SlideShare a Scribd company logo

S/MIME

Download as DOCX, PDF
M
maria azam

notes on S/MIME

Technology
1 of 9
1 S/MIME(Secure/multipurpose internetmail extention) S/MIME (Secure Multi-PurposeInternetMail Extensions) isasecure methodof sendinge-mailthatuses the Rivest-Shamir-Adlemanencryptionsystem. S/MIME, or Secure/Multipurpose InternetMail Extensions,isatechnologythatallowsyoutoencrypt your emails.S/MIMEisbasedon asymmetriccryptographytoprotectyouremailsfromunwanted access.It alsoallowsyouto digitallysignyouremailstoverifyyouasthe legitimatesenderof the message,makingitaneffectiveweaponagainstmanyphishingattacksoutthere. Email Format: These RFCs define the way emailsthemselvesare structured.  RFC 5322 — InternetMessage Format(basicformatof an email message),previouslyRFC822 and RFC 2822.  RFC 2045 — Multipurpose InternetMail Extensions(MIME) PartOne:Formatof Internet Message Bodies(extensiontothe email messageformattosupportattachmentsandnon-ASCII data).  RFC 2046 — Multipurpose InternetMail Extensions(MIME) PartTwo:Media Types.  RFC 2047 — MIME (Multipurpose InternetMail Extensions) PartThree:Message Header ExtensionsforNon-ASCIIText.  RFC 2231 — MIME ParameterValue andEncodedWordExtensions:CharacterSets,Languages, and Continuations Limitationsof SMTP/RFC5322:  SMTP cannot transmitbinaryfiles  SMTP cannot transmittextthatincludesnational languagecharacters  SMTP may rejectmailsovera certainsize  SMTP mighthave translationproblemincharactercodes  Some implementationsdonotfollow completelytothe SMTP standard MIME Header: The following headers are defined in MIME:  MIME-Version
2  Content-Type  Content-Transfer-Encoding  Content-ID  Content-Description  Content-Disposition MIME-Version is a required header indicating that this message is to use the rules of MIME. "MIME-Version: 1.0" is the only currently defined MIME-Version header allowed. Content-Type headers are used to specify the media type and subtype of data in the body of a message and to fully specify the native representation of such data. Content-Transfer-Encoding header used to show which method used to encode the message. Content-ID headers are world-unique values that identify body parts, individually or as group. Content-Description headers are optional and are often used to add descriptive text to non- textual body parts MIME Content Types: text textual information. The primary subtype, "plain", indicates plain (unformatted) text. No special software is required to get the full meaning of the text, aside from support for the indicated character set. Subtypes are to be used for enriched text in forms where application software may enhance the appearance of the text, but such software must not be required in order to get the general idea of the content. Possible subtypes thus include any readable word processor format. A very simple and portable subtype, richtext, is defined in this document. multipart data consisting of multiple parts of independent data types. Four initial subtypes are defined, including the primary "mixed" subtype, "alternative" for representing the same data in multiple formats, "parallel" for parts intended to be viewed simultaneously, and "digest" for multipart entities in which each part is of type "message". message an encapsulated message. A body of Content-Type "message" is itself a fully formatted RFC 822 conformant message which may contain its own different Content-Type header field. The primary subtype is "rfc822". The "partial" subtype is defined for partial messages, to permit the fragmented transmission of bodies that are thought to be too large to be passed through mail transport facilities. Another subtype, "External-body", is defined for specifying large bodies by reference to an external data source. image
3 image data. Image requires a display device (such as a graphical display, a printer, or a FAX machine) to view the information. Initial subtypes are defined for two widely-used image formats, jpeg and gif. audio audio data, with initial subtype "basic". Audio requires an audio output device (such as a speaker or a telephone) to "display" the contents. video video data. Video requires the capability to display moving images, typically including specialized hardware and software. The initial subtype is "mpeg". application some other kind of data, typically either uninterpreted binary data or information to be processed by a mail-based application MIIME Transfer Encodings: Content-Transfer-Encoding:7bit: The 7bit is the most fundamental message encoding. Actually, 7bit is not encoded; 7bit encoded files are files that use only 7-bit characters and have lines no longer than 1000 characters. 7bit encoded files need no encoding or decoding. This is the default. Content-Transfer-Encoding:8bit: 8bit encoding has the same line-length limitations as the 7bit encoding. It allows 8bit characters. No encoding or decoding is required for 8bit files. Since not all MTAs can handle 8bit data, the 8bit encoding is not a valid encoding mechanism for Internet mail. Content-Transfer-Encoding:base64: Base64 encoding is the scheme used to transmit binary data. Base64 processes data as 24-bit groups, mapping this data to four encoded characters. It is sometimes referred to as 3-to-4 encoding Content-Transfer-Encoding:binary: Binary encoding is simply unencoded binary data. It has no line- length limitations. Binary encoded messages are not valid Internet messages. Content-Transfer-Encoding:quoted-printable: Quoted-printable encoding is used where data is mostly US-ASCII text. It allows for 8-bit characters to be represented as their hexadecimal values. Content-Transfer-Encoding:X-token: Private or proprietary encoding schemes can be included in messages by having specialized UAs or applications available to both the sender and the receiver, each recognizing an agreed upon x-token and providing their own encoding mechanism. The x-token can be any character string preceded by "x-" or "X-". S/MIME Functionality
4 In terms of general functionality, S/MIME is very similar to PGP. Both offer the ability to sign and/or encrypt messages. 1. Functions S/MIME provides the following functions: · Enveloped data: This consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients. · Signed data: A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer. The content plus signature are then encoded using base64 encoding. A signed data message can only be viewed by a recipient with S/MIME capability. · Clear-signed data: As with signed data, a digital signature of the content is formed. However, in this case, only the digital signature is encoded using base64. As a result, recipients without S/MIME capability can view the message content, although they cannot verify the signature. · Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted. 2. Cryptographic Algorithms · hash functions: SHA-1 & MD5 · digital signatures: DSS & RSA · session key encryption: ElGamal & RSA · message encryption: Triple-DES, RC2/40 and others · have a procedure to decide which algorithms to use. S/MIME uses the following terminology, taken from RFC 2119 to specify the requirement level: · Must: The definition is an absolute requirement of the specification. An implementation must include this feature or function to be in conformance with the specification.
5 · Should: There may exist valid reasons in particular circumstances to ignore this feature or function, but it is recommended that an implementation include the feature or function. The S/MIME specification includes a discussion of the procedure for deciding which content encryption algorithm to use, based on the capabilities of all parties. To support this decision process, a sending agent may announce its decrypting capabilities in order of preference any message that it sends out. A receiving agent may store that information for future use. If a message is to be sent to multiple recipients and a common encryption algorithm cannot be selected for all, then the sending agent will need to send two messages. However, in that case, it is important to note that the security of the message is made vulnerable by the transmission of one copy with lower security. S/MIME Messages S/MIME makes use of a number of new MIME content types. All of the new application types use the designation PKCS. This refers to a set of public-key cryptography specifications issued by RSA Laboratories and made available for the S/MIME effort.
6 S/MIME Certificate Processing S/MIME uses public-key certificates that conform to version 3 of X.509 (see Chapter 4). The key- management scheme used by S/MIME is in some ways a hybrid between a strict X.509 certification hierarchy and PGP’s web of trust. S/MIME managers and/or users must configure each client with a list of trusted keys and with certificate revocation lists, needed to verify incoming signatures and to encrypt outgoing messages. But certificates are signed by trusted certification authorities. S/MIME Enhanced Security Services The three enhanced security services have been proposed in an Internet draft, and may change or be extended. The three services are: • Signed receipts: may be requested in a SignedData object to provide proof of delivery to the originator of a message and allows the originator to demonstrate to a third party that the recipient received the message. • Security labels: may be included in the authenticated attributes of a SignedData object, and is a set of security information regarding the sensitivity of the content that is protected by S/MIME encapsulation. They may be used for access control, indicating which users are permitted access to an object • Secure mailing lists: When a user sends a message to multiple recipients, a certain amount of per- recipient processing is required, including the use of each recipient's public key. The user can be relieved
7 of this work by employing the services of an S/MIME Mail List Agent (MLA). An MLA can take a single incoming message, perform recipient-specific encryption for each recipient, and forward the message. The originator of a message need only send the message to the MLA, with encryption performed using the MLA's public key. DKIM: DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed send and authorized by the owner of that domain. This is done by giving the email a digital signature. This DKIM signature is a header that is added to the message and is secured with encryption Once receiver (or receiving system) determines that an email is signed with a valid DKIM signature, it’s certain that parts of the email among which the message body and attachments haven’t been modified. Usually, DKIM signatures are not visible to end-users, the validation is done on a server level. Internet Mail Architecture: At its most fundamental level, the Internet mail architecture consists of a user world in the form of Message User Agents (MUA), and the transfer world, in the form of the Message Handling Service (MHS), which is composed of Message Transfer Agents (MTA). A MUA is usually housed in the user's computer, and referred to as a client email program, or on a local network email server. The MHS accepts a message from one User and delivers it to one or more other users, creating a virtual MUA-to-MUA exchange environment. The MSA accepts the message submitted by an MUA and enforces the policies of the hosting domain and the requirements of Internet standards. Email threats: Motivating DomainKeys Identified Mail) describes the problem space being addressed by DKIM in terms of the characteristics, capabilities, and location of potential attackers. Ip security: Ip security is a framework for a set of protocols for security at the network or packet processing layer of network communication. Ip security has a range of application specific security mechanisms .
8 Example: S/MIME, PGP, SSL It provides: 1. Authentication 2. Confidentiality 3. Key management Benefits:  can be transparent to end users  can provide security for individual users  secures routing architecture  in a firewall/router provides strong security to all traffic crossing the perimeter ip security services:  Access control  Connectionless integrity  Data origin authentication  Rejection of replayed packets
9  Confidentiality (encryption)  Limited traffic flow confidentiality

