Docstoc

e-mail-sender-authentication-slides.en

Document Sample
e-mail-sender-authentication-slides.en Powered By Docstoc
					E-Mail Sender Authentication

         Julian Mehnle
        julian@mehnle.net
           2007-05-09
                             Road Map


                                                              
                                       CSV         SPF        
             How                                  Sender ID
                                                                  The Good

                                                              
  The                  E-Mail                                                  Sender
Problem      SMTP    Identities                                     The Bad   Reputation
             works                                                 The Ugly

                                     DomainKeys
                                       DKIM
                                                    PGP
                                                   S/MIME      
                                  
                                                              
                                                               


2007-05-09                  E-Mail Sender Authentication                             1
                             Road Map


                                                              
                                       CSV         SPF        
             How                                  Sender ID
                                                                  The Good

                                                              
  The                  E-Mail                                                  Sender
Problem      SMTP    Identities                                     The Bad   Reputation
             works                                                 The Ugly

                                     DomainKeys
                                       DKIM
                                                    PGP
                                                   S/MIME      
                                  
                                                              
                                                               


2007-05-09                  E-Mail Sender Authentication                             2
    The Problem: Identity Forgery


Nearly all of e-mail abuse is accompanied by identity
forgery:
• ​Spammers want to avoid non-delivery notifications (bounces) to
   their real addresses.
• ​Fraudsters want to cover their tracks.
• ​Phishers (password fishers) want to impersonate well-known,
   trusted identities in order to steal passwords from users.
• ​Computer viruses want to cause confusion or just don’t care
   about which sender addresses they use.



2007-05-09            E-Mail Sender Authentication              3
      Effects of Identity Forgery

Victims get tricked into disclosing sensitive
information or losing money.

Innocent bystanders...
• get hit by tons of misdirected bounces,
• gain a bad reputation,
• ​have to disclaim liability for the abuse!

These effects might even be intended by the abuser
→ "joe jobs"!


2007-05-09          E-Mail Sender Authentication     4
         Why is Forgery possible?


So how could this happen in the first place?

SMTP (RFC 821) designed in 1981/1982. Everybody on the
Internet was a nice guy and trustworthy back then.

Thus: Lack of security and traceability in SMTP
Also: Lack of prosecution (bad laws, foreign countries)



2007-05-09           E-Mail Sender Authentication         5
                             Road Map


                                                              
                                       CSV         SPF        
             How                                  Sender ID
                                                                  The Good

                                                              
  The                  E-Mail                                                  Sender
Problem      SMTP    Identities                                     The Bad   Reputation
             works                                                 The Ugly

                                     DomainKeys
                                       DKIM
                                                    PGP
                                                   S/MIME      
                                  
                                                              
                                                               


2007-05-09                  E-Mail Sender Authentication                             6
     How E-Mail Transport works

              SMTP: transaction-based, hop-to-hop


                     outbound              inbound
                       MTA                   MTA

             MSA                                      message
                                                       store




  sender's                                                  receiver's
    MUA                                                       MUA


2007-05-09             E-Mail Sender Authentication                      7
   An SMTP Transaction Example
             Server 220 io.link-m.de ESMTP
             Client HELO gray.home.mehnle.net
                  S 250 io.link-m.de Ok.
                  C MAIL FROM:<julian@mehnle.net>      Envelope
                  S 250 Ok.                            (routing info)
                  C RCPT TO:<alice@aol.com>
                  S 250 Ok.
                  C DATA
                  S 354 Ok.
                  C From: Julian <julian@mehnle.net>
                    To: Alice <alice@aol.com>
                    Subject: Did you this?             Message
                                                       (payload)
                     Look: http://...
                     .
                 S   250 Ok. 4640A8D2.00003764
                 C   QUIT
                 S   221 Bye.

