Uploaded by Noorul Ameen Mohamed Ashraff

End to End Encryption in Emails A Focus on Secure - Multipurpose Internet Mail Extension

advertisement
End-to-End Encryption in Emails
A Focus on Secure/Multipurpose Internet Mail
Extension
Waruna Kuruppu
The Faculty of Science, Engineering
and Computing
Kingston University
London, United Kingdom
warunavishvajith@gmail.com
Abstract— Email is a fast, inexpensive, and accessible
method used in the modern world. This paper discusses endto-end encryption related to email communication. The
findings of this study show details of end-to-protocols of PGP,
GPG, and S/MIME. Studies focus more on S/MIME, which
has become the industry standard for secure electronic mail.
The study thoroughly explores S/MIME, focusing on its
architecture, advantages, and disadvantages. Scope in this
paper mainly categorizes into two sections, Basic encryption
techniques and end-to-end encryption in the first part. In the
second part, discussions, and findings go through End-to-End
email encryption protocols (PGP/ GPG / S/MIME) with more
focus on S/MIME. Secure/Multipurpose Internet Mail
Extension (S/MIME) is used in enterprise-level email
solutions with a high level of security. However, like the
advantages of S/MIME, It has some problems and
disadvantages. This paper spots the advantages and
disadvantages, with possible attacks related to S/MIME from
the technical aspect.
Keywords—Email, Encryption,
PEM, PGP, GPG, S/MIME
I.
End-to-End
Encryption,
INTRODUCTION
Emails are the most widely used and popular communication
method in modern days, and It has addressed the traditional
communication barriers. Emails do not 100% fulfilled the
requirement of reliable communication, but emails are one of
the fastest ways to communicate between people. When the
generation moves to the digitalized world, traditional crimes
convert to the binary world. 91% of all cyber-attacks initiate
using phishing emails [1]. Due to this nature, email security is
a critical area of information security.
For email communication over the internet, mainly use three
protocols [2].
SMTP - (Simple Mail Transfer Protocol)
POP - (Post Office Protocol)
IMAP - (Internet Message Access Protocol)
The above-noted protocols use for email delivery in the real
world and send and receive messages as plain texts. However,
using the "transport layer security" email work as secure
communication. For the use of "SSL," "TLS," and the
command of "STARTTLS," add encryptions to emails as
secure data at transit[3] [4]. However, those methods do not
add end-to-end encryptions for secure email communication
[5]. To protect email from intruders, hackers, and thieves, we
XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE
must protect data at rest and in transit. SSL and TLS provide
transport layer security. Email needs a high level of security,
like end-to-end encryption, as a critical service to fulfill the
following goals [6].
Defend Confidentiality
Defend privacy
Defend integrity
Get Authenticity
Get non-repudiation
There are several techniques/protocols available to get end-toend encryption while achieving the above goals. PGP, GPG,
and S/MIME are the top among them[7] [8] [9]. In this paper,
We discuss end-to-end encryptions related to emails with a
focus on S/MIME (Secure/Multipurpose Internet Mail
Extension) [10].
II.
ESSENTIAL PARTS OF THE EMAIL SECURITY
TABLE 1
OBJECT
Confidentiality
Integrity
Authenticity
Components of email security
REQUIREMENT
Encryption
Hashing
Public / Private Key (Certificate)
Email security must ensure the confidentiality, integrity,
authenticity and availability of email communications by
protecting against the risk of email threats [11]. To protect the
email confidentiality requirement, make the email message
readable by the intended recipient only. To protect the
integrity of the email communication receiver should receive
the email without any alteration. To protect authenticity, need
to certify that the email receives from the intended sender.
Availability is a critical topic related to information security.
However, this paper focuses on confidentiality, integrity, and
authenticity with end-to-end encryption related to email
communication. In email security, non-repudiation is another
topic that is hard to fulfill with typical protocols.
III.
ENCRYPTION
"Encryption is the principal application of cryptography" [13].
Encryption is a process that encodes information. In this
process, the plain text of information/data convert into an
alternative form called ciphertext. Only authorized parties can
decrypt the cipher text and get the original data (Wikipedia
Contributors, 2019) [14]. In the encryption process, use the
cryptographic key for the encryption and decryption process,
as illustrated in Figure 1.