Recommended

Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Web Security
Web SecurityWeb Security
Web Security
Dr.Florence Dayana
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
Krishna Gehlot
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
Mijanur Rahman Milon
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
omarShiekh1
 

Recommended

Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Web Security
Web SecurityWeb Security
Web Security
Dr.Florence Dayana
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
Krishna Gehlot
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
Mijanur Rahman Milon
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
omarShiekh1
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
Pawan Arya
 
Message authentication
Message authenticationMessage authentication
Message authentication
CAS
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
Rajapriya82
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
Rohit Soni
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
SHUBHA CHATURVEDI
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
university of education,Lahore
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemes
ravik09783
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
Prince Rachit
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4
koolkampus
 
Cryptography
CryptographyCryptography
Cryptography
jayashri kolekar
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
Rutvik Mehta
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
Chirag Patel
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
Dr.Florence Dayana
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
Gopal Sakarkar
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Shashank Shetty
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
S_MIME[1].ppt
S_MIME[1].pptS_MIME[1].ppt
S_MIME[1].ppt
ssuserec53e73
 
Lec 8.pptx.pdf
Lec 8.pptx.pdfLec 8.pptx.pdf
Lec 8.pptx.pdf
ssuserbab2f4
 

More Related Content

What's hot

Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4
koolkampus
 

What's hot (20)

Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Message authentication
Message authenticationMessage authentication
Message authentication
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemes
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4
 
Cryptography
CryptographyCryptography
Cryptography
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
Key management
Key managementKey management
Key management
 
