Network Security
Total Page:16
File Type:pdf, Size:1020Kb
Network Security
CMPE 209 – Spring 2009
Prof. Richard Sinn
Team Presentation
(03/03/2007)
Submitted By
Bepsy Paul Menachery ([email protected]) Divya Panchal ([email protected])
1 TABLE OF CONTENTS
1. Introduction...... 3 2. What is IMAP...... 3 2.1 State and Flow Diagram...... 3 3. Comparison of IMAP and POP3...... 5 4. Analysis of IMAP Security...... 6 5. Present and Future of IMAP...... 8 6. Summary...... 8 7. References...... 9
2 1. Introduction This is a research paper about IMAP protocol, which is used in email servers and clients for accessing emails. This document describes the IMAP protocol and its states, its advantages over similar protocol POP3, an analysis of IMAP security, and future of IMAP and summary of the report. 2. What is IMAP IMAP stands for Internet Message Access Protocol. It is the most popular Internet Standard Protocol for retrieving email. The other protocol is POP3 (Post Office Protocol). IMAP4 version 1 protocol defined in RFC 3501 will assume a reliable data stream which is provided by TCP and will listen on port 143. It allows a client to access email messages that are on a remote server. IMAP will support both online, offline and disconnected mode of operation.
Using IMAP, one can keep all of their emails on the local computer. IMAP will also work if there is a combination with Webmail. This will allow checking email from any web browser on any computer that has an Internet connection.
2.1 State and Flow Diagram An IMAP connection consists of an establishment of a client/server network connection. There is an initial greeting from the server which is followed by client/server interaction. The interaction consists of client command, server data, and server completion result response. All these interactions are in forms of lines that are strings that end with CRLF. The operation will begin with a client command. Each command is prefixed with a unique identifier that is called a tag. For each client command a different tag is generated. The server will respond back with a “+” token prefixed to it if it is ready. The protocol receiver of IMAP server will read the command line, parse the arguments and the commands and will transmit the server data and server command completion result response. If there is command incompletion then server will respond with “*” token prefixed to it and they are called untagged responses. Refer Figure 1 below for details.
Client Server
Client Command [tag] [string line]
Server Command [tag] [+] or [*] [string]
Figure 1
3 After the connection gets established between the client and the server, it will be in one of the four states. The four states are Not Authenticated, Authenticated, Selected and Logout state. The initial state will be identified in the server greeting. Certain commands will be valid only in certain states and it will result in protocol error for the client if an attempt is made if the connection is not in an appropriate state.
1.1.1 Not Authenticated State In this state the client MUST supply authentication credentials before the commands can be permitted. This state is entered when the connection starts otherwise the connection has to be pre-authenticated.
1.1.2 Authenticated State The client will be authenticated in this state. The client MUST select the mailbox to access before the commands are permitted that will affect the messages to be seen. When a pre-authenticated connection starts this state will be entered or when the authentication credentials are provided or after an error to select a mailbox or after CLOSE command is successful. Refer the Figure 2 below for details
1.1.3 Selected State A mailbox will be selected to access in this state. This state is entered only when a mailbox is successfully selected.
1.1.4 Logout State The connection will be terminated in this state. This state is entered because the client has made a request to logout through the LOGOUT command. When the client will request a logout state the server MUST send an untagged BYE response. The server will also send a tagged OK response to the LOGOUT command before closing the connection. The client MUST read the tagged OK response to the LOGOUT command before it closes the connection.
A server MUST NOT close the connection unless it sends out an untagged BYE response as this will contain the reason for why it is doing so. A client SHOULD NOT close the connection by itself. It SHOULD issue a LOGOUT command. If the server detects that the client has closed the connection by itself then the server MAY omit the untagged BYE response and can close the connection.
(1) Connection without pre-authentication (OK greeting) (2) pre-authenticated connection (PREAUTH greeting) (3) rejected connection (BYE greeting) (4) Successful LOGIN or AUTHENTICATE command (5) Successful SELECT or EXAMINE command (6) CLOSE command, or failed SELECT or EXAMINE command (7) LOGOUT command, server shutdown, or connection closed
4
Connection Establishment
Server Greeting
1
Not Authenticated 2 4 3 Authenticated 6 5 7 Selected
Logout
Both sides close the connection
Figure 2 3. Comparison of IMAP and POP3
Features IMAP POP Where will INBOX be stored? Email Server Email Server
Where will Mail Folders be Email Server Usually on User's stored? own local desktop
Can Mail Folders be created on Yes No, only on User's Mail Server? own local desktop Can Mail Folders be created on Yes Yes local desktop? Can Mail Folders be accessed Yes No, only on the lo- from different computers, like cal desktop the the from home, from office, or mail being saved from oversea?