IV. END-TO-END ENCRYPTION (E2EE)
Fig. 1. How encryption works in a general sense [15]
A. Symmetric Encryption
Symmetric encryption is a straightforward Encryption
technique. It uses the same cryptographic key for Encryption
and decryption. In this method, the sender uses a key to
encrypt the plaintext, and the receiver uses the same key used
by the sender to decrypt the cipher text [16]. This method
receiver and sender should have the same key, and the key
needs to send through a different communication channel for
more security.
End-to-End Encryption (E2EE) is a method used in computer
security to protect data when it transfers from one system to
another [12]. Before sending the data to the transmission
medium, the sender system encrypts the data. Then, after
receiving the data, the intended recipient can only decrypt it.
The most important thing about this method is that when data
at transit, anyone cannot read or temper the data, including
Internet service providers (ISP), Email hosting providers /
Email admins, hackers, or any other entity. Ture end-to-end
encryption starts from the end user device before data leaves
the end user device data is encrypted using an encryption
algorithm, and data cannot decrypt until it reaches the
destination. For decrypting, the destination device should
have the decryption key.
A. End-to-End Encryption (E2EE) in the email
communication
Today email encryption is mainly categorized into two.
1. Encrypt emails in transit (Transport layer security).
2. End-to-End Encryption [19].
For Encrypt emails in transit, use transport layer security
protocols (SSL / TLS). Those protocols protect
confidentiality during the data transmission only, but do not
provide protection when data at reset. When emails/data are
stored in the server or end-user device, those protocols do not
provide protection to protect confidentiality.
Fig. 2. Symmetric Encryption [16]
B. Asymmetric Encryption
Asymmetric Encryption uses two cryptographic keys for the
encryption and decryption process, and this method is known
as public key cryptography. An asymmetric cryptographic
algorithm generates two keys (Key pair) as both keys
mathematically connect. One key is used for Encryption, and
the other is used for decryption. One is the public key, and
the second is the private key. Asymmetric algorithms contain
two functions: an encryption function and decryption
function [17]. If the message is encrypted with the public key,
that message only decrypts with the private key. Another
hand, If the message encrypts with the private key, that
message only decrypts with the public key [16]. Asymmetric
Encryption mostly uses in daily communication, and
ElGamal, RSA, DSA, Elliptical Curve Cryptography, and
Diffie-Hellman are among them [18].
Fig. 3. Asymmetric Encryption [16]
Several successful end-to-end encryption protocols related to
email communication can solve the above-noted problem.
1. PEM - Privacy Enhanced Mail.
2. PGP - Pretty Good Privacy.
3. GPG - GNU Privacy Guard.
4. S/MIME - Secure/Multipurpose Internet Mail
Extensions.
V. PEM - PRIVACY ENHANCED MAIL.
PEM - Privacy Enhanced Mail is an email security standard
that enables safe electronic mail transmission over public
networks. 1993 IETF standard provides a basement to the
PEM file format that can send and store cryptographic keys,
certificates, and other data. Now the IETF defines the PEM
format in RFC 7468 [20] [21].
PEM uses various algorithms like DES (Data Encryption
Standard) to encrypt data/messages while protecting
confidentiality. DES is a symmetric-key block cipher created
by IBM in the 1970s. PEM uses the MD2 and MD5 hash
functions to generate the digests to protect the integrity of
email communication. PEM workflow can be categorized into
four steps.
1.
Canonical Conversion.
2.
Digital Signature.
3.
Encryption.
4.
Base-64 Encoding.
"In order to use PEM, you'll need either RIPEM or TIS/PEM
(TIS/MOSS). Then you'll need to generate a key-pair and
make it available. Depending on your preference, and
availability, you might want to get your public-key certified
by a Certification Authority" [22]. Currently, PEM is not used
widely and is supplanted by PGP and S/MIME.
VI. PGP - PRETTY GOOD PRIVACY.
PGP - Pretty Good Privacy is an encryption method that can
encrypt and decrypt emails, files, directories, and disk
partitions. In 1991 Phil Zimmermann developed this [7] [24].
