Security and Privacy Issues in Secure E-Mail Standards and Services

Security and Privacy Issues in Secure E-Mail Standards and Services

Lei Chen (Sam Houston State University, USA), Wen-Chen Hu (University of North Dakota, USA), Ming Yang (Jacksonville State University, USA) and Lei Zhang (Frostburg State University, USA)
DOI: 10.4018/978-1-60960-200-0.ch013
OnDemand PDF Download:
List Price: $37.50


Secure e-mail standards, such as Pretty Good Privacy (PGP) and Secure / Multipurpose Internet Mail Extension (S/MIME), apply cryptographic algorithms to provide secure and private e-mail services over the public Internet. In this article, we first review a number of cryptographic ciphers, trust and certificate systems, and key management systems and infrastructures widely used in secure e-mail standards and services. We then focus on the discussion of several essential security and privacy issues, such as cryptographic cipher selection and operation sequences, in both PGP and S/MIME. This work tries to provide readers a comprehensive impression of the security and privacy provided in the current secure e-mail services.
Chapter Preview

Ciphers And Standards

Cryptographic Ciphers and Security Protocols

Data Encryption Standard (DES) and Triple-DES

Proposals for government encryption and decryption standard were solicited in 1973 by the National Institute of Standards and Technology (NIST). In 1976, DES, based on the IBM Lucifer cipher which was developed by Feistel and his colleagues in the early nineteen seventies, was accepted as an official Federal Information Processing Standard (FIPS) for the U.S. and later other countries. DES is the predecessor of multiple cryptographic ciphers including RC5, Blowfish and CAST5.

Being an iterative symmetric key cipher, DES has relatively short key at 56 binary bits in length. In each of its 16 iterative rounds, DES takes a 64-bit data block and a 48-bit sub-key as the input and goes through a sequence of operating including Expansion, Substitution (S-Boxes) and Permutation (P-Boxes) producing 64-bit output. Only the S-Boxes are not linear in DES. Each of DES’ eight different S-Boxes converts a 6-bit input to a 4-bit output. The conversion table has 4 rows and 16 columns with 64 intersections each of which holds a possible output value. With 4 binary bits, the output from each S-Box can only have 16 (24) possible values. Therefore, each of these 16 values appears at four different intersections, making each S-Box a one-way function. In other words, a 6-bit input, with its first and last bits as the row index and the rest bits as the column index, of an S-Box locates a single intersection in the conversion table and further determines the 4-bit output value. However, knowing an output value only helps find the four possible appearances in the conversion table leaving the input value in vague. With 8 different S-Boxes in each round and 16 rounds in total, DES is basically irreversible. Due to the limited length of key in DES, Triple-DES or 3DES was introduced extending the key length to 112-bit in EDE mode and 168-bit in EEE mode. Before the emergence of AES, DES and 3DES had been the most popular symmetric key block ciphers.

Advanced Encryption Standard (AES)

AES, also known as the Rijndael algorithm, was announced by NIST in 2001 as the new standard symmetric block cipher to replace DES and 3DES. AES was selected out of fifteen proposed candidate algorithms and has become the most popular cipher of its kind. AES offers options of 128-bit, 192-bit and 256-bit key sizes depending on the number of rounds that the algorithm goes through in the encryption process. No successful or effective attack on the algorithm has been reported so far. However, Side Channel Attacks can be used to assail the implementation of the AES cipher on system which leaks data.

Message-Digest Algorithm 5 (MD5)

MD5 is a 128-bit hash function widely used in security applications to verify the integrity of data. It was designed by Ron Rivest in 1991 to replace MD4. The output hash value is often presented in 32-bit hexadecimal format which is easy to read and compare. One of the design goals of a successful hash function is that it needs to be extremely unlikely that two different inputs will generate the same hash. In 1993, MD5 was found that two different initialization vectors produce same digest. In 2006, an algorithm was published to find collisions in one minute on an average notebook computer. It is now recommended to use more reliable hash functions such as SHA.

Secure Hash Algorithm (SHA)

SHA is a set of cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard (FIPS). The various versions of SHA include SHA-0, SHA-1, SHA-2 and the future SHA-3. SHA-0 and SHA-1 both produce 160-bit digests and SHA-1 has been widely used in security applications and protocols since MD5 faded.

In 2005, an attack by Xiaoyun Wang and her colleagues was announced lowering the complexity of finding collisions (Wang et al, 2005) in SHA-1 to 269. In 2006, Christophe De Cannière and his fellow researchers were able to reduce the complexity to 235. Despite of the greatly reduced complexity in theoretical attacks, no practical attack has ever been conducted making SHA-1 still the most widely used hash function. Four SHA-2 functions, each of which has a different key size, were published by NIST in 2002. However, SHA-2 has not received much attention. An open competition was announced in the Federal Register in Nov. 2007 for a new SHA-3 function which is expected to become the new government standard for hash functions in 2012.


RSA, named after its three authors, is the first algorithm suitable for both signing and encryption. It was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. Unlike symmetric key ciphers, RSA makes use of factoring, modular and exponential operations in mathematics to generate a pair of keys, namely public key and private key. A private key, which is only known to its owner, is used for signing data, and the paired public key can be known to everyone for verifying the signature. A public key can also be used to encrypt data destined for the party who holds the paired private key. However, due to its relatively high complexity, it is often used to protect data of small size, e.g. using a public key to encrypt and protect a symmetric key.

Diffie-Hellman (D-H) Key Exchange

D-H (Stallings, 2006) is a cryptographic protocol that enables two communication parties, without previously sharing any information, to establish, using modular and exponential operations, a shared secret key over a public communication channel such as the Internet. D-H by itself suffers from the man-in-the-middle attacks where a third party in the middle establishes two distinct D-H key exchanges with the two end communication parties. Nevertheless, the immunity to such attacks can be achieved by allowing the two end parties to authenticate themselves to each other through the use of digital signatures prior to the D-H key exchange.

Message Authentication Code (MAC)

Message Authentication Code is basically a short piece of information for authenticating a message. A MAC algorithm, a keyed hash or cipher function, takes both the shared secret key and the message to be authenticated as inputs and outputs a MAC value, or a tag. The verifiers, who also possess the shared secret key, apply the same MAC algorithm to test the data integrity and authenticity of the message received. Depending on the type of algorithm used, MAC algorithms can be further categorized into HMAC (HMAC, 2002), as in HMAC-MD5 or HMAC-SHA-1 which uses hash functions MD5 or SHA-1, and CMAC, as in AES-CMAC (Song et al., 2006) which uses symmetric key cryptographic cipher AES.

Complete Chapter List

Search this Book: