1 / 16

X-Sig: An Email Signing Extension for the Simple Mail Transport Protocol (SMTP)

X-Sig: An Email Signing Extension for the Simple Mail Transport Protocol (SMTP). Robert Rose 03/09/05. Overview. What is Email Signing? Motivation Previous Work Protocol Implementation Opportunities. What is Email Signing?. You receive an email, but how do you know who it’s from?

talon
Télécharger la présentation

X-Sig: An Email Signing Extension for the Simple Mail Transport Protocol (SMTP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. X-Sig: An Email Signing Extension for the Simple Mail Transport Protocol (SMTP) Robert Rose 03/09/05 Oregon State University

  2. Overview • What is Email Signing? • Motivation • Previous Work • Protocol • Implementation • Opportunities Oregon State University

  3. What is Email Signing? • You receive an email, but how do you know who it’s from? • Headers give clues, but they don’t tell whole story • Fact: there is no way reliable to determine who sent an email • An email signature: • Uses Public Key Cryptography (RSA/DSA/etc.) • Text of email is hashed • Hash is encrypted using sender’s private key • Encrypted hash is attached to the email • Sender is verified by decrypting the hash using the sender’s public key and checking the decrypted hash vs. a recalculated hash • For added security, a random value may appended added to the encrypted text Oregon State University

  4. Email Headers Return-Path: <automated@newegg.com> Received: from SMTP.magnellmail.net (smtp.magnellmail.net [65.119.30.157]) by acabar.cafwap.net (8.11.6/8.11.6) with SMTP id iAUBfYZ16904 for <rose@cafwap.net>; Tue, 30 Nov 2004 03:41:37 -0800 Received: from mail pickup service by e3ssl002 with Microsoft SMTPSVC; Tue, 30 Nov 2004 11:47:24 -0800 From: <automated@newegg.com> To: <rose@cafwap.net> Subject: Your Newegg.com Order information Date: Tue, 30 Nov 2004 11:47:24 -0800 Dear Robert Rose Thank you for shopping at Newegg.com. We are dedicated to providing customers with high quality merchandise at low prices and only the finest in customer service. Your purchase will be processed and shipped in approximately 24-48 hours and your specific order details have been provided below for your convenience. magnellmail.net  newegg.com? Oregon State University

  5. Motivation • Know exactly who is sending you email • Reduce/eliminate spam email • Spammers rely on “open relays” and invalid return email addresses to generate spam • If you could verify exactly where an email is coming from, spamming would no longer be an anonymous practice • We are NOT motivated to: • Protect email (encrypt the message itself) • Create something that is complicated • Create something that is not backwards-compatible with everything out there today Oregon State University

  6. Previous Work • S/MIME • IETF Secure Mail Standard based on PKC • Not backwards-compatible with existing email clients • S/MIME mail will appear as garbage • Not easy to implement, thus it’s mild acceptance • Does not address key distribution • MS Exchange Secure Email • Microsoft’s proprietary secure mail standard based on PKC • Backwards-compatible with existing email clients • Only implemented by Microsoft • Key distribution uses LDAP and/or Exchange • Requires you to know the sender’s LDAP server or be on the same Exchange server Oregon State University

  7. X-Sig is… • An email header for the signature • New header “X-Sig:” contains the hash of the email encrypted using the sender’s private key • Adding a single header is backwards-compatible • Existing email clients are free to ignore the header… the body of the email is unmodified • A key distribution mechanism • DNS MX records are leveraged as a means of retrieving a sender’s public key • An email client need only look up the MX record of the sender’s [supposed] domain and retrieve the public key over HTTP from the MX server • Thus, the sender’s public key must reside on the mail server for the domain they claim to be from Oregon State University

  8. X-Sig Header • Algorithm: • Generate MD5 hash for entire body of email • RSA encrypt this string using the sender’s private key • Encode the ciphertext as Base64 • Insert this string into the headers of the email • Example: • Body of email is “sent by rob\n” • MD5 is 865a2d220cadb041e25aeb6af250c5c6 X-Sig-Version: 1.0 (MD5-RSA) X-Sig: IRtKF2YO5EC0D85imV5FYCzgK5NK7DkvJ0uDQHKm/XaipIvfgec lTyi/RDBWisllgGkKz6EKGTbGFmS6xhUiRw== Oregon State University