PGP was released as a free version via FTP, but now the PGP
trademark owns by Symantec Corporation [25].
PGP works on the public key exchange between users. In this
method no need for CA or any other central trusted authority.
PGP only works between users; users are responsible for
sharing and downloading the public keys.
PGP uses a symmetric key for Encryption and decryption.
Compared with Asymmetric keys, this is more efficient.
However, the Session key needs to share with another side,
and key exchange between users can be a problem. PGP
addressed this issue by using public keys.
The public key can be shared through key servers or directly
with others, and the private key should keep as a secret. PGP
encrypts the session key using the receiver's public key, and
the receiver decrypts the message using the receiver's private
key and finds the session key. Now receiver and sender both
sides have the same key for Encryption and decryption.
Another advantage of PGP is compression. The compression
algorithm converts a message of n bits to m bits (n > m). This
method reduces the size of the message data to be transferred
over the network and improves the system's efficiency. PGP
uses ZIP as a compression algorithm [28] [29].
The PGP only uses public key Encryption to exchange the
session key.
A. GPG - GNU Privacy Guard.
GPG or GnuPG (GNU Privacy Guard) is a free (Open
Source) encryption software / Method that can introduce as a
replacement for Symantec's PGP [26] and a free
implementation of OpenPGP standard as defined by
RFC4880 [27]. Standards related to OpenPGP track by IETF
[28]. The most crucial advantage of this, GPG can be used
with different file systems, including windows and MAC.
Microsoft outlook can send and receive standard PGP/MIME
mails using the plugin designed for outlook.
As PGP, GPG also combines Symmetric Encryption and
Asymmetric Encryption. Symmetric Encryption enhances
speed, and Asymmetric Encryption uses to ease secure key
exchange. GPG uses ZIP, ZLIB, and BZIP2 for compression.
Some email security solutions are designed with public key
servers for distributing the public keys. If the solution goes
beyond the internal network, public key servers can use, Like
the ubuntu key server (https://keyserver.ubuntu.com/) [30], to
store public keys. Exposing the public key to the public is not
a security threat because the public key is designed for
sharing, and anyone cannot decrypt the message without a
private key related to the public key.
Most open-source email solutions are designed with GnuPG
for Medium to large organizations because everyone can use
GPG as free software.
TABLE 2 GPG Algorithms [26]
Technology
Algorithms
Public key
RSA, ElGamal, DSA, ECDH
(cv25519, cv448, nistp256, nistp384,
nistp521, brainpoolP256r1,
brainpoolP384r1, brainpoolP512r1,
secp256k1), ECDSA (nistp256,
nistp384, nistp521, brainpoolP256r1,
brainpoolP384r1, brainpoolP512r1,
secp256k1), EdDSA (ed25519, ed448)
Cipher
3DES, IDEA (for backward
compatibility), CAST5, Blowfish,
Twofish, AES-128, AES-192, AES256, Camellia-128, -192 and -256
Hash
Compression
MD5, SHA-1, RIPEMD-160, SHA256, SHA-384, SHA-512, SHA-224
ZIP, ZLIB, BZIP2
VII. S/MIME - SECURE/MULTIPURPOSE INTERNET MAIL
EXTENSIONS.
A. MIME (Multipurpose Internet Mail Extensions)
MIME stands for Multipurpose Internet Mail Extensions [31].
It sends both ASCII text and non-ASCII messages via email,
and Original SMTP (RFC 821) sends only ASCII text with no
fonts, colors, graphics, or attachments. MIME extension
provides the capability to avoid the limitations of SMTP [32]
[33]. In 1991, Bell communications proposed MIME as a
solution for sending non-ASCII data through SMTP [34].
