E mail security using Certified Electronic Mail (CEM)
Post on 20-Jun-2015
Embed Size (px)
DESCRIPTIONWhen scientists "invented" electronic mail 30 years ago, they had in mind the exchange of messages between a small number of computers in few universities. Because they worked within a closed network nobody was concerned about misuse. Today everything changed: Internet became an open network and the e-mail protocol SMTP is used to send billions of messages. Among them a lot with sensitive, private or valuable information. Unfortunately the e-mail protocol is still lacking inherent security and thus it is imperative:As an e-mail receiver without additional security functions you can not trust neither the e-mail sender nor its content!
- 1. E-mail SecurityUsing Certified Electronic mail (CEM)
2. Team Members Pankaj Bhambhani (200901047) (firstname.lastname@example.org) Pratik Kumar (200901239) (email@example.com) Dipesh Shah (200901094) (firstname.lastname@example.org) Jignesh Kakadiya (200901201) (email@example.com) Ajay Dhameliya (200901203) (firstname.lastname@example.org) 3. Topics Why E-mail security? CEM - Certified Electronic Mail Properties of CEM Existing Protocol - S/MIME properties Missing properties in S/MIME and their importance Sample Certified Email Protocol How to do- Design Conclusion and our thoughts References 4. Why E-mail Security? Primitive E-Mail service different intended purpose. Exchange of messages between small universities in a closed network. Not much concern about misuse. Different Game Altogether Today. Internet an open network - large number of messages sent. Can contain sensitive, valuable information. Security is essential. We shall examine Certified Electronic Mail as a theoretical measure of E-mail Security. 5. Certified Electronic Mail (CEM) Added value to traditional electronic mail. Examination of various properties. Use a sample certified email protocols to demonstrate properties. Its use in improvement of existing protocol : S/MIME 6. Properties of CEM : Non-Repudiation Postal services force the recipient to sign a receipt token before deliveringthe envelope which contains the certified message. Here the recipient only recognizes that it received an envelope which, in turn,can be empty (intentionally or not). Hence there is a difference with respect to the digital evidence of receipt(linked to the message and not to the envelope). 7. Types of non-repudiationDirect Communication ModelNon-Repudiation of Origin (NRO) is intended to protect against the originators falsedenial of having originated the message. Evidence of Origin (EOO) is generated by theoriginator, or a TTP on its behalf, and will be held by the recipient.Non-Repudiation of Receipt (NRR) is intended to protect against the recipients falsedenial of having received the message. Evidence of Receipt (EOR) is generated by therecipient, or a TTP on its behalf, and will be held by the originator.Indirect Communication ModelNon-Repudiation of Submission (NRS) is intended to provide evidence that the originatorsubmitted the message for delivery. Evidence of Submission (EOS) is generated by thedelivery agent, and will be held by the originator.Non-Repudiation of Delivery (NRD) is intended to provide evidence that the messagehas been delivered to the recipient. Evidence of Delivery (EOD) is generated by thedelivery agent, and will be held by the originator 8. Properties of CEM : Non-Repudiation (Contd) Different Possible Message Transfer Combinations: Exchange of message and NRO for NRR linked to the message. Exchange of message and NRO for acknowledgement of receipt. Exchange of message for NRR linked to the message. Exchange of message for acknowledgement of receipt.Exchange of envelope and, if possible, NRO for NRR, if possible,linked to the message. Exchange of envelope and, if possible, NRO for acknowledgementof receipt. Exchange of envelope for NRR, if possible, linked to the message. Exchange of envelope for acknowledgement of receipt. 9. Communication Model The originator and the recipient potentially do not trust each other. The originator is not sure that the recipient will acknowledge a message ithas received. On the other hand, the recipient will only acknowledge messages it hasreceived. In order to facilitate a fair exchange in which neither party will gain anadvantage during the transaction, a TTP will usually be involved. The extent of the trusted third partys involvement varies among differentprotocols 10. Evidence This is the data that can be used if a dispute arises. It can be either generated and stored by the local user or by a third party. Its format depends on the cryptographic mechanisms agreed in the service. Examples:digital signatures (public key cryptography) and secure envelopes (secret key cryptography). 11. Common Elements of Evidence format Non-repudiation service to which evidence is related Non-repudiation policy identifier Originator identity Recipient identity Third party identity if evidence generator differs from the originator Message or a digital fingerprint 12. Common Elements of Evidence format(Contd ) Information needed for verifying evidence (i.e. digital certificate, symmetricsecret key info) if it is not publicly available TTPs identifier Time information (time and date that evidence was generated, expirydate, . . . ). If this data is certified by a Time Stamp Authority (TSA), it could include atime-stamp service identifier. 