One page answer

Jackie Channn

conklin_principlesofcomputersecurity_5e_Chap016_PPT.pptx

Home >Computer Science homework help >One page answer

E-mail and Instant Messaging

Chapter 16

Principles of Computer Security, Fifth Edition

Objectives

Describe security issues associated with e-mail.

Implement security practices for e-mail.

Detail the security issues of instant messaging protocols.

Principles of Computer Security, Fifth Edition

Key Terms (1 of 2)

Botnet

DomainKeys Identified Mail (DKIM)

E-mail

E-mail hoax

Instant messaging (IM)

Mail delivery agent (MDA)

Mail relaying

Mail transfer agent (MTA)

Mail user agent (MUA)

Multipurpose Internet Mail Extensions (MIME)

Open relay

Principles of Computer Security, Fifth Edition

Botnet – A term for a collection of software robots, or bots, that runs autonomously and automatically and commonly invisibly in the background. The term is most often associated with malicious software, but it can also refer to the network of computers using distributed computing software.

DomainKeys Identified Mail (DKIM) – An authentication system for e-mail designed to detect spoofing of e-mail addresses.

E-mail – Started with mailbox programs on early time-sharing machines, allowing researchers to leave messages for others using the same machine.

E-mail hoax – E-mails that travel from user to user because of the compelling story contained in them.

Instant messaging (IM) – A text-based method of communicating over the Internet.

Mail delivery agent (MDA) – The recipient’s mail server.

Mail relaying – Similar to dropping a letter off at a post office instead of letting the postal carrier pick it up at your mailbox. On the Internet, that consists of sending e-mail from a separate IP address, making it more difficult for the mail to be traced back to you.

Mail transfer agent (MTA) – The mail server

Mail user agent (MUA) – The application on the sender’s machine.

Multipurpose Internet Mail Extensions (MIME) – A standard that describes how to encode and attach non-textual elements in an e-mail.

Open relay – A mail server that receives and forwards mail from outside sources.

Key Terms (2 of 2)

Pretty Good Privacy (PGP)

Real-time Blackhole List (RBL)

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Sender Policy Framework (SPF)

Simple Mail Transfer Protocol (SMTP)

Spam

Unsolicited commercial e-mail

Principles of Computer Security, Fifth Edition

Pretty Good Privacy (PGP) – A popular encryption program that has the ability to encrypt and digitally sign e-mail and files.

Real-time Blackhole List (RBL) – A system that uses DNS information to detect and dump spam e-mails.

Secure/Multipurpose Internet Mail Extensions (S/MIME) – An encrypted implementation of the MIME (Multipurpose Internet Mail Extensions) protocol specification.

Sender ID Framework (SIDF) – Microsoft’s server-based solution to spam.

Simple Mail Transfer Protocol (SMTP) – The standard Internet protocol used to transfer e-mail between hosts.

Spam – E-mail that is not requested by the recipient and is typically of a commercial nature. Also known as unsolicited commercial e-mail (UCE).

Unsolicited commercial e-mail – E-mail that is not requested by the recipient and is typically of a commercial nature.

How E-mail Works (1 of 4)

E-mail started with mailbox programs on early time-sharing machines, allowing researchers to leave messages for others using the same machine.

Internet e-mail depends on three primary protocols:

Simple Mail Transfer Protocol (SMTP) is a method by which mail is sent to the server as well as from server to server.

POP3 is a method by which a client computer may connect to a server and download new messages.

IMAP allows the client to retrieve messages from the server; it typically works in greater synchronization than POP3.

Principles of Computer Security, Fifth Edition

How E-mail Works (2 of 4)

Secure versions of the common communication protocols exist via the STARTTLS method.

STARTTLS is a means of using Transport Layer Security (TLS) to secure a communication channel for text-based communication protocols.

E-mail appears to be a client-to-client communication, between sender and receiver.

In reality, a lot of steps are involved.

Principles of Computer Security, Fifth Edition

How E-mail Works (3 of 4)

Figure 16.1 How e-mail works

Principles of Computer Security, Fifth Edition

In reality, a lot of steps are involved, as shown in Figure 16.1 and described here:

1. A user composes and sends an e-mail from the user’s client machine.

2. The e-mail is sent to the client’s e-mail server. In an Internet service provider (ISP) environment, this could be via the ISP. In the case of web mail, it is the mail service (Gmail, Hotmail/Live, etc.). In a corporate environment it is the corporate mail server.

3. a. The receiving e-mail server scans the e-mail for viruses, malware, and other threats.

3. b. The mail server uses DNS to obtain the recipient e-mail server address via an MX record.

4. The mail server prepares the e-mail for transit across the Internet to the recipient’s mail server.

5. The e-mail is routed across the Internet.

6. The receiving e-mail server scans the e-mail for viruses, malware, and other threats.

7. The e-mail is passed to the recipient’s in-box, where it can be read.

How E-mail Works (4 of 4)

In technical terms, the application on the sender’s machine is referred to as a mail user agent (MUA), and the mail server is a mail transfer agent (MTA).

The recipient’s mail server is referred to as a mail delivery agent (MDA).

These terms are used when discussing mail transfers to provide accuracy in the conversation.

Principles of Computer Security, Fifth Edition

For communication from the MUA to the MTA, SMTP (port 25) is used, and communication from MTA to MTA is also SMTP. The protocol used for communication from the MDA to the MUA on the recipient machine is typically POP/IMAP.

E-mail Structure

E-mail is structured in two elements, a header and the body.

The entire message is sent via plain ASCII text, with attachments included using Base64 encoding.

The e-mail header provides information for the handling of the e-mail between MUAs, MTAs, and MDAs.

It is important to note that the format of the message and its attachments are in plaintext.

Principles of Computer Security, Fifth Edition

MIME

When a message has an attachment, the protocol used to deliver the message is Multipurpose Internet Mail Extensions (MIME).

This protocol allows the exchange of different kinds of data across text-based e-mail systems.

When MIME is used, it is marked in the header of the e-mail, along with supporting elements to facilitate decoding.

Principles of Computer Security, Fifth Edition

Security of E-mail (1 of 4)

The e-mail hoax has become a regular occurrence.

Internet-based urban legends are spread through e-mail, with users forwarding them in seemingly endless loops around the globe.

People still have not found a good way to block ubiquitous spam e-mails.

E-mail security is ultimately the responsibility of users themselves, because they are the ones who will actually be sending and receiving the messages.

Principles of Computer Security, Fifth Edition

E-mail can be used to move a variety of threats across the network. From spam, to viruses, to advanced malware in spear-phishing attacks, e-mail can act as a transmission medium. Spam is the most common attack but is now just a nuisance; the majority is now mostly cleaned up by mail server filters and software.

Security of E-mail (2 of 4)

Figure 16.2 A typical list of spam e-mails

Principles of Computer Security, Fifth Edition

People still have not found a good way to block ubiquitous spam e-mails (a sampling of which is shown in Figure 16.2), despite the remarkable advance of every other technology.

Security of E-mail (3 of 4)

Security administrators can give users the tools they need to fight malware, spam, and hoaxes.

Secure/Multipurpose Internet Mail Extensions (S/MIME) and Pretty Good Privacy (PGP) are two popular methods used for encrypting e-mail.

Server-based and desktop-based virus protection can help against malicious code, and spam filters attempt to block all unsolicited commercial e-mail.

E-mail users need to be educated about security.

Principles of Computer Security, Fifth Edition

Security of E-mail (4 of 4)

Instant messaging (IM), while not part of the e-mail system, is similar to e-mail in many respects, particularly in the sense that it is commonly plaintext and can transmit files.

Unsolicited commercial e-mail (Spam)

Industry trade name for unsolicited emails.

Botnets are set up to spread spam

Principles of Computer Security, Fifth Edition

Malicious Code (1 of 7)

Viruses and worms are popular programs because they make themselves popular.

Because the e-mail protocol permits users to attach files to e-mail messages, viruses can travel by e-mail from one local network to another, anywhere on the Internet.

This changed the nature of virus programs, since they once were localized but now could spread virtually everywhere.

E-mail gave the virus a global reach.

Principles of Computer Security, Fifth Edition

Exam Tip: Viruses and worms both can carry malicious payloads and cause damage. The difference is in how they are transmitted: viruses require a file to infect, whereas worms can exist independently of a file.

The advent of computer networks was a computer virus writer’s dream, allowing viruses to attempt to infect every network share to which the computer was attached. This extended the virus’s reach from a set of machines that might share a floppy disk to every machine on the network. Because the e-mail protocol permits users to attach files to e-mail messages (see Figure 16.3), viruses can travel by e-mail from one local network to another, anywhere on the Internet. This changed the nature of virus programs, since they once were localized but now could spread virtually everywhere. E-mail gave the virus a global reach.

