Internet Security - th-nuernberg.de · Internet Security Enhanced Security Services for S/MIME...

Internet SecurityEnhanced Security Services for S/MIME

Thomas Göttlicher

April 20, 2004

Agenda

• Basics

• Technical

• Signed receipts

• Security labels

• Secure mailing lists

• Signed certificates

1Basics

Basics

• S/MIME = Secure MIME

• protect MIME e-mail

Basics

Excel sheet

Word document

MIME e-mail

Basics

Excel sheet

Word document

signed S/MIME e-mail

S/MIME digital signature

Basics

S/MIME encrypted envelope

Excel sheet

Word document

encrypted S/MIME e-mail

2Technical

• Internet Layer

• Compatibility

• Triple Wrapping

Internet Layer

application layer

transport layer

network layer

link layer

physical layer

S/MIME

Compatibility

• S/MIME v3 can read messages from S/MIME v2

• BUT: S/MIME v3 messages are unreadable by S/MIME v2

Triple Wrapping

• Message has been signed, encrypted and signed again

• Inside signature: content integrity

• Encrypted body: confidentiality

• Outside signature: integrity for information produced hop-by-hop

Triple Wrapping (continued)Content-type: multipart/signed; protocol="application/pkcs7-signature"; boundary=outerboundary

--outerboundaryContent-type: application/pkcs7-mime; smime-type=enveloped-data Content-type: multipart/signed; protocol="application/pkcs7-signature"; boundary=innerboundary --innerboundary Content-type: text/plain Original content --innerboundary Content-type: application/pkcs7-signature inner SignedData block (eContent is missing) --innerboundary--

--outerboundaryContent-type: application/pkcs7-signature

outer SignedData block (eContent is missing)

--outerboundary--

Triple Wrapping (continued)Content-type: multipart/signed; protocol="application/pkcs7-signature"; boundary=outerboundary

--outerboundaryContent-type: application/pkcs7-mime; smime-type=enveloped-data Content-type: multipart/signed; protocol="application/pkcs7-signature"; boundary=innerboundary --innerboundary Content-type: text/plain Original content --innerboundary Content-type: application/pkcs7-signature inner SignedData block (eContent is missing) --innerboundary--

--outerboundaryContent-type: application/pkcs7-signature

outer SignedData block (eContent is missing)

--outerboundary-- outer signature computed over

inner signature computed over

encrypted data

3 Signed Receipts

Signed Receipts

• Proof of delivery of a message

• Before processing a receipt-request: the receiving agent must verify the signature => no receipt if signature is invalid

• Receiving user agent software should automatically create a signed receipt when requested

Signed Receipts (Example)

Signed Receipts (continued)

• Receipts can be requested from

– all recipients

– a specific list of recipients

– all recipients

– first tier (= recipients that did not receive the message as members of a mailing list)

Mail List

– all recipients

• Sender can indicate that receipts be sent to many places

– receipt not just to the sender

– all recipients

– not even to the sender

– all recipients

– first tier (= recipients that did not receive the message as members ofa mailing list)

– not even to the sender

• Multiple Receipt Requests: Each recipient should only return one receipt

• No singed receipt for a signed receipt

4 Security Labels

Security Labels

• Set of security information regarding the sensitivity of the content that is protected by S/MIME encapsulation

• Access control: receiving agent examines the security labels and determines whether or not the recipient is allowed to see the contents

• Security Labels must be signed attributes

• Signature must be verified and valid, before processing a security label

• Classification: unmarked, unclassified, restricted, confidential, secret, top-secret; other values can be defined by any organization

Security Labels (Example)

Equivalent Security Labels

• Organizations are allowed to define their own security policies, many different security policies will exist=> Equivalences between different security policies of different organizations

• Receiving agents have the option to process EquivalentLabels attributes

• Receiving agent processes equivalent labels only if it trusts the signer

• If the receiving agent understands the security label, it must ignore all equivalent labels

A B"unmarked" ⇒ "anyone"

5 Secure Mailing Lists

• Mail List Management

• Mail Loops

• Receipts

Mail List Management

• Sending agents must create recipient-specific data structures for each recipient of an encrypted message.

