Lecture 20: Email security

Question 1

What are the two types of link security?

Answer 1

DKIM

STARTTLS

Question 2

What are the two types of end-to-end security?

Answer 2

PGP

S/MIME

Question 3

What does DKIM stand for?

Answer 3

Domain Keys Identified Mail

Question 4

What does S/MIME stand for?

Answer 4

Secure/Multipurpose Internet Mail Extension

Question 5

What does SMTP stand for?

Answer 5

Single message transfer protocol

Question 6

What is SMTP?

Answer 6

a mail transmission protocol to send an email from a source to a destination

Question 7

What are POP and IMAP?

Answer 7

mail access protocols to allow a message user agent (MUA) to download an email from a message transfer agent (MTA)

Question 8

What does MUA stand for?

Answer 8

message user agent

Question 9

What does MTA stand for?

Answer 9

message transfer agent

Question 10

What does the MUA do?

Answer 10

connects a client to a mail system

Question 11

What does the MUA when using SMTP?

Answer 11

to send a mail to a message submission agent (MSA)

Question 12

What is a MSA?

Answer 12

message submission agent

Question 13

What does the MUA do when using POP or IMAP?

Answer 13

to retrieve the mail from the message store (MS)

Question 14

What does MS stand for?

Answer 14

message store

Question 15

What does MHS stand for?

Answer 15

message handling system

Question 16

What does the MHS do?

Answer 16

transfers a message from MSA to MS via one or more message transfer agents(MTAs)

Question 17

Give the diagram for the architecture i.t.o email security requirements

IMPORTANT

Answer 17

See slide 7 in set 20

Question 18

Comment on potential security threats i.t.o email security

Answer 18

Considering threats in the usual CIA categories

• -> Email content may require confidentiality and/or authentication
• -> Email service availability may be threatened

Metadata in the header is a significant source of information for an attacker

Question 19

What is spam?

Answer 19

Unsolicited bulk email (UBE)

A cheap form of advertising?

Common vector for phishing attacks

Question 20

What do countermeasures of span typically use?

Answer 20

email filtering

Question 21

Comment on the proposals to implement proof of work for preventing spam

Answer 21

The email sender must solve a moderately hard puzzle in order to have the mail accepted into MHS

e.g. Hashcash

Question 22

What kind of basis is security provided between different agents in the mail system on? What protocols are used?

Answer 22

link-by-link basis

STARTTLS and DKIM

Question 23

What kind of basis is security provided from client to client in the mail system on? What protocols are used?

Answer 23

end-to-end basis

PGP and S/MIME

Question 24

In terms of link and end-to-end security, what is the ideal situation?

Answer 24

both are used

Question 25

What standard is DKIM in?

Answer 25

RFC 6376 (2011)

Question 26

What does DKIM allow?

Answer 26

the sending mail domain to sign an outgoing mail using RSA signatures

Question 27

What can verify the origin of mail in DKIM?

Answer 27

receiving domain

Question 28

What uses DKIM?

Answer 28

Widely used by prominent email providers, including Gmail

Question 29

What does DKIM help to prevent?

Answer 29

email spoofing, and so to reduce spams and phishing

Question 30

What is the public key of the sending domain retrieved using in DKIM?

Answer 30

a DNS

Question 31

What does DNS stand for?

Answer 31

domain name system

Question 32

What does STARTTLS extend?

Answer 32

Extending mail protocols SMTP, POP an IMAP to run over TLS connections

Question 33

What type of security does STARTTLS provide?

Answer 33

link-by-link security, but not end-to-end security

Question 34

What is opportunistic TLS?

Answer 34

extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication

Question 35

What type of use of TLS encryption security is STARTTLS?

Answer 35

opportunistic

Question 36

What standard is IMAP and POP3 in?

Answer 36

RFC 2595

Question 37

What standard is SMTP in?

Answer 37

RFC 3207

Question 38

What uses STARTTLS?

Answer 38

prominent email providers, including Gmail and Microsoft Outlook

Question 39

What is STARTTLS vulnerable to?

Answer 39

STRIPTLS attacks

Question 40

What happens in a STRIPTLS attack?

Answer 40

An attacker interrupts TLS negotiation, and connection falls back to plaintext transmission

Question 41

What is PGP?

Answer 41

Pretty Good Privacy (PGP) is an encryption system used for both sending encrypted emails and encrypting sensitive files

Question 42

What does PGP protect?

