Lab Assessment Worksheet: Overview of S/MIME E-Mail Protocol

IS3230 Lab 9 Assessment Worksheet
Chris Wiginton
ITT Technical Institute, Tampa FL
Instructor: David Marquez
15 May, 2014

1. Before S/MIME, administrators used a widely accepted e-mail protocol to transfer messages, Simple Mail Transfer Protocol (SMTP), which was inherently less secure. With S/MIME, administrators now have an e-mail option that helps provide greater security than SMTP, enabling widespread and secure e-mail connectivity.
S/MIME provides two security services:
•Digital signatures
•Message encryption
S/MIME solutions require a PKI to provide digital certificates with public key/private key pairs and enable certificate mapping in the Active Directory directory service. The S/MIME standard specifies that digital certificates used for S/MIME conform to the International Telecommunications Union (ITU) X.509 standard. S/MIME version 3 specifically requires that digital certificates conform to version 3 of X.509. Because S/MIME relies on an established, recognized standard for the structure of digital certificates, the S/MIME standard builds on that standard's growth and thus increases its acceptance. You can implement a PKI to support S/MIME in one of two ways: provision the internal certificate infrastructure to an external organization, or use Certificate Services in Microsoft Windows Server 2003/2008.
2. A Certification Authority (CA) is an organization whose function is to issue certificates. Its role is to confirm the identity of the party who is the subject of the certificate and attest that the public key in the generated certificate is the public key of the identified party.
3. Any time a security measure is based on trust, an attacker has the ability to subvert that trust and use it to his advantage. Trust subversion is any act that takes advantage of a relationship of trust between two parties. This encompasses specific spoofing attacks, masquerading, Man-in-the-middle and other attacks. By appearing as a trusted party, an attacker can gain important leverage over a situation and can often gain confidential information (phishing/sniffing) or even infect a target computer with malware.
4. EFS
5. Yes, once a file has been initially encrypted, file sharing is enabled through a new button in the user interface.
6. A key recovery system
7. SHA-1, or "Secure Hash Algorithm," is a hash algorithm, which means that it reduces the plaintext to a hash -- in this case, a 160 bit "signature" of the data. Use that any place you need to be sure the data is the same on both ends, but don't care who snoops it in the middle. Most people use md5 for this.
3DES, running Data Encryption Standard 3 times, is a symmetric block cipher. A block cipher breaks up the plaintext into pieces, and runs a reversible (two-way) encryption on it so that if you have the key, you can recreate the data from the cyphertext. This differs from SHA in that you can NOT recreate the data from an SHA hash.
8. Symmetric Encryption - A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.
Asymmetric Encryption - The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. Asymmetric encryption, in which there are two related keys--a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it.
9. Enterprises must take the time to look carefully at encryptions.
10. PGP is a proprietary encryption solution, and the rights to its software are owned by Symantec. GPG is another solution that follows the OpenPGP standards to provide an interface for end users to easily encrypt their files.