Hash Function
Hash FunctionHash Function
Hash Function
 

Similar to S/MIME

E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
koolkampus
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5
limsh
 
computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.ppt
jayaprasanna10
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptx
sandyBS
 

Similar to S/MIME (20)

S_MIME[1].ppt
S_MIME[1].pptS_MIME[1].ppt
S_MIME[1].ppt
 
Lec 8.pptx.pdf
Lec 8.pptx.pdfLec 8.pptx.pdf
Lec 8.pptx.pdf
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit v
 
M.FLORENCE DAYANA/electronic mail security.pdf
M.FLORENCE DAYANA/electronic mail security.pdfM.FLORENCE DAYANA/electronic mail security.pdf
M.FLORENCE DAYANA/electronic mail security.pdf
 
E-mail Security.ppt
E-mail Security.pptE-mail Security.ppt
E-mail Security.ppt
 
Network Security CS2
Network Security CS2Network Security CS2
Network Security CS2
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
Ch15
Ch15Ch15
Ch15
 
Pgp
PgpPgp
Pgp
 
Pgp
PgpPgp
Pgp
 
computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.ppt
 
network security
network securitynetwork security
network security
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber security
 
Email security
Email securityEmail security
Email security
 
Email sec11
Email sec11Email sec11
Email sec11
 
ch22.ppt
ch22.pptch22.ppt
ch22.ppt
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptx
 
Parallel and distributed computing .pptx
Parallel and distributed computing .pptxParallel and distributed computing .pptx
Parallel and distributed computing .pptx
 