Answer 42

mail message contents

Question 43

Explain the hybrid encryption in PGP

Answer 43

1) A new random “session key” is generated for each message | 2) The session key is encrypted with the long-term public key of the recipient

Question 44

What is used for signing in PGP?

Answer 44

RSA or DSA

Question 45

Is compression used in PGP?

Answer 45

Yes, with Zip

Question 46

What is the coding used in PGP? Why?

Answer 46

Coding using radix-64 to ensure that binary strings can be sent in the mail body

Question 47

Comment on the encryption of session keys in PGP **IMPORTANT**

Answer 47

encrypted using asymmetric encryption --> OpenPGP requires the support of Elgamal encryption and recommends the support of RSA encryption

Question 48

Comment on the encryption of message content in PGP **IMPORTANT**

Answer 48

encrypted using symmetric encryption --> OpenPGP requires the support of 3DES with 3 keys (168bits in total) and recommends the support of AES-128 andCAST5 (other algorithms are also defined)

Question 49

When is compression applied in PGP?

Answer 49

before encryption

Question 50

Can encryption be applied independently of signing in PGP?

Answer 50

Yes

Question 51

Why can encryption be applied independently of signing in PGP?

Answer 51

no requirement for authenticated encryption

Question 52

Comment on the signing of plaintext messages in PGP

Answer 52

Optionally signed with the sender's private key --> OpenPGP standard requires the support of RSA signatures and recommends the support of DSA signatures

Question 53

In PGP, what are RSA-signed messages hashed with?

Answer 53

SHA1 (in the standard) or with SHA2 hash functions

Question 54

In PGP, in a web of trust, who generates the users' public/private key pairs?

Answer 54

The users generate their own public/private keys pairs

Question 55

In PGP, in a web of trust, what are the public keys available on?

Answer 55

distributed key servers

Question 56

In PGP, in a web of trust, who can signed another user's public key?

Answer 56

Any PGP user, indicating their level of trust

Question 57

Who can revoke a user's key? How?

Answer 57

The user, by signing a revocation certificate with the revoked key --> users can also decide on the key expiration date when generating it

Question 58

Comment on the PGP uptake

Answer 58

Around 100 keys added per day on SKS keyserver pool Growth rate remains linear over past several years Around 60,000 keys in the strong set of keys with a trust path between any pair of keys

Question 59

What are the 3 main OpenPGP critisms

Answer 59

1) outdated cryptographic algorithms still used - -> SHA1, CAST5, etc 2) No support for SHA3 and authenticated encryption (e.g. GCM) 3) Lots of metadata available to eavesdropper - -> file length - -> used encryption algorithms - -> recipient key identity

Question 60

What are the similar features S/MIME have to PGP?

Answer 60

Authentication, integrity, non-repudiation (signature) and confidentiality (encryption) of the message body carried in SMTP messages

Question 61

Comment on the message format used in S/MIME

Answer 61

Different, not interoperable message format

Question 62

What is included in each message in S/MIME? Why?

Answer 62

Sender’s public key Used to verify the message

Question 63

What are used instead of Web of Trust in S/MIME?

Answer 63

X.509 certificates issued by CAs

Question 64

Which does NIST recommend, S/MIME or PGP? Why?

Answer 64

S/MIME rather than PGP because of greater confidence in CA system (compared to Web of Trust)

Question 65

Who supports S/MIME?

Answer 65

most popular mail clients

Question 66

Explain the authentication process in S/MIME **IMPORTANT**

Answer 66

See slide 26 in set 20

Question 67

What are the four guarantees of S/MIME? **IMPORTANT**

Answer 67

1) RSA guarantee 2) SHA-256 guarantee 3) Public key encryption 4) One-time mechanism

Question 68

Explain the authentication process in S/MIME **IMPORTANT**

Answer 68

See slide 28 in set 20

Question 69

Outline the RSA guarantee of S/MIME

Answer 69

R assured that only the owner of the private key can generates

Question 70

Outline the SHA-256 guarantee of S/MIME

Answer 70

R assured that no one else could generate a new digest that matches that h(m), and a signature of m

Question 71

Outline the public key encryption guarantee of S/MIME

Answer 71

``` No session (content-encryption) key distribution needed Only R can recover k ```

Question 72

Outline the one-time mechanism guarantee of S/MIME

Answer 72

Symmetric encryption approach is strengthened

Question 73

What is the benefit of combining symmetric cryptography and public key cryptography in S/MIME?

Answer 73

allows to reduce encryption time