S/MIME

(Secure/Multipurpose Internet
1
Mail Extensions)

S/MIME, Network Security

 Introduction
2

Traditional Email System use SMTP protocol(7 bit

ASCII representation,Text based) , defined in RFC
822.

internet
Text msg Recepient

RFC(Request for command) – Building block for

internet and network protocol.

S/MIME, Network Security

 MIME
3

 MIME (Multipurpose Internet Mail Extension)

 Permit user to send non-text files(Multimedia,doc etc..)

 Normal internet msg with some special headers , Adds 5

new Headers to email

S/MIME, Network Security

 MIME header in email message
4

Traditional email headers –(From, to,Subject,Date etc)

MIME version:1.1
Content type:Type/Sub type
Content-Transfer-encoding: Encoding type
Content-id: Message id
Content-Description:Textual Description

Email body

Eg: MIME Extension to an email msg

From:
To:
Subject
MIME-Version:1.0
Content-Type:image/gif
<Actual image data in the binary form such as R1j552d5sd5d5>
S/MIME, Network Security
 5

S/MIME, Network Security

S/MIME, Network Security 6
 SECURE/MULTIPURPOSE INTERNET MAIL
EXTENSION
7

A security enhancement to the MIME internet e-mail

format standard.

Is used inorder to protect email’s from phishing and

threats.
s/mime provides digital signatures and encryption of
email msg
Have S/MIME support in many mail agents
 eg MS Outlook, Mozilla, Mac Mail etc
S/MIME, Network Security
S/MIME, Network Security 8
 S/MIME Functionality
9

S/MIME is similar to PGP(Provide digital signature and

encryption of email messgaes)

enveloped data
 encrypted content and associated keys for one or more recipient.
signed data
 encoded message + Senders private key (digital signature)
clear-signed data(Similar to signed data)
 Encrypted content + Digital signature (Base 64 encoded)
signed & enveloped data
 nesting of signed & encrypted entities
S/MIME, Network Security
 S/MIME Cryptographic Algorithms
10

digital signatures: DSS & RSA

hash functions: SHA-1 & MD5
session key encryption: ElGamal & RSA
message encryption: AES, Triple-DES, RC2/40
and others
MAC: HMAC with SHA-1
have process to decide which algs to use

S/MIME, Network Security

S/MIME, Network Security 11
 S/MIME Messages
12

S/MIME secures a MIME entity with a signature,

encryption, or both.
 MIME entity is prepared (based on MIME rules)

 Processed by S/MIME along with security related

data(algorithms , digital signatures)

 Output called - PKCS object(Public Key Cryptography

Standard) considered as message content and wrapped inside
MIME with MIME headers.

S/MIME, Network Security

S/MIME, Network Security 13
S/MIME, Network Security 14
 S/MIME Additional Security Features
15

Signed Receipts
This message can be used as acknowledgement of original message
(recipient signs the entire message)
Security Labels
Security label added to msg to identify Sensitivity(how confidential),
access control(who can access) & priority (secret, confidential etc..)
Secure Mailing Lists
MLA(Mailing List Agent) is created to take over processing when
sender sends msg to multiple users. Original sender encrypt the msg only
once(with public key of MLA) and send it once(to MLA)

S/MIME, Network Security