Recently uploaded

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

S/MIME

  • 1. 1 S/MIME(Secure/multipurpose internetmail extention) S/MIME (Secure Multi-PurposeInternetMail Extensions) isasecure methodof sendinge-mailthatuses the Rivest-Shamir-Adlemanencryptionsystem. S/MIME, or Secure/Multipurpose InternetMail Extensions,isatechnologythatallowsyoutoencrypt your emails.S/MIMEisbasedon asymmetriccryptographytoprotectyouremailsfromunwanted access.It alsoallowsyouto digitallysignyouremailstoverifyyouasthe legitimatesenderof the message,makingitaneffectiveweaponagainstmanyphishingattacksoutthere. Email Format: These RFCs define the way emailsthemselvesare structured.  RFC 5322 — InternetMessage Format(basicformatof an email message),previouslyRFC822 and RFC 2822.  RFC 2045 — Multipurpose InternetMail Extensions(MIME) PartOne:Formatof Internet Message Bodies(extensiontothe email messageformattosupportattachmentsandnon-ASCII data).  RFC 2046 — Multipurpose InternetMail Extensions(MIME) PartTwo:Media Types.  RFC 2047 — MIME (Multipurpose InternetMail Extensions) PartThree:Message Header ExtensionsforNon-ASCIIText.  RFC 2231 — MIME ParameterValue andEncodedWordExtensions:CharacterSets,Languages, and Continuations Limitationsof SMTP/RFC5322:  SMTP cannot transmitbinaryfiles  SMTP cannot transmittextthatincludesnational languagecharacters  SMTP may rejectmailsovera certainsize  SMTP mighthave translationproblemincharactercodes  Some implementationsdonotfollow completelytothe SMTP standard MIME Header: The following headers are defined in MIME:  MIME-Version
  • 2. 2  Content-Type  Content-Transfer-Encoding  Content-ID  Content-Description  Content-Disposition MIME-Version is a required header indicating that this message is to use the rules of MIME. "MIME-Version: 1.0" is the only currently defined MIME-Version header allowed. Content-Type headers are used to specify the media type and subtype of data in the body of a message and to fully specify the native representation of such data. Content-Transfer-Encoding header used to show which method used to encode the message. Content-ID headers are world-unique values that identify body parts, individually or as group. Content-Description headers are optional and are often used to add descriptive text to non- textual body parts MIME Content Types: text textual information. The primary subtype, "plain", indicates plain (unformatted) text. No special software is required to get the full meaning of the text, aside from support for the indicated character set. Subtypes are to be used for enriched text in forms where application software may enhance the appearance of the text, but such software must not be required in order to get the general idea of the content. Possible subtypes thus include any readable word processor format. A very simple and portable subtype, richtext, is defined in this document. multipart data consisting of multiple parts of independent data types. Four initial subtypes are defined, including the primary "mixed" subtype, "alternative" for representing the same data in multiple formats, "parallel" for parts intended to be viewed simultaneously, and "digest" for multipart entities in which each part is of type "message". message an encapsulated message. A body of Content-Type "message" is itself a fully formatted RFC 822 conformant message which may contain its own different Content-Type header field. The primary subtype is "rfc822". The "partial" subtype is defined for partial messages, to permit the fragmented transmission of bodies that are thought to be too large to be passed through mail transport facilities. Another subtype, "External-body", is defined for specifying large bodies by reference to an external data source. image
  • 3. 3 image data. Image requires a display device (such as a graphical display, a printer, or a FAX machine) to view the information. Initial subtypes are defined for two widely-used image formats, jpeg and gif. audio audio data, with initial subtype "basic". Audio requires an audio output device (such as a speaker or a telephone) to "display" the contents. video video data. Video requires the capability to display moving images, typically including specialized hardware and software. The initial subtype is "mpeg". application some other kind of data, typically either uninterpreted binary data or information to be processed by a mail-based application MIIME Transfer Encodings: Content-Transfer-Encoding:7bit: The 7bit is the most fundamental message encoding. Actually, 7bit is not encoded; 7bit encoded files are files that use only 7-bit characters and have lines no longer than 1000 characters. 7bit encoded files need no encoding or decoding. This is the default. Content-Transfer-Encoding:8bit: 8bit encoding has the same line-length limitations as the 7bit encoding. It allows 8bit characters. No encoding or decoding is required for 8bit files. Since not all MTAs can handle 8bit data, the 8bit encoding is not a valid encoding mechanism for Internet mail. Content-Transfer-Encoding:base64: Base64 encoding is the scheme used to transmit binary data. Base64 processes data as 24-bit groups, mapping this data to four encoded characters. It is sometimes referred to as 3-to-4 encoding Content-Transfer-Encoding:binary: Binary encoding is simply unencoded binary data. It has no line- length limitations. Binary encoded messages are not valid Internet messages. Content-Transfer-Encoding:quoted-printable: Quoted-printable encoding is used where data is mostly US-ASCII text. It allows for 8-bit characters to be represented as their hexadecimal values. Content-Transfer-Encoding:X-token: Private or proprietary encoding schemes can be included in messages by having specialized UAs or applications available to both the sender and the receiver, each recognizing an agreed upon x-token and providing their own encoding mechanism. The x-token can be any character string preceded by "x-" or "X-". S/MIME Functionality
