PEM and S/MIME

advertisement
Lecture 19: PEM and S/MIME
• history
• PEM
– establishing keys
– public key hierarchy
– message structure
– message headers
– encryption and integrity protection
modes
• S/MIME
1
PEM & S/MIME
• Privacy Enhanced Mail (PEM)
– Developed by IETF, to add encryption, source authentication &
integrity protection to e-mail
– Allows both public & secret long-term keys
Message key is always symmetric
– Specifies a detailed certification hierarchy
• Secure/MIME (S/MIME)
– PEM never took off; CA hierarchy difficult to realize
– S/MIME: PEM design incorporated into MIME
2
Establishing Keys
•
interchange key – long term key used for connection
– secret key crypto (never used) – Alice and Bob’s shared key the
key has to be exchanged out-of-band
– public key crypto – Alice and Bob’s public keys,
• look up each others certificates in directory (never used)
• include cert chains in the message
– needs public key hierarchy
3
PEM Certificate Hierarchy
• The root CA: “Internet Policy Registration Authority” (IPRA)
• “Policy Certification Authorities”: Second-level, CA-certifying
CAs, each with a different policy:
– High Assurance (HA): very-secure
• implemented on secure platforms
• regulates that the child CAs (also HACAs) enforce the
same rules
– Discretionary Assurance (DA): secure
• requires that the child CAs own their names
– No Assurance (NA): no constraints
• can be used to certify Internet personas (pseudonyms)
• Lower-level CAs, certifying individuals or other CAs
4
Structure of PEM Messages
• whole or part of the message can be protected
• protected part specified as
-----BEGIN PRIVACY-ENHANCED MESSAGE----.
.
.
-----END PRIVACY-ENHANCED MESSAGE-----
• different types of data:
– ordinary, unsecured
– integrity-protected, unmodified (MIC-CLEAR)
– integrity-protected, encoded (MIC-ONLY)
– encrypted, integrity-protected, encoded (ENCRYPTED)
5
PEM Headers
•
•
•
•
•
•
Marker: -----BEGIN PRIVACY-ENHANCED MESSAGE----PEM header, inc. protection type (MIC-CLEAR etc.)
IV for DES-CBC (for ENCRYPTED only)
Chain of certificates, from sender to IPRA
MIC
Encrypted message key (for ENCRYPTED only)
•
•
Message
Marker: -----END
PRIVACY-ENHANCED MESSAGE-----
6
Encryption & Integrity
Protection Modes
Encryption: Typically DES in CBC mode
Integrity Protection (Message Authentication):
• MIC: MD2 or MD5 of the message
(previously included DES CBC-MAC)
• signed by sender’s private key
• encrypted if the message is encrypted
(against guessable plaintext attack)
• message header not protected (problematic)
– solution: include header info in the text
7
S/MIME vs. PEM
• Incorporated into MIME; no other encoding
• Any sequence of sign & encrypt is supported (each as a
recursive MIME encapsulation)
• Has more options than PEM
• ASN.1 header encoding
• No prescribed certification hierarchy
• Has a good prospect of deployment for commercial &
organizational usage
9
Download