B. S/MIME - Secure/Multipurpose Internet Mail Extensions
"S/MIME (Secure/Multipurpose Internet Mail Extensions) is
a standard for public key encryption and signing of MIME
data." [9] [35].S/MIME was developed by RSA Data
Security, Inc with the standard PKCS#7 secure message
format [36] [37]. Now IETF controls the standards related to
the S/MIME under the Cryptographic Message Syntax
(CMS) and IETF specification created concerning PKCS #7
[35] [38]. As an end-to-end encryption standard, S/MIME
provides Authentication, Message integrity, non-repudiation
of origin (using digital signatures), Privacy, and Data
Security (using Encryption) [35]. For work with S/MIME
need to obtain and install an individual key/certificate either
from one's in-house certificate authority (CA) or from a
public CA [35].
As PGP, S/MIME uses private and public keys to protect
privacy and provide authentication. Also, follow the
following steps to provide End-to-End Encryption.
Sender's end,
1. Sender gets the hash of the original message
(Message digest).
2.
3.
4.
5.
Then encrypt the message digest using the sender's
private key.
Then generate the session key and encrypt the
original message using the session key.
Encrypt the session key using the receiver's public
key.
Then the sender’s application creates a package of
data that includes the encrypted original message,
the encrypted message digest, the certificate
(X.509), and the identification of the encryption
algorithms.
The encrypted content and Encryption keys for one or more
receivers are included with the enveloped-data content. This
is known as a "digital envelope.".
After receiving the message receiver's side follows the
following steps.
Receiver's end,
1. Decrypt and get the session key using the receiver's
private key.
2. Then get the original message by using the session
key for decryption.
3. Then decrypt the message digest using the sender's
public key and get the hash value of the original
message.
4. Then get the hash value of the original message and
compare it with the hash value obtained in step no
3. The system confirms that the original message is
not tempered if the values are the same.
5. After decrypting, the remaining data is a signed
S/MIME message, which is authenticated as
outlined previously.
IETF (Internet Engineering Task Force) has released
S/MIME version 4.0 as the newest version [39]. S/MIME
commonly uses RSA, DSA, and Elliptic Curve algorithms.
TABLE 3
S/MIME Algorithms Version 4.0 [39]
Task
Content
Encryption
Algorithm
Identifier
Key
Encryption
Algorithm
Identifier
Digest
Algorithm
Identifier
Signature
Algorithm
Identifier
Algorithms
AES-128 GCM
AES-256 GCM
AES-128 CBC
ChaCha20-Poly1305
Elliptic Curve Diffie-Hellman (ECDH) (P256)
RSA
RSAES-OAEP
SHA-256
SHA-512
ECDSA SHA-256
EdDSA
RSA PKCS #1 v1.5 with SHA-256
RSA (RSASSA-PSS) with SHA-256
S/MIME uses symmetric encryption algorithms for content
encryption and Asymmetric algorithms for key encryptions.
For example, ChaCha20-Poly1305 (RFC 8439) is a
symmetric algorithm, and it takes as input a 256-bit key and a
96-bit nonce to encrypt plaintext, with a ciphertext expansion
of 128-bit [40].
Fig. 4. ChaCha20-Poly1305 Encryption [40]
S/MIME uses Asymmetric Encryption for key Encryption. As
an example, RSA uses for Key Encryption. Each user
generates their own key pair as follows [41].
1.
2.
3.
4.
Choose primes p and q
Calculate n = pq
Select e: gcd(ϕ(n),e) = 1, 1 < e < ϕ(n)
Find d ≡ e-1 (modϕ(n))
The user keeps p, q and d private. The values of e and n can
be made public.
Public key of user, PU = {e,n}
Private key of user PR = {d,n}
C. Who needs Secure/Multipurpose Internet Mail
Extension?
S/SMIME is not practical for day-to-day use for ordinary
users. S/SMIME suitability depends on what type of privacy
is required. Some of the matching scenarios are listed below
[43],
1. The business is related to Payment Card Industry
Data Security Standard (PCI Compliance).
2. The organization needs to keep information private
as high-level requirements such as Healthcare
Insurance Portability and Accountability Act, or
HIPAA.
3. Business needs to run with GDPR.
4. Government organizations and agencies.
5. Organizations need enterprise-level security.
6. Organizations and persons work with sensitive
personal information.
D. Things can achieve from Digital Signature and
Encryption in S/MIME.
Authentication: Sender's identity can validate (who they
claim to be).