  • 4. 4 In terms of general functionality, S/MIME is very similar to PGP. Both offer the ability to sign and/or encrypt messages. 1. Functions S/MIME provides the following functions: · Enveloped data: This consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients. · Signed data: A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer. The content plus signature are then encoded using base64 encoding. A signed data message can only be viewed by a recipient with S/MIME capability. · Clear-signed data: As with signed data, a digital signature of the content is formed. However, in this case, only the digital signature is encoded using base64. As a result, recipients without S/MIME capability can view the message content, although they cannot verify the signature. · Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that encrypted data may be signed and signed data or clear-signed data may be encrypted. 2. Cryptographic Algorithms · hash functions: SHA-1 & MD5 · digital signatures: DSS & RSA · session key encryption: ElGamal & RSA · message encryption: Triple-DES, RC2/40 and others · have a procedure to decide which algorithms to use. S/MIME uses the following terminology, taken from RFC 2119 to specify the requirement level: · Must: The definition is an absolute requirement of the specification. An implementation must include this feature or function to be in conformance with the specification.
  • 5. 5 · Should: There may exist valid reasons in particular circumstances to ignore this feature or function, but it is recommended that an implementation include the feature or function. The S/MIME specification includes a discussion of the procedure for deciding which content encryption algorithm to use, based on the capabilities of all parties. To support this decision process, a sending agent may announce its decrypting capabilities in order of preference any message that it sends out. A receiving agent may store that information for future use. If a message is to be sent to multiple recipients and a common encryption algorithm cannot be selected for all, then the sending agent will need to send two messages. However, in that case, it is important to note that the security of the message is made vulnerable by the transmission of one copy with lower security. S/MIME Messages S/MIME makes use of a number of new MIME content types. All of the new application types use the designation PKCS. This refers to a set of public-key cryptography specifications issued by RSA Laboratories and made available for the S/MIME effort.
  • 6. 6 S/MIME Certificate Processing S/MIME uses public-key certificates that conform to version 3 of X.509 (see Chapter 4). The key- management scheme used by S/MIME is in some ways a hybrid between a strict X.509 certification hierarchy and PGP’s web of trust. S/MIME managers and/or users must configure each client with a list of trusted keys and with certificate revocation lists, needed to verify incoming signatures and to encrypt outgoing messages. But certificates are signed by trusted certification authorities. S/MIME Enhanced Security Services The three enhanced security services have been proposed in an Internet draft, and may change or be extended. The three services are: • Signed receipts: may be requested in a SignedData object to provide proof of delivery to the originator of a message and allows the originator to demonstrate to a third party that the recipient received the message. • Security labels: may be included in the authenticated attributes of a SignedData object, and is a set of security information regarding the sensitivity of the content that is protected by S/MIME encapsulation. They may be used for access control, indicating which users are permitted access to an object • Secure mailing lists: When a user sends a message to multiple recipients, a certain amount of per- recipient processing is required, including the use of each recipient's public key. The user can be relieved
  • 7. 7 of this work by employing the services of an S/MIME Mail List Agent (MLA). An MLA can take a single incoming message, perform recipient-specific encryption for each recipient, and forward the message. The originator of a message need only send the message to the MLA, with encryption performed using the MLA's public key. DKIM: DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed send and authorized by the owner of that domain. This is done by giving the email a digital signature. This DKIM signature is a header that is added to the message and is secured with encryption Once receiver (or receiving system) determines that an email is signed with a valid DKIM signature, it’s certain that parts of the email among which the message body and attachments haven’t been modified. Usually, DKIM signatures are not visible to end-users, the validation is done on a server level. Internet Mail Architecture: At its most fundamental level, the Internet mail architecture consists of a user world in the form of Message User Agents (MUA), and the transfer world, in the form of the Message Handling Service (MHS), which is composed of Message Transfer Agents (MTA). A MUA is usually housed in the user's computer, and referred to as a client email program, or on a local network email server. The MHS accepts a message from one User and delivers it to one or more other users, creating a virtual MUA-to-MUA exchange environment. The MSA accepts the message submitted by an MUA and enforces the policies of the hosting domain and the requirements of Internet standards. Email threats: Motivating DomainKeys Identified Mail) describes the problem space being addressed by DKIM in terms of the characteristics, capabilities, and location of potential attackers. Ip security: Ip security is a framework for a set of protocols for security at the network or packet processing layer of network communication. Ip security has a range of application specific security mechanisms .
  • 8. 8 Example: S/MIME, PGP, SSL It provides: 1. Authentication 2. Confidentiality 3. Key management Benefits:  can be transparent to end users  can provide security for individual users  secures routing architecture  in a firewall/router provides strong security to all traffic crossing the perimeter ip security services:  Access control  Connectionless integrity  Data origin authentication  Rejection of replayed packets
  • 9. 9  Confidentiality (encryption)  Limited traffic flow confidentiality