Week 12 - Internet Security Protocols and Standards (2)
Internet Security Protocols and Standards
Focus on secure communication protocols for electronic mail and internet services.
MIME and S/MIME
MIME (Multipurpose Internet Mail Extensions)
Extension of RFC 822 for internet mail format.
Introduced new header fields defining message body information, moving beyond ASCII format.
S/MIME (Secure/Multipurpose Internet Mail Extension)
Security enhancement to MIME for signing/encrypting email messages.
Based on RSA Data Security technologies.
S/MIME Content Types (Table 22.1)
Multipart:
Signed: Clear-signed message consisting of the message and its signature.
Application pkcs7-mime:
signedData: Signed S/MIME entity.
envelopedData: Encrypted S/MIME entity.
degenerate signedData: Contains public-key certificates only.
CompressedData: Compressed S/MIME entity.
signedData (as a subtype): Content type for signature subparts.
S/MIME Functions
Types of Data Handling
Enveloped Data: Contains encrypted content and associated keys.
Signed Data: A digest of the encoded message secured.
Clear-signed Data: Cleartext message with an encoded signed digest.
Signed and Enveloped Data: Combination of signed and encrypted entities.
S/MIME Functional Flow (Figure 22.1)
Sender:
Signs the message with their private RSA key.
Encrypts the message using a secret key.
Receiver:
Decrypts message with their private RSA key.
Verifies the message using the sender’s public RSA key.
Signing Process
Utilizes RSA or DSA with SHA-256.
The message is hashed, then encrypted with the sender's private RSA key to create a unique digital signature.
Verifying involves hashing the received message to match the decrypted digest.
Enveloped Data Mechanics
Default algorithms: AES and RSA.
A new pseudorandom key is generated for each message encryption.
The session key is transmitted along with the ciphertext, encrypted with the recipient's public RSA key.
DomainKeys Identified Mail (DKIM)
Cryptographically signs email messages to ascertain responsibility for messages.
Proposed standard RFC 4871, widely adopted by email providers.
SSL and TLS Overview
SSL (Secure Sockets Layer)
Widely used security service relying on TCP protocols.
Transitioned to TLS (Transport Layer Security) becoming an internet standard (RFC 4346).
TLS Protocols
TLS Session: Established for client-server associations to negotiate secure parameters.
TLS Connection: Transient, peer-to-peer transport providing security.
Change Cipher Spec Protocol (Page 15)
Simplest TLS protocol that updates cipher suite through a single byte message.
Alert Protocol (Page 16)
Communicates alerts related to the TLS connection.
Types: Warning (1) or Fatal (2), with different consequences.
Handshake Protocol (Page 17)
Complex protocol enabling server-client authentication and negotiating encryption standards.
Involves multiple phases exchanging security capabilities.
Heartbeat Protocol (Page 19)
Signals between peers for availability and connection activity.
Established during Handshake for support indication.
SSL/TLS Attacks (Page 20)
Categories of attacks targeting handshake, record protocols, and PKI.
HTTPS (Page 22)
Secure HTTP communication between web browsers and servers using SSL.
Demarcated by URL starting with https://.
IP Security (IPsec)
Overview
Implements various security mechanisms across layers to ensure security for all applications.
Supports next-generation IPv6 and existing IPv4.
Benefits of IPsec
Establishes strong security at firewalls or routers.
Operates transparently, securing individual users effectively.
Functions and Modes of IPsec
Functions: Encapsulating Security Payload (ESP) for encryption/authentication and Authentication Header (AH) for authentication only.
Transport Mode: Encrypts the IP payload only.
Tunnel Mode: Encrypts the entire IP packet, useful for security gateways.
Summary (Page 29)
Topics covered include:
Secure Email and S/MIME.
DKIM and Internet Mail Architecture.
SSL/TLS protocols and related attacks.
Overview of IPsec security and mode functions.