When active content was designed for the Web, in the form of Java and ActiveX scripts, these scripts were interpreted and run by the web browser. E-mail programs also would run these scripts, and that’s when the trouble began. Some e-mail programs, most notably Microsoft Outlook, use a preview pane, which allows users to read e-mails without opening them in the full screen (see Figure 16.4).

Malicious Code (2 of 7)

Figure 16.3 Viruses commonly spread through e-mail attachments

Principles of Computer Security, Fifth Edition

Because the e-mail protocol permits users to attach files to e-mail messages (see Figure 16.3), viruses can travel by e-mail from one local network to another, anywhere on the Internet.

Malicious Code (3 of 7)

When active content was designed for the Web, in the form of Java and ActiveX scripts, these scripts were interpreted and run by the web browser.

E-mail programs also would run these scripts, and that is when the trouble began.

Some e-mail programs, most notably Microsoft Outlook, use a preview pane, which allows users to read e-mails without opening them in the full screen.

Principles of Computer Security, Fifth Edition

Malicious Code (4 of 7)

Figure 16.4 The preview pane on the right can execute code

in e-mails without opening them.

Principles of Computer Security, Fifth Edition

Some e-mail programs, most notably Microsoft Outlook, use a preview pane, which allows users to read e-mails without opening them in the full screen (see Figure 16.4).

Unfortunately, this preview still activates all the content in the e-mail message, and because Outlook supports Visual Basic scripting, it is vulnerable to e-mail worms. A user doesn’t need to run the program or even open the e-mail to activate the worm—simply previewing the e-mail in the preview pane can launch the malicious content. This form of automatic execution was the primary reason for the spread of the ILOVEYOU worm.

Malicious Code (5 of 7)

All malware is a security threat.

Antivirus systems are not a panacea.

Worm prevention relies on patch management.

Viruses are user-launched.

People using the e-mail system create the front line of defense against viruses.

Users need to be educated about virus dangers.

Use localized antivirus scanning programs like AVG.

Principles of Computer Security, Fifth Edition

All malware is a security threat, with the several different types having different countermeasures. The antivirus systems that we have used for years have progressed to try and stop all forms of malicious software, but they are not a panacea. Worm prevention also relies on patch management of the operating system and applications. Viruses are user-launched, and since one of the most common transfer methods for viruses is through e-mail, the people using the e-mail system create the front line of defense against viruses. In addition to antivirus scanning of the user’s system, and possibly an e-mail virus filter, users need to be educated about the dangers of viruses.

Although the great majority of users are now aware of viruses and the damage they can cause, more education may be needed to instruct them on the specific things that need to be addressed when a virus is received via e-mail. These can vary from organization to organization and from e-mail software to e-mail software; however, some useful examples of good practices involve examining all e-mails for a known source as well as a known destination, especially if the e-mails have attachments. Strange files or unexpected attachments should always be checked with an antivirus program before execution. Users also need to know that some viruses can be executed simply by opening the e-mail or viewing it in the preview pane. Education and proper administration is also useful in configuring the e-mail software to be as virus resistant as possible—turning off scripting support and the preview pane are good examples. Many organizations outline specific user responsibilities for e-mail, similar to network acceptable use policies. Some examples include using e-mail resources responsibly, avoiding the installation of untrusted programs, and using localized antivirus scanning programs, such as AVG.

Malicious Code (6 of 7)

Principles of Computer Security, Fifth Edition

Malicious Code (7 of 7)

Another protection is to carefully create virus scanning procedures.

If possible, perform virus scans on every e-mail as it comes into the company’s e-mail server.

Some users will also attempt to retrieve e-mail offsite from a normal Internet service provider (ISP) account, which can bypass the server-based virus protection,

Every machine should also be protected with a host-based virus protection program that scans all files on a regular basis and performs checks of files upon their execution.

Principles of Computer Security, Fifth Edition

Hoax E-mails (1 of 2)

E-mail hoaxes are mostly a nuisance.

They waste time and use Internet bandwidth and server processing time.

E-mail hoaxes are global urban legends, perpetually traveling from one e-mail account to the next, and most have a common theme of some story.

It is important to educate e-mail users.

They should be familiar with a hoax before they go online.