Confidentiality: Encryption in S/MIME can protect Email
and ensure messages remain private while data at transit and
data is at rest.
Integrity: Digital signature and Encryption can ensure that
electronic mail isn't altered in transit.
Nonrepudiation: Digital signatures ensure that no one can
deny their actions under that signature [43].
E. Posible attckes on S/MIME
CBC/CFB Gadget Attack
"Use CBC/CFB gadgets to inject malicious plaintext snippets
into encrypted emails. These snippets abuse existing and
standard conforming backchannels to exfiltrate the full
plaintext after decryption" [42].
Direct Exfiltration
The attacker creates a new multipart email with three same
body parts and abuses the partial encryption feature by
modifying an encrypted file. As soon as the file is opened and
decrypted by the victim, sensitive content is sent to the
attacker [42].
F. Differences between PGP and S/MIME
Fig. 5. Differences between PGP and S/MIME [43]
VIII. CONCLUSION
This paper discusses end-to-end email encryption techniques
with more focus on S/MIME (Secure/Multipurpose Internet
Mail Extensions). Discussion and analysis are not limited to
S/MIME but extend to PEM, PGP, and GPG. End-to-end
encryption protects email data when data is at rest and data at
transit. SSL and TLS as transport layer protocols provide
protection when only email travels through the internet. PEM,
PGP, GPG, and S/MIME address that issue with end-to-end
encryption. S/MIME uses Symmetric and Asymmetric
encryption to achieve end-to-end encryption and uses
symmetric encryption algorithms for content encryption and
Asymmetric algorithms for key encryptions. A combination
of Symmetric and Asymmetric encryption increases the
efficiency of the S/MIME and mainly uses AES, ECDH,
RSA, SHA, and ECDSA algorithms. S/MIME uses PKI with
public or private certificate authority to provide and fulfill the
requirements of Authentication, Confidentiality, Integrity,
and Nonrepudiation. S/MIME is not suitable for ordinary
daily users but suitable for requirements with a high level of
security. CBC/CFB Gadget Attack and Direct Exfiltration are
security threats related to the S/MIME. Theoretically and
Technically, S/MIME provides a high level of secure
communication for email, But it is not completely bulletproof
[44].
REFERENCES
[1] “91% of all cyber attacks begin with a phishing email to
an unexpected victim,” Deloitte Malaysia, 09-Jan-2020.
[Online]. Available:
https://www2.deloitte.com/my/en/pages/risk/articles/91percent-of-all-cyber-attacks-begin-with-a-phishing-email-toan-unexpected-victim.html. [Accessed: 07-Dec-2022].
[2] W. Goralski, “SMTP and Email,” in The Illustrated
Network, Elsevier, 2017, pp. 637–659.
[3] Wikipedia contributors, “Transport Layer Security,”
Wikipedia, The Free Encyclopedia, 05-Dec-2022. [Online].
Available:
https://en.wikipedia.org/w/index.php?title=Transport_Layer_
Security&oldid=1125634178.
[4] J. Griffin, “What is StartTLS?,” SendGrid, 20-Mar-2020.
[Online]. Available: https://sendgrid.com/blog/what-isstarttls/. [Accessed: 07-Dec-2022].
[5] “Google Transparency Report,” Google.com. [Online].
Available: https://transparencyreport.google.com/saferemail/overview?hl=en. [Accessed: 07-Dec-2022].
[6] A. Reuter, A. Abdelmaksoud, K. Boudaoud, and M.
Winckler, “Usability of end-to-end encryption in E-mail
communication,” Front. Big Data, vol. 4, p. 568284, 2021.
[7] Wikipedia contributors, “Pretty good privacy,”
Wikipedia, The Free Encyclopedia, 30-Nov-2022. [Online].
Available:
https://en.wikipedia.org/w/index.php?title=Pretty_Good_Priv
acy&oldid=1124840233.
[8] The People of the GnuPG Project, “The GNU privacy
guard,” 2022.
[9] Wikipedia contributors, “S/MIME,” Wikipedia, The Free
Encyclopedia, 29-Oct-2022. [Online]. Available:
https://en.wikipedia.org/w/index.php?title=S/MIME&oldid=
1118931540.