2007-05-09              E-Mail Sender Authentication                    8
                             Road Map


                                                              
                                       CSV         SPF        
             How                                  Sender ID
                                                                  The Good

                                                              
  The                  E-Mail                                                  Sender
Problem      SMTP    Identities                                     The Bad   Reputation
             works                                                 The Ugly

                                     DomainKeys
                                       DKIM
                                                    PGP
                                                   S/MIME      
                                  
                                                              
                                                               


2007-05-09                  E-Mail Sender Authentication                             9
                    Envelope Identities


MTA responsible               220 io.link-m.de ESMTP
                              HELO gray.home.mehnle.net
Envelope sender               250 io.link-m.de Ok.
(origin mailbox vs.           MAIL FROM:<julian@mehnle.net>   Envelope
return-path / bounces-to)     250 Ok.                         (routing info)
                              RCPT TO:<alice@aol.com>
Envelope recipient            250 Ok.
(destination mailbox)         ...




 2007-05-09                 E-Mail Sender Authentication                  10
                      Header Identities

     Identities in the message header serve display purposes only!


Author
(responsible party)
                        From:            Julian <julian@mehnle.net>
Sender                  Sender:          Julian (Home) <julian@home.mehnle.net>
(sending party)         To:              Alice <alice@aol.com>
                        Subject:         Did you see this?
Recipient
                        Look: http://...
                                                                      Message
                                                                        (payload)




 2007-05-09               E-Mail Sender Authentication                      11
                      Header Identities                    (2)


                         When re-sending a message:
Author
(responsible party)
                         Resent-From:     Alice <alice@aol.com>
Sender                   Resent-Sender:   Alice (Work) <jane@corp.com>
(sending party)          Resent-To:       Jane <jane@yahoo.com>
                         From:            Julian <julian@mehnle.net>
Recipient                Sender:          Julian (Home) <julian@home.mehnle.net>
                         To:              Alice <alice@aol.com>
Original parties         Subject:         Did you see this?

                         Look: http://...
                                                                       Message
                                                                         (payload)




 2007-05-09                E-Mail Sender Authentication                     12
   Envelope vs. Header Identities


                             Envelope                 Header
                             identities              identities


             Used by MTA    for routing                    —
                                                      (Well, there’s
                                                     SpamAssassin...)




             Used by MUA           —                 for display




2007-05-09            E-Mail Sender Authentication                      13
                             Road Map


                                                              
                                       CSV         SPF        
             How                                  Sender ID
                                                                  The Good

                                                              
  The                  E-Mail                                                  Sender
Problem      SMTP    Identities                                     The Bad   Reputation
             works                                                 The Ugly

                                     DomainKeys
                                       DKIM
                                                    PGP
                                                   S/MIME      
                                  
                                                              
                                                               


2007-05-09                  E-Mail Sender Authentication                           14
             Sender Authentication

      "Authority declares, recipient adheres."
       (Identity owner)


The identity owner is the authority over what constitutes
"authenticity" with regard to their identity, publishes information
for recipients to determine.

Newer methods authenticate domain names, thus publish
declarations in DNS, which has appropriate semantics (hierarchical
control, caching/TTLs), is omnipresent (behind firewalls, ...), light-weight
(but also: inherent reliability, security issues).



2007-05-09                E-Mail Sender Authentication                    15
                             Road Map


                                                              
                                       CSV         SPF        
             How                                  Sender ID
                                                                  The Good

                                                              
  The                  E-Mail                                                  Sender
Problem      SMTP    Identities                                     The Bad   Reputation
             works                                                 The Ugly

                                     DomainKeys
                                       DKIM
                                                    PGP
                                                   S/MIME      
                                  
                                                              
                                                               


2007-05-09                  E-Mail Sender Authentication                           16
     Client SMTP Validation (CSV)

Initiative:
   Dave Crocker et al. (2003-2004), http://www.bbiw.net/CSV/

Scope:
   Authorize hosts to act as responsible MTAs for a given HELO
   domain name (→ protects HELO,
   applies at SMTP transaction time)

Form of declaration:
   1..n SRV records for "_client._smtp.<name>"         (name to protect),
   listing names of authorized hosts



2007-05-09              E-Mail Sender Authentication                        17
                   CSV Example

example.com.                        A      192.168.0.1
mta.example.com.                    A      192.168.0.2

_client._smtp.example.com.     SRV 1 2 0 example.com.
_client._smtp.example.com.     SRV 1 2 0 mta.example.com.
_client._smtp.mta.example.com. SRV 1 2 0 mta.example.com.


