hathai tanta-ngai, tony abou-assaleh, sittichai jiampojamarn, and dr. nick cercone

11IPSI 2003IPSI 2003 ©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone©2003 Hathai Tanta-ngai, Tony Abou-Assaleh, Sittichai Jiampojamarn, and Nick Cercone

Hathai Tanta-ngai, Tony Abou-Assaleh,Hathai Tanta-ngai, Tony Abou-Assaleh,

Sittichai Jiampojamarn, and Dr. Nick CerconeSittichai Jiampojamarn, and Dr. Nick Cercone

Faculty of Computer Science Faculty of Computer Science

Dalhousie UniversityDalhousie University


OverviewOverviewOverviewOverview

IntroductionIntroduction

Current email securityCurrent email security

Secure Mail Transfer ProtocolSecure Mail Transfer Protocol

DiscussionDiscussion

ConclusionConclusion

Future workFuture work


IntroductionIntroductionIntroductionIntroduction

Email is everyday used in electronic worldEmail is everyday used in electronic world

Simple Mail Transfer Protocol (SMTP) is Simple Mail Transfer Protocol (SMTP) is trivial and anonymoustrivial and anonymous

Security is need for transferring email over Security is need for transferring email over internetinternet


SMTPSMTPSMTPSMTP


Current email securityCurrent email securityCurrent email securityCurrent email security

Confidentiality and IntegrityConfidentiality and Integrity

AuthenticationAuthentication

Non-repudiationNon-repudiation

User ApplicationsUser Applications

Web ApplicationsWeb Applications


Secure Mail Transfer Protocol Secure Mail Transfer Protocol (SecMTP)(SecMTP)Secure Mail Transfer Protocol Secure Mail Transfer Protocol (SecMTP)(SecMTP)

OverviewOverview

Assumption and LimitationAssumption and Limitation

ArchitectureArchitecture

SpecificationSpecification

ExampleExample


SecMTP: OverviewSecMTP: OverviewSecMTP: OverviewSecMTP: Overview

Incorporate security procedure into SMTPIncorporate security procedure into SMTP

Maintain the simplicity and compatibility that Maintain the simplicity and compatibility that SMTP providesSMTP provides

Achieve the five security goals: Achieve the five security goals: confidentiality, integrity, authentication, non-confidentiality, integrity, authentication, non-repudiation, and certificationrepudiation, and certification


Assumption and LimitationAssumption and LimitationAssumption and LimitationAssumption and Limitation

All SecMTP compliant servers must be All SecMTP compliant servers must be properly certifiedproperly certifiedNon-repudiation has to be implementedNon-repudiation has to be implementedSecMTP user trusts the integrity of the end SecMTP user trusts the integrity of the end servers but not the intermediate connectionservers but not the intermediate connection

We designed SecMTP’s architecture, protocol We designed SecMTP’s architecture, protocol specifications, and SecMTP Extension Service specifications, and SecMTP Extension Service to SMTPto SMTP


The SecMTP ArchitectureThe SecMTP ArchitectureThe SecMTP ArchitectureThe SecMTP Architecture

SecMTP server

SecMTP client

SecMTPCommands/ Replies

FileSystem

USER

Non-SecMTP client

SecMTPover SecMTP port

USER

FileSystem

FileSystem

SecMTPover SecMTP port

SecMTP architecture with the extension of security services


The SecMTP SpecificationThe SecMTP SpecificationThe SecMTP SpecificationThe SecMTP Specification

Default specificationDefault specification

User requested optionsUser requested options


The SecMTP Default SpecificationThe SecMTP Default SpecificationThe SecMTP Default SpecificationThe SecMTP Default Specification

TLS channelsTLS channels

Authentication headers Authentication headers

Digital signatureDigital signature

TTP (if receiver non-repudiation is required)TTP (if receiver non-repudiation is required)


The SecMTP User Requested Options The SecMTP User Requested Options The SecMTP User Requested Options The SecMTP User Requested Options

Receiver public key encryptionReceiver public key encryption

Sender private key digital signatureSender private key digital signature

Restrict optionRestrict option

Seamless interfaces Seamless interfaces Users private/public keys are stored at the server Users private/public keys are stored at the server machinemachine


The Timing Diagram of SecMTP (1)The Timing Diagram of SecMTP (1)The Timing Diagram of SecMTP (1)The Timing Diagram of SecMTP (1)

SecMTP server

Network cloud

Sender

Establish TLS connection

Login

Send message

Send message

Server: Add authenticationheader and digital signature

Authorize

Encrypt message

Digital signature

Establish TSLconnection

SecMTP server

Restrict


The Timing Diagram of SecMTP (2)The Timing Diagram of SecMTP (2)The Timing Diagram of SecMTP (2)The Timing Diagram of SecMTP (2)

SecMTP server Receiver

Login

Send message

Authorize

Establish TSL connection

Retrieve message

Decrypt message

Verify message


The State Diagram of Starting a The State Diagram of Starting a SecMTP ConnectionSecMTP ConnectionThe State Diagram of Starting a The State Diagram of Starting a SecMTP ConnectionSecMTP Connection

TLS SASL

SECMTP

STARTTLS /

220 Go ahead

AUTH

Port 25

Port 465

SecMTPPort

Pre-TLSE

HLO

/ ..

.25

0S

TAR

TTLS

...

Pre-SASL

EHLO /

…25

0AUTH

PLA

IN...

SECMTP/

220 welcome

TLS_SECMTP

SASL_SECMTP

SECMTP(default)

AUTH

Pre-SASL_SECMTP

EHLO /

220

AUTHPLA

IN

EHLO /220 welcome to

SECMTP

SecMTP Client

Non-SecMTP Client

SecMTP Client

Pre-SECMTP

EHLO

/…

250

SEC

MTP

...