  9. X-Sig Verification • Algorithm: • Generate MD5 hash of the body of the email • Query the sender’s mail server for public key • Lookup MX record (mailhost) • Get public key from http://mailhost/sig/?addr=sender@senderdomain • Decrypt the X-Sig header using the public key • Check generated MD5 vs. MD5 in plaintext • Example: • Sender is rob@mydomain.com • Get MX: dig MX mydomain.com returns mail.mydomain.com • Get pub key: http://mail.mydomain.com/sig/?addr=rob@mydomain.com • Check decrypted MD5 versus generated MD5 Oregon State University

  10. Prototype Implementation • X-Sig implemented using: • SquirrelMail: Open source PHP webmail application • OpenSSL: Used for it’s simple open source RSA library • Java: Java used as front-end for OpenSSL • Perl: Key retrieval implemented in Perl • User’s private key stored on mail server in ~/.sig.priv • User’s public key stored on mail server in ~/.sig.pub • When composing an email, SquirrelMail uses the user’s private key to encrypt the hash of the email • When reading an email, SquirrelMail attempts to retrieve the public key for the sender and check the hashes Oregon State University

  11. Demo: Composing an Email Oregon State University

  12. Demo: X-Sig Headers Return-Path: <usera@cafwap.net> Received: from acabar.cafwap.net (acabar.cafwap.net [192.168.0.1] (may be forged)) by acabar.cafwap.net (8.11.6/8.11.6) with ESMTP id iB11XvZ20663 for <rose@cafwap.net>; Tue, 30 Nov 2004 17:33:58 -0800 Received: from 207.55.100.3 (SquirrelMail authenticated user usera); by acabar.cafwap.net with HTTP; Tue, 30 Nov 2004 17:33:58 -0800 (PST) Message-ID: <61411.207.55.100.3.1101864838.squirrel@207.55.100.3> Date: Tue, 30 Nov 2004 17:33:58 -0800 (PST) Subject: Demo From: usera@cafwap.net To: rose@domain.com X-Sig-Version: 1.0 (MD5-RSA) X-Sig: IRtKF2YO5EC0D85imV5FYCzgK5NK7DkvJ0uDQHKm/XaipIvfgeclTyi/RDBWisllgGkKz6EKGTbGFmS6xhUiRw== User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Hey Rob, how's it going? I thought you might enjoy some Thomas Jefferson quotes: Banking establishments are more dangerous than standing armies. Oregon State University

  13. Demo: X-Sig Verification Mail is from “usera@cafwap.net,” so retrieve their public key: acabar<1>dig MX cafwap.net cafwap.net. 1254 IN MX 10 mail.cafwap.net. acabar<2>curlhttp://mail.cafwap.net/sig/?addr=usera@cafwap.net -----BEGIN PUBLIC KEY----- MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMi5WRl5HDIngpNzysAUzjR1WYuQ7Nki j09086z85X25nnKT7dFw1f/PB4YoiYn9ChV+WrUSk0vjYbtXor7GBEcCAwEAAQ== -----END PUBLIC KEY----- Decrypt the X-Sig header using this public key and check it against our own MD5 that we calculated Oregon State University

  14. Demo: Reading an email Oregon State University

  15. How does X-Sig Fight Spam? • Email must be sent from a valid email address • Spam mail is typically sent from an invalid email address • Invalid email addresses are immediately recognized as forged • Email is verified who it was actually sent by • DNS MX records are used to retrieve the sender’s public key • The public key is used to check the signature of the email • Invalid signatures are immediately recognized as forged If a large enough portion of Internet users adopt X-Sig: Email with an invalid signature or a forged address is spam Oregon State University

  16. Opportunities • Server-side signature generation • If the connection between the email client and the SMTP server is secured (e.g., Secure SMTP), then the server can generate the signature for the client • Server-side signature verification • Email gateways (SMTP servers) can perform signature verification before the email arrives at the client • Automated key generation • If signature generation and verification occurs only on the server then the server could automatically generate keys for the user If all three of these things are done… X-Sig becomes completely transparent to the user! Oregon State University

More Related