Only 192.168.0.1, 192.168.0.2 may say "HELO example.com".
Only 192.168.0.2 may say "HELO mta.example.com".



2007-05-09          E-Mail Sender Authentication            18
                             Road Map


                                                              
                                       CSV         SPF        
             How                                  Sender ID
                                                                  The Good

                                                              
  The                  E-Mail                                                  Sender
Problem      SMTP    Identities                                     The Bad   Reputation
             works                                                 The Ugly

                                     DomainKeys
                                       DKIM
                                                    PGP
                                                   S/MIME      
                                  
                                                              
                                                               


2007-05-09                  E-Mail Sender Authentication                           19
  Sender Policy Framework (SPF)

Initiative:
   Meng Weng Wong et al. (2003-2006), http://www.openspf.org
   (initially based on Reverse MX, 2002-2004)


Scope:
   Authorize hosts to act as responsible MTAs for a given HELO
   domain name, or to use a given domain name in the envelope
   sender (→ protects HELO, MAIL FROM, applies at SMTP
   transaction time)

Form of declaration:
   TXT (or SPF) record for "<name>"      (name to protect),
   specifying authorized hosts


2007-05-09                 E-Mail Sender Authentication          20
                      SPF Example

             example.com.        A      192.168.0.1
             mta.example.com.    A      192.168.0.2
             example.com.        MX     1 mta.example.com.

             example.com.        TXT "v=spf1 a mx -all"
             mta.example.com.    TXT "v=spf1 a -all"

Only 192.168.0.1, 192.168.0.2 may say "HELO example.com"
or "MAIL FROM:<...@example.com>".
Only 192.168.0.2 may say "HELO mta.example.com"
or "MAIL FROM:<...@mta.example.com>".


2007-05-09              E-Mail Sender Authentication         21
             SPF Record Anatomy

                            (explicit) Qualifiers
                              (determine SPF result)


        v=spf1 -ip4:10.0.1.1 a:mail.example.org mx ?all


Version                            Mechanisms
                               (describe sending policy)


   v=spf1 exists:%{l}._spf.%{d} –all exp=%{ir}.%{v}.e.%{d}

                     Macros
                (parameterize lookups             Modifier
                   with input data)              (side effects)


2007-05-09               E-Mail Sender Authentication             22
                    SPF Result Codes

 Qualifier Result Code Meaning
      +      Pass         Host is authorized to use domain name
                          (default qualifier)
      -      Fail         Host is prohibited to use domain name

      ~      SoftFail     Host is discouraged from using domain name

      ?      Neutral      No assertion is being made for host
             PermError    A permanent error occurred,
                          e.g. the policy is invalid
             TempError    A transient error occurred,
                          e.g. a DNS problem
             None         No sender policy has been published


2007-05-09               E-Mail Sender Authentication                  23
                   SPF Mechanisms

Mechanism    Meaning                                       Examples
ip4          Immediate IPv4 address or net block           ip4:192.168.0.1
                                                           ip4:192.168.0.0/24
ip6          Immediate IPv6 address or net block           ip6:fef0::1
a            Look up IP address from A record              a
                                                           a:mta.example.com
mx           Look up IP address from MX record             mx
exists       DNS blocklist-style lookup on input           exists:%{ir}._spf.%{d}
             data (e.g. sending host's IP address)
include      Include policy of another domain              include:example.com
all          Match any host unconditionally                all



2007-05-09                  E-Mail Sender Authentication                         24
              SPF Odds & Ends


• ​Specifies only sender policy, not receiver policy
• ​Localpart granularity possible via %{l} macro
• Currently ~7% of all domains, ~35% of all messages
  covered
• Spammers have been among the earliest adopters
  due to receivers' bad understanding
  ("SPF Pass" ≠ "message is not spam"!)



