGP binaries can be modified in the computer. The passphrase can be obtained by a Trojan. Weak passphrases can be cracked. On multiuser system, access to the secret key can be obtained.

Resources William Stallings, Cryptography and Network Security Principles and Practices, Fourth Edition Prentice Hall, GITA Encryption Technologies, Standard P800- S850 V2.0, April 5, Sieuwert van Otterloo A security analysis of Pretty Good Privacy, September 7, Amr el-kadi what is computer security2005