SMTP Extension Service for Secure SMTP Extension Service for Secure Mail Transfer Protocol (SecMTP)Mail Transfer Protocol (SecMTP)SMTP Extension Service for Secure SMTP Extension Service for Secure Mail Transfer Protocol (SecMTP)Mail Transfer Protocol (SecMTP)

1.1. The name of the SMTP service extension is The name of the SMTP service extension is “Secure Mail Transfer Protocol”“Secure Mail Transfer Protocol”

2.2. The EHLO keyword value associated with The EHLO keyword value associated with the extension is SECMTPthe extension is SECMTP

3.3. No parameters are allowed with this EHLO No parameters are allowed with this EHLO keyword valuekeyword value


SMTP Extension Service for Secure SMTP Extension Service for Secure Mail Transfer Protocol (SecMTP)Mail Transfer Protocol (SecMTP)SMTP Extension Service for Secure SMTP Extension Service for Secure Mail Transfer Protocol (SecMTP)Mail Transfer Protocol (SecMTP)

4.4. Three option parameters are added to the Three option parameters are added to the RCPT command:RCPT command:

SIGNSIGN: digitally sign message header consisting of a : digitally sign message header consisting of a message digest and sender identitymessage digest and sender identity

ENCRENCR: encrypt the message with receiver public key: encrypt the message with receiver public key

STRICTSTRICT: only transfer the message through properly : only transfer the message through properly authenticated and certified SecMTP serversauthenticated and certified SecMTP servers

5.5. No additional SMTP verbs are defined by No additional SMTP verbs are defined by this extensionthis extension


ExampleExampleExampleExample

S: <waits for connection on TCP port 25>S: <waits for connection on TCP port 25>C: <opens connection>C: <opens connection>S: 220 foo.com SMTP service readyS: 220 foo.com SMTP service readyC: EHLO bar.comC: EHLO bar.com

......C: STARTTLSC: STARTTLSC \& S: <negotiate a TLS session>C \& S: <negotiate a TLS session>C \& S: <check result of negotiation>C \& S: <check result of negotiation>C: EHLOC: EHLOS: 250 ... AUTH CRAM-MD5 DIGEST-MD5 ...S: 250 ... AUTH CRAM-MD5 DIGEST-MD5 ...C: AUTH CRAM-MD5C: AUTH CRAM-MD5S: 334 ...S: 334 ...


Example (cont.)Example (cont.)Example (cont.)Example (cont.)

C & S: <authentication session>C & S: <authentication session>S: 235 authentication successfulS: 235 authentication successfulC: EHLOC: EHLOS: 250 ... SECMTP ...S: 250 ... SECMTP ...C: SECMTPC: SECMTPS: 220 welcome SecMTP service readyS: 220 welcome SecMTP service readyC: MAIL FROM:<[email protected]>C: MAIL FROM:<[email protected]>S: 250 OKS: 250 OKC: RCPT TO:<[email protected]>C: RCPT TO:<[email protected]>S: 250 OKS: 250 OKC: RCPT SIGNC: RCPT SIGNS: 250 OK Digital Signature for [email protected]: 250 OK Digital Signature for [email protected]


Example (cont.)Example (cont.)Example (cont.)Example (cont.)

C: DATAC: DATAS: 354 Start mail input; end with <CRLF>.<CRLF>S: 354 Start mail input; end with <CRLF>.<CRLF>C: Data data data...C: Data data data...C: ...etc. etc. etc.C: ...etc. etc. etc.C: .C: .S: 250 OKS: 250 OKC: QUITC: QUITS: 221 foo.com Service closing transmission channelS: 221 foo.com Service closing transmission channel


Discussion (1)Discussion (1)Discussion (1)Discussion (1)

AdvantagesAdvantagesSeamlessly integrate with existing email systemsSeamlessly integrate with existing email systems

Compatible with SMTP and current service Compatible with SMTP and current service extensionextension

Does not require specific action from the usersDoes not require specific action from the users

Provide user-to-user level of securityProvide user-to-user level of security

Provide both best-effort and guaranteed security Provide both best-effort and guaranteed security servicesservices


Discussion (2)Discussion (2)Discussion (2)Discussion (2)

ShortcomingsShortcomingsNon-SecMTP clients need to examine the security Non-SecMTP clients need to examine the security information manuallyinformation manually

Encryption and decryption are done at the serverEncryption and decryption are done at the server

Users must trust the end servers to provide security Users must trust the end servers to provide security servicesservices

The SecMTP servers may become bottleneckThe SecMTP servers may become bottleneck

SecMTP compliant clients and servers are required SecMTP compliant clients and servers are required to achieve full benefit of SecMTPto achieve full benefit of SecMTP


ConclusionConclusionConclusionConclusion

Secure communication -> TLS channelsSecure communication -> TLS channels

Authentication and certification at servers -> AUTH Authentication and certification at servers -> AUTH and headerand header

Confidentiality users -> Public key encryptionConfidentiality users -> Public key encryption

Authentication and integrity at users -> Digital Authentication and integrity at users -> Digital signaturessignatures

Sender non-repudiation -> Digital signaturesSender non-repudiation -> Digital signatures

Both sender and receiver Non-repudiation -> TTPBoth sender and receiver Non-repudiation -> TTP

Guarantee security service -> Guarantee security service -> STRICTSTRICT option option


Thank you Thank you !!!!!!

[email protected] or [email protected]@cs.dal.ca or [email protected]

hathai tanta-ngai, tony abou-assaleh, sittichai jiampojamarn, and dr. nick cercone

Documents