• Large number of recipients => resources needs

• Mail List Agents (MLA) can take a singe message and perform the recipient-specific encryption

Mail List Management - Mail Loops

• One mailing list is member of a second and the second is member of the first.

• MLA have to prevent Mail loops

– Each Time a MLA expands a message it adds its own identifier to the history

– If own unique identifier is in the history => Mail loop

• Don't send the message to the list again

• Warning to a human mail list administrator

Mail List Management - Mail Loops (Example)

AMLA1 MLA2

expanded by MLA1

AMLA1 MLA2

expanded by MLA1expanded by MLA2

AMLA1 MLA2

expanded by MLA1expanded by MLA2

AMLA1 MLA2

Mail List Management - Receipts

• Mail List Agent Signed Receipt Policy Processing

– A MLA often needs to propagate forward the receipt policy

– Any MLA adds "insteadOf", "inAdditionTo", "none" to the history

– Only last recipient needs to process

• No receipt, if originator has not requested

• If originator has requested, but MLA supersedes request: MLA may inform the originator

Mail List Management - Receipts (Example)

receipts to: X

A's Policy: insteadOf: A

receipts to: X

receipts to: A

receipts to: X

receipts to: A

B's Policy: none

receipts to: X

receipts to: A

B's Policy: none

receipts to: -

receipts to: X

receipts to: A

B's Policy: none

receipts to: -

6 Signed Certificates

• Attacks

• Responses

Signing Certificate - Attacks

• Substitution Attack

– Simple substitution of one certificate for a another

– issuer and serial number in the SignerInfo is modified to refer to a new certificate

• DoS-Attack where an invalid certificate is substituted for the valid=> message is unverifiable, as the public key no longer matches the public key used to sign

• Substitution of one valid certificate for the original valid certificate where the public keys match=> Message is validated under different constraints the originator intended

Signing Certificate - Attacks (continued)

• Reissue of Certificate Attack

– Attack deals with a certificate authority (CA) re-issuing the signing certificate

– may become more frequent as CA reissue their own root certificates

• Duplicate CA Attack

– Setting up a CA that attempts to duplicate an existing CA

– Issue a new certificate with the same public keys as the signer used

Signing Certificate - Responses

• Substitution Response

– DoS cannot be prevented

– No way to automatically identify the attack because it is indistinguishable from a message corruption.

– No practical way to prevent users from getting new certificates with the same public key.

• Reissue of Certificate Response

– A CA should never reissue a certificate with different attributes

• Duplicate CA Response

– Only way: Never trust a duplicate CA

7 Conclusion

• Security Considerations

Security Considerations

• Mailing lists

– Mailing lists that encrypt their content my be targets for DoS-Attacks if they to not prevent Mail-Loops. Using simple RFC822-Header spoofing it is easy to subscribe on encrypted mailing list to another, thereby setting up an infinity loop.

– Ciphertext Attacks: MLAs should notify an admin if a large number of undecryptable messages are receives

Security Considerations (continued)

• Signed Receipts

– Recipient must not send back a reply if it cannot validate the signature.

– Senders should encrypt receipts to prevent a passive attacker from gleaning information

• Security Labels

– Senders must not rely on recipients' processing software to correctly process security labels

• some S/MIME clients may not understand security labels but display a labeled message

• Error response sent to originator and that error bounces back=> unlike that the bounce message will have a proper security label

Details: RFC 2634

Internet Security - th-nuernberg.de · Internet Security Enhanced Security Services for S/MIME...

Documents

Transcript of Internet Security - th-nuernberg.de · Internet Security Enhanced Security Services for S/MIME...