2007-05-09         E-Mail Sender Authentication        25
                         Sender ID

Initiative:
   Microsoft (2004-2005), http://www.microsoft.com/senderid
   (embrace & extend mutation of SPF)

Scope:
   Authorize hosts to use a given domain name in the envelope
   sender or header identities (→ protects MAIL FROM, PRA,
   applies at SMTP transaction or delivery time)

Form of declaration:
   TXT (or SPF) record for "<name>"   (name to protect),
   specifying authorized hosts


2007-05-09              E-Mail Sender Authentication            26
             Sender ID: "spf2.0/pra"
Sender ID mutates version tag: "spf2.0", followed by
list of scopes ("mfrom", "pra"), e.g.: spf2.0/mfrom,pra
Drops SPF's implicit HELO scope.
Introduces PRA identity        (patented!):
    Rough algorithm: choose first existing header field of
    – ​Resent-Sender
    – ​Resent-From
    – ​Sender
    – ​From
    Aims at protecting display header fields,
    but really only protects Resent-Sender.

Otherwise identical to SPF.
2007-05-09             E-Mail Sender Authentication          27
                             Road Map


                                                              
                                       CSV         SPF        
             How                                  Sender ID
                                                                  The Good

                                                              
  The                  E-Mail                                                  Sender
Problem      SMTP    Identities                                     The Bad   Reputation
             works                                                 The Ugly

                                     DomainKeys
                                       DKIM
                                                    PGP
                                                   S/MIME      
                                  
                                                              
                                                               


2007-05-09                  E-Mail Sender Authentication                           28
              DomainKeys / DKIM

Initiative:
   DK:   Yahoo (2005-2007), http://antispam.yahoo.com/domainkeys
   DKIM: Yahoo, Cisco, IETF (merger of DK & IIM), http://www.dkim.org

Scope:
   Authenticate messages originating from a given header identity
   domain via cryptographic signatures (→ protects From/Sender
   headers, applies at SMTP transaction, delivery, or MUA time)

Form of declaration:
     • ​DomainKey-Signature/DKIM-Signature message headers
     • TXT record for "<selector>._domainkey.<name>" (selector from
        message, name to protect), containing public signing key


2007-05-09              E-Mail Sender Authentication               29
                       DKIM Example

DKIM-Signature: a=rsa-sha256; d=example.net; s=brisbane;
    c=simple; q=dns/txt; i=@eng.example.net;
                                             Headers           Selector
    t=1117574938; x=1118006938;                 Domain Body hash
                                             covered by signature
    h=from:to:subject:date;
                                                              of canonicalized body
    bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=;
    b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZVoG4ZHRNiYzR

                                                                Public key
                                                          Signature
brisbane._domainkey.example.net. TXT (
                      "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ"
                      "KBgQDwIRP/UC3SBsEmGqZ9ZJW3/DkMoGeLnQg1fWn7/zYt"
                      "IxN2SnFCjxOCKG9v3b4jYfcTNh5ijSsq631uBItLa7od+v"
                      "/RtdC2UzJ1lWT947qR+Rcac2gbto/NMqJ0fzfVjH4OuKhi"
                      "tdY9tf6mcwGjaNBcWToIMmPSPDdQPNUYckcQ2QIDAQAB"
)


2007-05-09                 E-Mail Sender Authentication                      30
                   DK/DKIM Protocol

Domain owner...
• ​publishes public key in TXT DNS record,
• ​canonicalizes outgoing messages (headers/body)
    (simple, relaxed algorithms)
• ​signs messages with private key, adds signature header.

Recipient...
•   ​reads domain and selector from message's signature header,
•    ​fetches public key from DNS,
•     ​reproduces message canonicalization & hash,
•      ​verifies signature.


2007-05-09                   E-Mail Sender Authentication         31
             DK/DKIM Odds & Ends


• Currently no sender policy          (nor receiver policy)
   (however, Sender Signing Policy (SSP) under debate)
• ​User-level granularity possible
• Signature headers transparent to old MUAs
   (cf. S/MIME, PGP/MIME)
• ​Patented, but liberal license (supposedly GPL-compatible)
• No deployment statistics  (but significantly less than SPF)



2007-05-09               E-Mail Sender Authentication            32
                             Road Map


                                                              
                                       CSV         SPF        
             How                                  Sender ID
                                                                  The Good

                                                              
  The                  E-Mail                                                  Sender
Problem      SMTP    Identities                                     The Bad   Reputation
             works                                                 The Ugly

                                     DomainKeys
                                       DKIM
                                                    PGP
                                                   S/MIME      
                                  
                                                              
                                                               


