Lecture 19: PEM and S/MIME • history • PEM – establishing keys – public key hierarchy – message structure – message headers – encryption and integrity protection modes • S/MIME 1 PEM & S/MIME • Privacy Enhanced Mail (PEM) – Developed by IETF, to add encryption, source authentication & integrity protection to e-mail – Allows both public & secret long-term keys Message key is always symmetric – Specifies a detailed certification hierarchy • Secure/MIME (S/MIME) – PEM never took off; CA hierarchy difficult to realize – S/MIME: PEM design incorporated into MIME 2 Establishing Keys • interchange key – long term key used for connection – secret key crypto (never used) – Alice and Bob’s shared key the key has to be exchanged out-of-band – public key crypto – Alice and Bob’s public keys, • look up each others certificates in directory (never used) • include cert chains in the message – needs public key hierarchy 3 PEM Certificate Hierarchy • The root CA: “Internet Policy Registration Authority” (IPRA) • “Policy Certification Authorities”: Second-level, CA-certifying CAs, each with a different policy: – High Assurance (HA): very-secure • implemented on secure platforms • regulates that the child CAs (also HACAs) enforce the same rules – Discretionary Assurance (DA): secure • requires that the child CAs own their names – No Assurance (NA): no constraints • can be used to certify Internet personas (pseudonyms) • Lower-level CAs, certifying individuals or other CAs 4 Structure of PEM Messages • whole or part of the message can be protected • protected part specified as -----BEGIN PRIVACY-ENHANCED MESSAGE----. . . -----END PRIVACY-ENHANCED MESSAGE----- • different types of data: – ordinary, unsecured – integrity-protected, unmodified (MIC-CLEAR) – integrity-protected, encoded (MIC-ONLY) – encrypted, integrity-protected, encoded (ENCRYPTED) 5 PEM Headers • • • • • • Marker: -----BEGIN PRIVACY-ENHANCED MESSAGE----PEM header, inc. protection type (MIC-CLEAR etc.) IV for DES-CBC (for ENCRYPTED only) Chain of certificates, from sender to IPRA MIC Encrypted message key (for ENCRYPTED only) • • Message Marker: -----END PRIVACY-ENHANCED MESSAGE----- 6 Encryption & Integrity Protection Modes Encryption: Typically DES in CBC mode Integrity Protection (Message Authentication): • MIC: MD2 or MD5 of the message (previously included DES CBC-MAC) • signed by sender’s private key • encrypted if the message is encrypted (against guessable plaintext attack) • message header not protected (problematic) – solution: include header info in the text 7 S/MIME vs. PEM • Incorporated into MIME; no other encoding • Any sequence of sign & encrypt is supported (each as a recursive MIME encapsulation) • Has more options than PEM • ASN.1 header encoding • No prescribed certification hierarchy • Has a good prospect of deployment for commercial & organizational usage 9