Examples Netscape Mes- Eudora senger Outlook Ex- Outlook 97, etc
5 press Outlook 2000 Outlook 98 PINE
MailDrop, etc 4. Analysis of IMAP Security Security for IMAP implementations are mainly authentication and encryption. The basic IMAP authentication process passes the username and password in clear text. Using the Simple Authentication and Security Layer (SASL) library, the authentication process can be secured.
One of the SASL mechanisms is using Kerberos authentication. There are few disadvantages with this method. This will not provide the actual data security because the message content is not encrypted. Need to run a Kerberos server on the server side. Also the encrypted password string is transmitted over the internet. A hacker with adequate tools can crack the encryption.
Can use SSH for securing the IMAP request to server. The client runs on local host port of the local machine instead of server port 143. Client makes an SSH connection to the port on remote host. It will encrypt the messages going from client to remote host. Messages from remote host to IMAP server is not encrypted if the IMAP server is not running on the remote host. Figure3 below has details of this mechanism
Figure 3
6 To encrypt and protect every communication between IMAP client and server, use of SSL is the best option. Using OpenSSL library, this can be easily achieved. Using OpenSSL library, a client can create own certificate authority (CA). Then generate SSL certificates which are signed using this CA.
Example: ./openssl genrsa -des3 -out ../private/ca.key 1024 ./openssl req -new -x509 -days 365 -key ../private/ca.key -out ../pri- vate/ca.crt ./openssl req -new -key ../private/server.key -out ../private/server.csr /usr/src/mod_ssl-2.8.1-1.3.19/pkg.contrib/sign.sh server.csr
If the IMAP server is not enabled for SSL connection, a partial solution is using SSL wrapper. An example of SSL wrapper is stunnel. This along with OpenSSL will allow the client and server which are not natively capable of communicating using SSL, to tunnel the traffic through SSL.
In some implementations, the password information is stored in the memory space of the imapd process. By setting the maximum core file size to zero for impad process, this can be prevented. Thus no one can recover the password by creating a core dump.
Among the IMAP command list, using the STARTTLS command, provides the necessary security needed for the connection. Issuing STARTTLS command will start the TLS connection to server. In the UNAUTHENTICATE state, if this command is used, it will not move to AUTHENTICATE state until the SSL connection is complete.
After issuing the STARTTLS command, the client discards cached server capabilities in- formation to prevent the man-in-the-middle attack. Server can send different capabilities after SSL connection completes.
In the absence of any securing mechanism, the LOGIN command should not be permitted on client side. Because LOGIN command sends username and password in clear text. Server should advertise LOGINDISABLED in capabilities to prevent the client from us- ing this command.
There are certain cipher suites which need to be implemented for any IMAP protocol suite. The cipher suite TLS_RSA_WITH_RC4_128_MD5 [TLS] is a MUST for both client and server implementations. They SHOULD implement the cipher suite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [TLS]. This will ensure the inter- operability between different implementations. Other cipher suites are optional.
During the TLS negotiation, the client should verify the server name with the server’s identity present in the server certificate to prevent man-in-the-middle attack. If the verification fails, the client should ask for explicit identity confirmation or terminate the connection.
None of the termination should reveal the reasons of failure. The failed LOGIN/AUTHENTICATION attempts should be rate limited or delayed.
7 5. Present and Future of IMAP Many implementations of IMAP are available for desktops and laptops today. IMAP is using as a backend for web email interfaces and the client markets for PDAs, Palm OS and Windows CE are opening up. Internet messaging products are using IMAP these days. Cell phones are offering IMAP services, but their usability is still in debate.
In future, IMAP will be useful in universal multi-device connectivity applications. It is best suited for accessing mail boxes from different devices simultaneously. POP will not scale as much in this situation. IMAP will be equally important in both back-office and front end client based user interfaces. With the internet moving towards transparency with respect to ip address, netmask and mail access protocols, IMAP will be a significant player in these markets.
6. Summary IMAP is the mail access protocol widely used in email servers and clients. The basic IMAP protocol sends all information in clear text. IMAP can be secured using different encryption and authentication mechanisms like Kerberos, SSH, SSL etc. There are specific commands used for securing the IMAP exchanges. The future of IMAP is very promising because of the demand for universal multi-device connectivity and developing transparency in internet communication.
8 7. References http://tools.ietf.org/html/rfc3501 http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol http://www.ust.hk/itsc/email/tips/imap-or-pop.html http://www.coruscant.demon.co.uk/mike/imap/security.html http://security.fi.infn.it/tools/stunnel/index-en.html
Managing IMAP, 1st Edition by Dianna Mullet; Kevin Mullet
9