They should know how to search the Internet for hoax information.

Principles of Computer Security, Fifth Edition

Warning: Forwarding hoax e-mails and other jokes, funny movies, and non-work-related e-mails at work can be a violation of your company’s acceptable use policy and result in disciplinary actions.

E-mail hoaxes are mostly a nuisance, but they do cost everyone, not only in the time wasted by receiving and reading the e-mails, but also in the Internet bandwidth and server processing time they take up. E-mail hoaxes are global urban legends, perpetually traveling from one e-mail account to the next, and most have a common theme of some story you must tell ten other people about right away for good luck or some virus that will harm your friends unless you tell them

The most important thing to do in this case is educate e-mail users: they should be familiar with a hoax or two before they go online, and they should know how to search the Internet for hoax information. Users need to apply the same common sense on the Internet that they would in real life: If it sounds too outlandish to be true, it probably is a fabrication. The goal of education about hoaxes should be to change user behavior to delete the hoax e-mail and not send it on immediately. Hoaxes are similar to chain letters, but instead of promising a reward, the story in the e-mail is typically what produces the action.

Hoax E-mails (2 of 2)

Figure 16.5 Snopes is an online reference for urban legends common in hoax e-mails.

Principles of Computer Security, Fifth Edition

Hoaxes have been circling the Internet for many years, and many web sites are dedicated to debunking them, such as Snopes.com (see Figure 16.5).

Spam Filter (1 of 6)

Spam refers to unsolicited commercial e-mail whose purpose is the same as the junk mail you get in your physical mailbox—it tries to persuade you to buy something.

The amount of spam being transmitted eventually spurred federal authorities into action.

Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) law

Principles of Computer Security, Fifth Edition

The first spam e-mail was sent in 1978 by a DEC employee. However, the first spam that really captured everyone’s attention was in 1994, when two lawyers posted a commercial message to every Usenet newsgroup. This was the origin of using the Internet to send one message to as many recipients as possible via an automated program. Commercial e-mail programs have taken over, resulting in the variety of spam that most users receive in their in-boxes every day.

Spam Filter (2 of 6)

Popular methods to fight spam

Blacklisting

Content filtering

Trusted servers

Delay-based filtering

PTR and reverse DNS checks

Callback verification

Statistical content filtering

Rule-based filtering

Egress filtering

Hybrid filtering

Principles of Computer Security, Fifth Edition

Spam Filter (3 of 6)

Mail relaying is similar to dropping a letter off at a post office instead of letting the postal carrier pick it up at your mailbox.

On the Internet, that consists of sending e-mail from a separate IP address.

SMTP server software is typically configured to accept mail only from specific hosts or domains.

All SMTP software can and should be configured to accept only mail from known hosts, or to known mailboxes; this closes down mail relaying and helps to reduce spam.

Principles of Computer Security, Fifth Edition

Mail relaying is similar to dropping a letter off at a post office instead of letting the postal carrier pick it up at your mailbox. On the Internet, that consists of sending e-mail from a separate IP address, making it more difficult for the mail to be traced back to you. SMTP server software is typically configured to accept mail only from specific hosts or domains. All SMTP software can and should be configured to accept only mail from known hosts, or to known mailboxes; this closes down mail relaying and helps to reduce spam.

Spam Filter (4 of 6)

Greylisting

When an e-mail is received, it is bounced as a temporary rejection.

SMTP servers that are compliant with RFC 5321 will wait a configurable amount of time and attempt retransmission of the message.

Spammers will not retry sending of any messages, so spam is reduced.

Principles of Computer Security, Fifth Edition

Spam Filter (5 of 6)

Principles of Computer Security, Fifth Edition

Another technique is known as greylisting. When an e-mail is received, it is bounced as a temporary rejection. SMTP servers that are RFC 5321–compliant will wait a configurable amount of time and attempt retransmission of the message. Obviously, spammers will not retry sending of any messages, so spam is reduced.

Spam Filter (6 of 6)

Spam URI Real-time Block Lists (SURBL) detect unwanted e-mail based on invalid or malicious links within a message.

Using a SURBL filter is a valuable tool to protect users from malware and phishing attacks.

Not all mail servers support SURBL, but this technology shows promise in the fight against malware and phishing.