[10] G. Phillips, “7 common email security protocols
explained,” MUO, 18-Jan-2019. [Online]. Available:
https://www.makeuseof.com/tag/common-email-securityprotocols-explained/. [Accessed: 07-Dec-2022].
[11] S. M. Kerner, “What is Email Security? – Definition
from Searchsecurity.com,” Security, 19-Jan-2022. [Online].
Available:
https://www.techtarget.com/searchsecurity/definition/emailsecurity. [Accessed: 07-Dec-2022].
[12] B. Lutkevich and M. Bacon, “What is End-to-End
Encryption (E2EE) and How Does it Work?,” Security, 25Jun-2021. [Online]. Available:
https://www.techtarget.com/searchsecurity/definition/end-toend-encryption-E2EE. [Accessed: 07-Dec-2022].
[13] J.-P. Aumasson, Serious cryptography: A practical
introduction to modern encryption. San Francisco, CA: No
Starch Press, 2017.
[14] Wikipedia contributors, “Encryption,” Wikipedia, The
Free Encyclopedia, 28-Nov-2022. [Online]. Available:
https://en.wikipedia.org/w/index.php?title=Encryption&oldid
=1124324568.
[15] M. Mehta, “What is asymmetric encryption & how does
it work?,” InfoSec Insights, 03-Nov-2020. [Online].
Available: https://sectigostore.com/blog/what-is-asymmetricencryption-how-does-it-work. [Accessed: 07-Dec-2022].
[16] “Symmetric vs. Asymmetric Encryption - What are
differences?,” SSL2BUY Wiki - Get Solution for SSL
Certificate Queries, 14-Jun-2021. [Online]. Available:
https://www.ssl2buy.com/wiki/symmetric-vs-asymmetricencryption-what-are-differences. [Accessed: 07-Dec-2022].
[17] Savvy Security, “What is Asymmetric Encryption?
Read Symmetric vs. Asymmetric Encryption diversity,”
Savvy Security, 19-Jan-2021. [Online]. Available:
https://cheapsslsecurity.com/blog/what-is-asymmetricencryption-understand-with-simple-examples. [Accessed:
07-Dec-2022].
[18] B. Daniel, “Symmetric vs. Asymmetric encryption:
What’s the difference?,” Trentonsystems.com, 04-May-2021.
[19] J. Witts, “What is email encryption, how does it work,
and how can it protect your organization?,” Expert Insights,
01-Jan-2021. [Online]. Available:
https://expertinsights.com/insights/what-is-email-encryptionhow-does-it-work-and-how-can-it-protect-your-organization.
[Accessed: 07-Dec-2022].
[20] Wikipedia contributors, “Privacy-Enhanced Mail,”
Wikipedia, The Free Encyclopedia, 27-Jun-2022. [Online].
Available:
https://en.wikipedia.org/w/index.php?title=PrivacyEnhanced_Mail&oldid=1095288351.
[21] S. Josefsson, “Network Working Group,” Ietf.org, 2014.
[Online]. Available: https://www.ietf.org/archive/id/draftjosefsson-pkix-textual-10.pdf. [Accessed: 07-Dec-2022].
[22] “Privacy-Enhanced Mail (PEM),” Umbc.edu. [Online].
Available:
https://redirect.cs.umbc.edu/~woodcock/cmsc482/proj1/pem.
html. [Accessed: 07-Dec-2022].
[23] “Privacy Enhanced Mail (PEM) and it’s Working,”
GeeksforGeeks, 20-May-2020. [Online]. Available:
https://www.geeksforgeeks.org/privacy-enhanced-mail-pemand-its-working. [Accessed: 07-Dec-2022].
[24] B. Wolford, “What is PGP encryption and how does it
work?,” Proton, 08-Aug-2019. [Online]. Available:
https://proton.me/blog/what-is-pgp-encryption. [Accessed:
07-Dec-2022].
[25] J. Lake, “What is PGP encryption and how does it
work?,” Comparitech, 30-Oct-2018. [Online]. Available:
https://www.comparitech.com/blog/informationsecurity/pgp-encryption/. [Accessed: 07-Dec-2022].