2007-05-09                  E-Mail Sender Authentication                           33
                    PGP & S/MIME
Initiative:
   PGP:    Philip Zimmermann (1991-1998)
   S/MIME: IETF (1998-present)
   http://www.imc.org/smime-pgpmime.html

Scope:
   Authenticate messages originating from a given author via
   cryptographic signatures (→ protect individuals/organizations,
   apply at MUA time)

Form of declaration:
     • Signatures in the message body or as MIME attachments
     • PGP: manual & immediate key exchange, key servers
     • S/MIME (X.509): CAs (hierarchical PKI), CA certificates
       distributed with client software
2007-05-09             E-Mail Sender Authentication              34
                 PGP & S/MIME                          (2)


• ​Full message cryptography (also encryption)
• ​Very strict but powerful canonicalization
   (understands MIME structure)
• ​Individual/org-level granularity
   (though domain-level possible, see HTTPS)
• Public key distribution difficult, not standardized,
   however:
   RFC 4398: Storing Certificates in the Domain Name System (DNS)
• ​Not fully transparent to old MUAs (MIME attachments)
• ​Not widely deployed (just yet, hopefully)

2007-05-09              E-Mail Sender Authentication                35
 The Good, the Bad, and the Ugly

             Who gets to the gold treasure first?
     Er, who solves the forgery problem first?

SPF...
• "breaks" on alias-style forwarding
                    Path Authentication
• requires continued survey of sending infrastructure
                                -vs-
• protects only the envelope identities
                 Payload Authentication
DK/DKIM, PGP, S/MIME...
• "break" on message mutilation (e.g. mailing lists)
• requires cryptography → higher CPU load
• does not protect the envelope identities


2007-05-09             E-Mail Sender Authentication     37
 The Good, the Bad, and the Ugly                              (2)


             Well... OK, let's collaborate!*
                       (*as long as I benefit)
SPF...
• is light-weight (no cryptography)
• tolerates message mutilation
• protects the envelope identities
DK/DKIM...
• protects displayed identities
• tolerates forwarding
PGP & S/MIME...
• protects individual/org (=real) identities regardless of domain
  and e-mail address (=artificial) ones.
• tolerates forwarding

2007-05-09             E-Mail Sender Authentication                 38
             A Ring to Bind Them
Problems:
• Overcome notion of "single final solution"
• Coordination protocol required!

Thus:
Identity owner is the authority, must be able to specify
various auth methods! → SPFv3?

Receivers should implement all (most) methods, plus
forwarder white-listing (configuration protocol?)

Forwarders should learn how not to mutilate messages!
"Mutilation best practices"?
2007-05-09           E-Mail Sender Authentication          39
                             Road Map


                                                              
                                       CSV         SPF        
             How                                  Sender ID
                                                                  The Good

                                                              
  The                  E-Mail                                                  Sender
Problem      SMTP    Identities                                     The Bad   Reputation
             works                                                 The Ugly

                                     DomainKeys
                                       DKIM
                                                    PGP
                                                   S/MIME      
                                  
                                                              
                                                               


2007-05-09                  E-Mail Sender Authentication                           40
                 Sender Reputation

                  Sender authentication is nice,
             but how do we solve the spam problem?

                               Reputation!
                (already exists with IP address granularity)

Authenticated identities lift reputation to domain or individual
granularity.

From the abuser's PoV, IP addresses are cheaper than domains
→ Domain/individual reputation reduces efficacy of zombie nets
(maybe even reduces incentive to mass-hack PCs?)



2007-05-09                 E-Mail Sender Authentication            41
             Sender Reputation                        (2)




Beware:
• rep("domain.org") ≠ rep("domain.org") (in general)
  The identity type matters!
• Throw-away domains are still cheap and quick to register
  → highly dynamic (shared) reputation systems required
• Abuse characteristics of domains/individuals differs from that
  of IP addresses, so new lessons need to be learned!




2007-05-09             E-Mail Sender Authentication                42
                  !?
               You can't stop the signal! ;-)
"v=spf1 ip6:09F9:1102:9D74:E35B:D841:56C5:6356:88C0 -all"

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:11
posted:11/24/2011
language:English
pages:44