The Real-time Blackhole List (RBL) list of e-mail servers that are known for allowing spam, or have open relays, and enable bad e-mail behaviors

Principles of Computer Security, Fifth Edition

Sender ID Framework

Microsoft offers another server-based solution to spam, called the Sender ID Framework (SIDF).

SIDF attempts to authenticate messages by checking the sender’s domain name against a list of IP addresses authorized to send e-mail by the domain name listed.

This list is maintained in a text (TXT) record published by the DNS, called a Sender Policy Framework (SPF) record.

Principles of Computer Security, Fifth Edition

So when a mail server receives an e-mail, it will check the sender’s domain name in the DNS; if the outbound server’s IP matches, the message gets a “pass” rating by SIDF. This is similar to the idea that routers should drop any outbound port 25 traffic that does not come from known e-mail servers on the subnet managed by the router. However, the SIDF system handles the authentication of the e-mail server when it is received, not when it is sent. This system still allows wasted bandwidth from the sender of the message to the receiver, and since bandwidth is increasingly a metered service, this means the cost of spam is still paid by the recipient. The SPF check ensures that the sending MTA is allowed to send mail on behalf of the sender’s domain name. When SPF is activated on your server, the sending server’s MX record (the DNS Mail Exchange record) is validated before message transmission takes place.

These methods can take care of up to 90 percent of the junk mail clogging our networks, but they cannot stop it entirely. Better control of port 25 traffic is required to slow the tide of spam hitting our in-boxes. This would stop spammers using remote open relays and, hopefully, prevent many users from running unauthorized e-mail servers of their own. Because of the low cost of generating spam, until serious action is taken, or spam is somehow made unprofitable, it will remain with us.

DomainKeys Identified Mail (1 of 2)

DomainKeys Identified Mail (DKIM) is an e-mail validation system employed to detect e-mail spoofing.

DKIM operates by providing a mechanism to allow receiving MTAs to check that incoming mail is authorized and the e-mail (including attachments) has not been modified during transport.

It does this through a digital signature included with the message that can be validated by the recipient using the signer’s public key published in the DNS.

Principles of Computer Security, Fifth Edition

DomainKeys Identified Mail (DKIM) is an e-mail validation system employed to detect e-mail spoofing. DKIM operates by providing a mechanism to allow receiving MTAs to check that incoming mail is authorized and that the e-mail (including attachments) has not been modified during transport. It does this through a digital signature included with the message that can be validated by the recipient using the signer’s public key published in the DNS. DKIM is the result of the merging of two previous methods, DomainKeys and Identified Internet Mail. DKIM is the basis for a series of IETF standards-track specifications and is used by AOL, Gmail, and Yahoo mail. Any mail from these organizations should carry a DKIM signature.

DomainKeys Identified Mail (2 of 2)

DKIM is the result of the merging of two previous methods, DomainKeys and Identified Internet Mail.

DKIM is the basis for a series of IETF standards-track specifications and is used by AOL, Gmail, and Yahoo mail.

Any mail from these organizations should carry a DKIM signature.

Data Loss Prevention (DLP)

Scans outgoing traffic and mail

Principles of Computer Security, Fifth Edition

Mail Encryption

E-mail suffers from a more important security—the lack of confidentiality, or, as it is sometimes referred to, privacy.

E-mail has always been a plaintext protocol.

Any attacker at a choke point in the network could read all e-mail passing through that network segment.

Some tools can be used to solve this problem by using encryption on the e-mail’s content.

The first method is S/MIME and the second is PGP.

Principles of Computer Security, Fifth Edition

When many people first got onto the Internet, they heard a standard lecture about not sending anything through e-mail that they wouldn’t want posted on a public bulletin board. Part of the reason for this was that e-mail is sent with the clear text of the message exposed to anyone who is sniffing the network. Any attacker at a choke point in the network could read all e-mail passing through that network segment.

S/MIME (1 of 5)

Secure/Multipurpose Internet Mail Extensions (S/MIME) is a secure implementation of the MIME protocol specification.

MIME was created to allow Internet e-mail to support new and more creative features.

MIME handles audio files, images, applications, and multipart e-mails.

MIME allows e-mail to handle multiple types of content in a message, including file transfers.

S/MIME was developed by RSA Data Security and uses the X.509 format for certificates.

Principles of Computer Security, Fifth Edition

The original e-mail RFC specified only text e-mail, so any non-text data had to be handled by a new specification—MIME. MIME handles audio files, images, applications, and multipart e-mails. MIME allows e-mail to handle multiple types of content in a message, including file transfers. Every time you send a file as an e-mail attachment, you are using MIME. S/MIME takes this content and specifies a framework for encrypting the message as a MIME attachment.

S/MIME was developed by RSA Data Security and uses the X.509 format for certificates. The specification supports both 40-bit RC2 and 3DES for symmetric encryption. The protocol can affect the message in one of two ways: the host mail program can encode the message with S/MIME, or the server can act as the processing agent, encrypting all messages between servers.

The host-based operation starts when the user clicks Send; the mail agent then encodes the message using the generated symmetric key. Then the symmetric key is encoded with the remote user’s public key for confidentiality or signed with the local user’s private key for authentication/nonrepudiation. This enables the remote user to decode the symmetric key and then decrypt the actual content of the message. Of course, all of this is handled by the user’s mail program, requiring the user simply to tell the program to decode the message. If the message is signed by the sender, it will be signed with the sender’s public key, guaranteeing the source of the message. The reason that both symmetric and asymmetric encryption are used in the mail is to increase the speed of encryption and decryption. As encryption is based on difficult mathematical problems, it takes time to encrypt and decrypt. To speed this up, the more difficult process, asymmetric encryption, is used only to encrypt a relatively small amount of data, the symmetric key. The symmetric key is then used to encrypt the rest of the message.

S/MIME (2 of 5)

The S/MIME process of encrypting e-mails provides integrity, privacy, and, if the message is signed, authentication.

Several popular e-mail programs support S/MIME.

These include Outlook and Windows Mail.

They both manage S/MIME keys and functions through the E-mail Security screen.

Trusted authorities are needed to ensure the senders are who they claim to be, an important part of authentication.

Principles of Computer Security, Fifth Edition

S/MIME (3 of 5)

Figure 16.7 S/MIME options in Outlook

Principles of Computer Security, Fifth Edition

Several popular e-mail programs support S/MIME, including the popular Microsoft products Outlook and Windows Mail. They both manage S/MIME keys and functions through the E-mail Security screen, shown in Figure 16.7. This figure shows the different settings that can be used to encrypt messages and use X.509 digital certificates. This allows interoperability with web certificates, and trusted authorities are available to issue the certificates. Trusted authorities are needed to ensure the senders are who they claim to be, an important part of authentication.

S/MIME (4 of 5)

Figure 16.8 S/MIME options in Windows Mail

Principles of Computer Security, Fifth Edition

In Windows Mail, the window is simpler (see Figure 16.8), but the same functions of key management and secure e-mail operation are available.

S/MIME (5 of 5)

S/MIME’s implementation can be problematic.

User can select low-strength (40-bit) encryption.

Bugs can exist in the software itself.

Principles of Computer Security, Fifth Edition

While S/MIME is a good and versatile protocol for securing e-mail, its implementation can be problematic. S/MIME allows the user to select low-strength (40-bit) encryption, which means a user can send a message that is thought to be secure but that can be more easily decoded than messages sent with 3DES encryption.

Also, as with any protocol, bugs can exist in the software itself. Just because an application is designed for security does not mean that it, itself, is secure. Despite its potential flaws, however, S/MIME is a tremendous leap in security over regular e-mail.

PGP (1 of 4)

Pretty Good Privacy (PGP) implements e-mail security in a similar fashion to S/MIME.

PGP uses completely different protocols.

The basic framework is the same.

PGP has plug-ins for many popular e-mail programs, including Outlook and Mozilla’s Thunderbird.

These plug-ins handle the encryption and decryption behind the scenes, and all that the user must do is enter the encryption key’s passphrase to ensure that they are the owner of the key.

Principles of Computer Security, Fifth Edition

Pretty Good Privacy (PGP) implements e-mail security in a similar fashion to S/MIME, but PGP uses completely different protocols.

The basic framework is the same:

The user sends the e-mail, and the mail agent applies encryption as specified in the mail program’s programming. The content is encrypted with the generated symmetric key, and that key is encrypted with the public key of the recipient of the e-mail for confidentiality. The sender can also choose to sign the mail with a private key, allowing the recipient to authenticate the sender. Currently, PGP supports public key infrastructure (PKI) provided by multiple vendors, including X.509 certificates and Lightweight Directory Access Protocol (LDAP) key sources such as Microsoft’s Active Directory.