[26] Wikipedia contributors, “GNU Privacy Guard,”
Wikipedia, The Free Encyclopedia, 30-Nov-2022. [Online].
Available:
https://en.wikipedia.org/w/index.php?title=GNU_Privacy_G
uard&oldid=1124840486.
[27] Ietf.org. [Online]. Available:
https://www.ietf.org/rfc/rfc4880.txt. [Accessed: 07-Dec2022].
[28] “Introduction to the,” IETF. [Online]. Available:
https://www.ietf.org/about/introduction. [Accessed: 07-Dec2022].
[29] B. Young, “Elements of Security,” Utexas.edu, 2015.
[Online]. Available:
https://www.cs.utexas.edu/~byoung/cs329e/slides8-pgp.pdf.
[Accessed: 07-Dec-2022].
[30] “OpenPGP keyserver,” Ubuntu.com. [Online].
Available: https://keyserver.ubuntu.com. [Accessed: 07-Dec2022].
[31] Wikipedia contributors, “MIME,” Wikipedia, The Free
Encyclopedia, 13-Oct-2022. [Online]. Available:
https://en.wikipedia.org/w/index.php?title=MIME&oldid=11
15802379.
[32] Archiveddocs, “SMTP,” Microsoft.com. [Online].
Available: https://learn.microsoft.com/en-us/previousversions/office/developer/exchange-server2010/aa494182(v=exchg.140). [Accessed: 07-Dec-2022].
[33] J. Postel, “Simple Mail Transfer Protocol,” RFC Editor,
1982.
[34] “Multipurpose internet mail extension (MIME)
protocol,” GeeksforGeeks, 27-Aug-2018. [Online].
Available: https://www.geeksforgeeks.org/multipurposeinternet-mail-extension-mime-protocol/. [Accessed: 07-Dec2022].
[35] P. Bhardwaj, “What is Secure/Multipurpose Internet
Mail Extensions (S/MIME)?,” Tutorialspoint.com. [Online].
Available: https://www.tutorialspoint.com/what-is-securemultipurpose-internet-mail-extensions-s-mime. [Accessed:
07-Dec-2022].
[36] B. Kaliski, “PKCS #7: Cryptographic Message Syntax
Version 1.5,” 1998.
[37] Wikipedia contributors, “PKCS 7,” Wikipedia, The Free
Encyclopedia, 16-Mar-2022. [Online]. Available:
https://en.wikipedia.org/w/index.php?title=PKCS_7&oldid=
1077465207.
[38] Wikipedia contributors, “Cryptographic Message
Syntax,” Wikipedia, The Free Encyclopedia, 24-Nov-2022.
[Online]. Available:
https://en.wikipedia.org/w/index.php?title=Cryptographic_M
essage_Syntax&oldid=1123656598.
[39] J. Schaad, B. Ramsdell, and S. Turner,
“Secure/multipurpose internet mail extensions (S/MIME)
version 4.0 message specification,” RFC Editor, 2019.
[40] Wikipedia contributors, “ChaCha20-Poly1305,”
Wikipedia, The Free Encyclopedia, 13-Oct-2022. [Online].
Available:
https://en.wikipedia.org/w/index.php?title=ChaCha20Poly1305&oldid=1115841415.
[41] “13 RSA,” Sandilands.info. [Online]. Available:
https://sandilands.info/crypto/RSA.html. [Accessed: 07-Dec2022].
[42] “Efail: Breaking S/MIME and OpenPGP email
encryption using exfiltration channels,” Usenix.org. [Online].
Available:
https://www.usenix.org/conference/usenixsecurity18/present
ation/poddebniak. [Accessed: 07-Dec-2022].
[43] D. Zunenshine, “S/MIME encryption: who needs it &
how to get it,” WiseStamp, 27-Jan-2022.
[44] M. Fahim, “Cryptographic security for emails: A focus
on S/MIME,” Usask.ca. [Online]. Available:
https://www.cs.usask.ca/documents/technicalreports/2011/TR-2011-03.pdf. [Accessed: 07-Dec-2022].
Download