Nuremberg Institute of Technology - Schorsch@Ohmschorsch.efi.fh-nuernberg.de/mewiki/uploads/BachelorThesis/BA-PWerner-2017.pdfIntegration of Light Field Data in a Computer Generated

YaST and AutoYaST Make The Difference - SUSECON · 2015-11-20 · YaST ® and AutoYaST Make The Difference Thomas Göttlicher Software Engineer tgoettlicher@suse.com Cameron Seader

OAU SO/ I aanods :sowy o z < < IE 0.0 < N m -a c c: O okundalini-yoga-in-nuernberg.de/.../Flyer_Yogalehrerausbildung_2019.pdfOAU SO/ I aanods :sowy o z < < IE 0.0 < N m -a c c: O o

Prospekt Glasgow 2010 - nuernberg.de · 25 Jahre Partnerschaft Nürnberg-Glasgow Chronologie Die Anfänge der Städtefreundschaft Nürnberg und Glasgow feiern im Jahr 2010 den 25.

Network Security Application Security Security Management ...

resonanz-nuernberg.de 03 I2017 12.J AHRGANG IN … · 2018. 7. 2. · findet der Brauch "sabzi tograr" (Karotten schneiden) statt, zu dem gewöhnlich Nach-barn und die nahen Verwandten

General Security Principles and Practices. Security Principles Common Security Principles Security Policies Security Administration Physical Security.

Security - 1 Security Peter O’Grady. Security - 2 Network Security Problem n Data Flow - transmission security n Network Security - server security n.

Breast Center - klinikum-nuernberg.de · 2018-09-11 · cosmetic appearance. Almost 90 percent of eligible breast cancer patients at our Breast Center have breast conservation surgery

P.T.O B.I - buergerinfo-nuernberg.debuergerinfo-nuernberg.de/bis-guide/wa_files/BIS-2015.pdf · The PTO is run by volunteers (all parents of students) and participation in all PTO

AHCAL electronics. Status and Outlook Peter Göttlicher for the AHCAL developers CALICE meeting UT Arlington, March 11th, 2010.

2017 - dai-nuernberg.de...Marshall-Plan – Deutschland und Europa im Blick ... Praktikum und Master in den USA selbst organisieren – Ein Leitfaden ... Als standardisierter Test

Electric Drives Production - ihk-nuernberg.de...Paul Vahle GmbH & Co. ( ) University of Erlangen-Nuremberg ( ) Prof. Volk W., Prof. Werner R., Technical University Darmstadt ( ) Buehler

EMI Effects at TTF (ElectroMagnetic Interference)tklimk/talks/emi.pdf · EMI Definition (From Holger Schlarb and Peter Göttlicher) EMI = Electromagnetic Interference Unwanted electromagnetic

Adobe Photoshop PDF - kaiserburg-nuernberg.de · Title: Adobe Photoshop PDF Created Date: 5/2/2016 10:58:02 AM

HUAWEI - db0fhn.efi.fh-nuernberg.dedb0fhn.efi.fh-nuernberg.de/~dg8ygz/PDF/Quidway S3000-EI Series... · Huawei Technologies Co., Ltd. provides customers with comprehensive technical

UN Global Compact - ihk-nuernberg.de · and Commerce have designated the promotion of the principles of the honourable ... Chief Executive Officer. 4 ... UN GLOBAL COMPACT ...

NürNberg 2018 - doc-nuernberg.de · 3 Welcome Address Dear Colleagues, the 31st international Congress of German Ophthalmic Surgeons (DOC) will be held in Nuremberg from 14 th to

HUAWEI - db0fhn.efi.fh-nuernberg.dedb0fhn.efi.fh-nuernberg.de/~dg8ygz/PDF/Quidway... · HUAWEI Quidway S3026C-PWR Ethernet Switch Installation Manual VRP3.10 ... HUAWEI OptiX, C&C08

GUI Development with Qt - Schorsch@Ohmschorsch.efi.fh-nuernberg.de/roettger/uploads/Scripts/Qt.pdf · GUI Development with Qt Multi-Platform Graphical User-Interface Development with