13. Properties of CEM : Fairness A certified e-mail protocol is fair if and only if at the end of a protocolexecution either Alice got the non-repudiation of receipt evidence, andBob got the corresponding mail (as well as the non-repudiation of originevidence if required), or none of them got any valuable information. Types of Fairness Strong, Weak, Light, True, Probabilistic Fairness is mandatory, so one of these properties must be compulsory.Weak Fairness is enough, although strong fairness is desirable. ProbabilisticFairness is not desirable 14. Properties of CEM : TTP The probability to cheat the other entity in a protocol can be decreased byincreasing the number of messages necessary in the protocol. To avoid thecommunication overhead, a different approach using a trusted third party(TTP) can be introduced. Both entities can send their items to the TTP thatforwards them to the respective entities. Types of TTP In-line TTP, On-line TTP, Off-line TTP, Transparent TTP, Verifiable TTP Off-line TTP is desired, but the involvement of the TTP depends on theapplication. Transparent and Verifiable TTP are desired, but only one of them can beachieved because they are incompatible. 15. Properties of CEM : Timeliness A certifed e-mail protocol provides timeliness if and only if all honest partiesalways have the ability to reach, in a finite amount of time, a point in theprotocol where they can stop the protocol while preserving fairness. Types of Timeliness Synchronous Timeliness Here deadlines are used and the TTP clock is assumedas the reference time. Asynchronous Timeliness There are no deadlines here for participants. Asynchronous Timeliness is desirable as it is difficult to achieve clocksynchronization. 16. Properties of CEM : State Storage TTPs can be classified with respect to how long (temporal criteria) do theyneed, if applicable, to store state information. Types of State Storage Strong Stateless TTP Weak Stateless TTP Strong Stateful TTP Weak Stateful TTP Strong Stateless TTP is the most desirable property from a resource andstorage point of view. 17. Properties of CEM : Confidentiality A certified e-mail protocol is said to provide data confidentiality, if and onlyif Alice and Bob are the only entities that can extract the content of thesent mail out of the protocol messages. Confidentiality is not always required as adding confidentiality may harmthe efficiency of the protocol. Types of Confidentiality Data confidentiality Identity confidentiality We could also consider privacy of the originator (anonymity). Howeveranonymity and NRO cannot be provided at the same time. 18. Properties of CEM : Evidence Transferability It mainly consists of the sending and reception of evidence among participants. It is greatly inuenced by communication channel properties. The different optionsare as follows:1. The communication channel is unreliable. In this case, data can be lost.2. The communication channel is resilient (also called asynchronous network). In this case, data is delivered after a nite but unknown amount of time.3. The communication channel is operational (also called synchronous network).In thiscase, data is delivered after a known, constant amount of time. An unreliable channel will in most cases be transformed into a resilient channel by the useof an appropriate transport protocol (e.g. retransmissions). 19. Dispute Resolution in CEM Dispute resolution is the last phase in a non-repudiation service. This phasewill not be activated unless disputes related to a transaction arise. When a dispute arises, an adjudicator will be invoked to settle the disputeaccording to the non-repudiation evidence provided by the disputingparties and the non-repudiation policy in effect. This policy should beagreed in advance by the parties involved in the service. 20. Protocol : Key chain Based CEMProtocol with Transparent TTP In 2010, Zhiyuan Liu, Jun Pang and Chenyi Zhang proposed an optimisticcertied email protocol, which employs key chains to reduce the storagerequirement of the trusted third party (TTP). Satisfies the following CEM properties: NOR,NRR Strong Fairness Timeliness TTP Transparency 21. Protocol : Key chain Based CEMProtocol with Transparent TTP Key Terms in Protocol: EOO : Evidence of Origin EOR: Evidence of Receipt M : Message T : TTP sid : sender ID A,B : Sender , Receiver h(i) : hash of the I label : It is used to identify the protocol run. fT : flag indicating the purpose of the message where T identifies thecorresponding message in that protocol 22. Protocol : Key chain Based CEMProtocol with Transparent TTP Protocol 23. Protocol : Key chain Based CEMProtocol with Transparent TTP Recovery Protocol for the Sender 24. Protocol : Key chain Based CEMProtocol with Transparent TTP Recovery Protocol for the Receiver where label is h(A,B,TTP, h(m), h(k), t) 25. Working of S/MIME (in brief)Message sending mechanism: 26. Working of S/MIME (in brief)Message receiving mechanism: 27. Security Properties met by S/MIME Message confidentiality via encryption Message integrity via digital signature Message origin authentication via digital signature Non-repudiation of origin via digital signature