PGP (2 of 4)

Figure 16.9 PGP key management

Principles of Computer Security, Fifth Edition

In Figure 16.9, you can see how PGP manages keys locally in its own software. This is where a user stores not only local keys, but also any keys that were received from other users. A free key server is available for storing PGP public keys. PGP can generate its own keys using either Diffie-Hellman or RSA, and it can then transmit the public keys to the PGP LDAP server so other PGP users can search for and locate your public key to communicate with you. This key server is convenient, as each person using PGP for communications does not have to implement a server to handle key management. For the actual encryption of the e-mail content itself, PGP supports International Data Encryption Algorithm (IDEA), 3DES, and Carlisle Adams and Stafford Tavares (CAST) for symmetric encryption. PGP provides pretty good security against brute-force attacks by using a 3DES key length of 168 bits, an IDEA key length of 128 bits, and a CAST key length of 128 bits. All of these algorithms are difficult to brute-force with existing hardware, requiring well over a million years to break the code. While this is not a promise of future security against brute-force attacks, the security is reasonable today.

PGP (3 of 4)

Figure 16.10 Decoding a PGP-encoded message

Principles of Computer Security, Fifth Edition

In Figure 16.10, you can see the string of encrypted text that makes up the MIME attachment. This text includes the encrypted content of the message and the encrypted symmetric key. You can also see that the program does not decrypt the message upon receipt; it waits until instructed to decrypt it. PGP also stores encrypted messages in the encrypted format, as does S/MIME. This is important, since it provides end-to-end security for the message.

PGP (4 of 4)

PGP is not problem-free.

You must keep the software up to date and fully patched.

There is also a lot of discussion about the way PGP handles key recovery, or key escrow.

Additional Decryption Key (ADK) used an additional public key stacked upon the original public key.

ADK not always controlled by a properly authorized organization, and the danger exists for someone to add an ADK and then distribute it to the world.

Users believe message can only be read by the first party, but message can be read by the third party who modified the key.

Principles of Computer Security, Fifth Edition

Instant Messaging (1 of 2)

Instant messaging (IM) is another technology that has seen a change in recent years.

Gone are the old services of AOL Instant Messenger

In are messaging apps that are connected to a social media app (for example, Facebook Messenger), connected to a smart device (for example, a messaging app on a phone), or provide security (for example, Wire).

IM programs are designed to attach to a server, or a network of servers, and allow you to talk with other people on the same network of servers in near real time.

Principles of Computer Security, Fifth Edition

Instant Messaging (2 of 2)

Popular IM clients were not implemented with security in mind.

All support sending files as attachments.

Few currently support encryption

Currently none have a virus scanner built into the file-sharing utility

This has created a market for a secure IM system, and several have sprung up to serve IM on the mobile device marketplace (e.g., Wire)

Principles of Computer Security, Fifth Edition

Modern Instant Messaging Systems

The best ways to protect yourself on an IM network are similar to those for other Internet applications:

Avoid communication with unknown persons, avoid running any program you are unsure of, and do not write anything you wouldn’t want posted with your name on it.

As the social aspect of the Web grows, so do the instant sharing systems connecting users in social webs.

The main security threat on most of these is information disclosure.

Principles of Computer Security, Fifth Edition

Instant messaging also plays a role in today’s social media–driven world. There are many very popular “messaging systems” that are in popular use today, including Snapchat, Instagram, Jabber, Tumblr, WhatsApp, and more. These are instant sharing systems that allow user bases to share files, pictures, and videos between users. Each of these systems has large numbers of users and literally billions of transferred items every year. As the social aspect of the Web grows, so do the instant sharing systems connecting users in social webs. Apple has its own messaging service, as does Android, and apps exist for a wide range of different “messaging” systems.

Any list of messaging apps is one that will become outdated rather rapidly, but at the time this book goes to press the list would include the following:

Facebook Messenger

Instagram

Kik

LINE

Skype

Slack

Snapchat

Tumblr

Viber

WeChat

The main security threat on most of these is information disclosure. As they can be used from mobile devices outside of an enterprise network, there is the possibility for information to be captured and released across these platforms. For this reason, one of the security policies of high-security facilities is to not allow personal devices.

Chapter Summary

Describe security issues associated with e-mail.

Implement security practices for e-mail.

Detail the security issues of instant messaging protocols.

Principles of Computer Security, Fifth Edition