S/MIME

S/MIME [SMIME] fournit une méthode cohérente pour envoyer et recevoir des données MIME et il offre des services de sécurité cryptographiques pour les applications de messagerie électronique tel que l’authentification, l'intégrité, la confidentialité et la non répudiation.

MIME Parts RFC 822 Enveloppe S/MIME Base64 Encoding CMS Object SignedData

Figure 7.7. Le format du message SMIME

Les messages S/MIME sont une combinaison d’entité MIME et des objets CMS82 [CSM]. Par contre, des restrictions sont définies sur l’utilisation des objets CMS. En effet, S/MIME n’utilise actuellement que les objets "content-types", "data", "signed-data" et "enveloped-data".

Nous nous intéressons à l’objet signed-data. La norme S/MIME définit trois types d’attributs "signedAttributes" (ils font partis des données signés) liés à cet objet :

• SigningTime : contient l’heure à laquelle la signature a été générée au format UTCTime. • sMIMECapabilities : contient les informations relatives aux algorithmes de signature et de

chiffrement.

• sMIMEEncryptionKeyPreference : permet de désigner sans ambiguïté la clé de chiffrement utilisée.

Les informations liées à la signataire sont représentées dans le champ SignerInfo. Ce champ contient, entre autres, les paramètres SignerIdentifier et version.

Le paramètre SignerIdentifier identifie le certificat de la signataire et il contient l’un des deux paramètres suivantes :

• IssuerAndSerialNumber : identifie un certificat, et de ce fait une entité et une clé publique. Cet identificateur est établi grâce au nom distingué de l'émetteur du certificat et au numéro de série spécifique du certificat.

• subjectKeyIdentifier : identifie le certificat du destinataire par la valeur subjectKeyIdentifier de l’extension X.509.

Le paramètre version est la syntaxe correspondante au numéro de version. Si le champ

SignerIdentifier correspond à issuerAndSerialNumber, alors la version doit être 1. Si le champ SignerIdentifier correspond à subjectKeyIdentifier, alors la version doit être 3.

Liste des publications

Internet-Draft (contributions à l’IETF)

[Bad0] P. Eronen (editeur), H. Tschofenig (editeur), M. Badra (auteur), O. Cherkaoui (auteur), I. Hajjeh (auteur), A. Serhrouchni (auteur), "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", IETF Internet Draft, draft-ietf-tls-psk-02.txt, (Proposed Standard) September 2004.

[Bad1] M., Badra, O., Cherkaoui, I., Hajjeh, and A., Serhrouchni, "Pre-Shared-Key Key Exchange Methods for TLS", draft-badra-tls-key-exchange-00.txt, Internet Engineering Task Force Draft, July 2004. [Bad2] M., Badra, A., Serhrouchni, and P., Urien, "TLS Express", draft-badra-tls-express-00.txt, Internet Engineering Task Force Draft, July 2004.

[Bad3] M., Badra, and P., Urien, "EAP-Double-TLS Authentication Protocol", draft-badra-eap-double-tls- 00.txt, Internet Engineering Task Force Draft, May 2004.

Revue

[Bad4] M., Badra, A., Serhrouchni and P., Urien, "A Lightweight Identity Authentication Protocol for Wireless Networks", special issue of Computer Communications on topics in wireless/mobile security and performance. Volume 27/17. Pages: 1738-1745.

[Bad5] M. Badra, I. Hajjeh, and A. Serhrouchni, "Using Pre-Shared-Keys within TLS for Wireless Authentication", Paper submitted to IEEE Transactions on Wireless Communications.

Proceeding

[Bad6] M., Badra, and P., Urien, "Enhancing WLAN Security by Introducing EAP-TLS Smartcards", IADIS WWW/Internet 2004 Conference, Madrid, Spain, 6-9 October 2004. to appear

[Bad7] P., Urien, M., Badra, and M., Dandjinou, "EAP-TLS Smartcards, from Dream to Reality", the fourth IEEE workshop on Applications and Services in Wireless Networks, IEEE ASWN 2004, Boston, Massachusetts, USA.

[Bad8] M., Badra, and P., Urien, "Introducing SmartCards to Remote Authenticate Passwords using Public Key Encryption", 2004 IEEE Sarnoff Symposium on Advances in Wired and Wireless Communications 2004, NJ, USA. Pages: 123-126.

[Bad9] M., Badra, and P., Urien, "Toward SSL integration in SIM SmartCards", IEEE Wireless Communications and Networking Conference, IEEE WCNC 2004, Atlanta-Georgia USA. ISBN 0-7803- 8345-1 (CD-ROM).

[Bad10] M., Badra, Ph., Godlewski, A., Serhrouchni and P., Urien, "Une méthode comparative pour établir des solutions de sécurité basées sur SSL-WTLS", IEEE SETIT 2004, International Conference Sciences of Electronic, Technology of Information and Telecommunications, Sousse, Tunis.

[Bad11] M., Badra, and A., Serhrouchni, "Light TLS: Extended Handshake for Wireless Communications", Fifth International Conference on Mobile and Wireless Communications Networks, MWCN 2003, Singapore. pp. 63-67.

[Bad12] M., Badra, and A., Serhrouchni, "A New Secure Session Exchange Key Protocol For Wireless Communications", the 14th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, IEEE PIMRC2003, Chine. pp. 2765 – 2769.

[Bad13] M., Badra, P., Godlewski, and A., Serhrouchni, "Extended Wireless Transport Layer Security", the third IEEE workshop on Applications and Services in Wireless Networks, IEEE ASWN 2003, Switzerland. pp. 35-45.

[Bad14] M., Badra and P., Godlewski. "SSL et WTLS : Etude Analytique et Comparative", 2nd Conference on Security and Network Architectures, SAR02, Marrakech (Maroc), July 2002.

Liste des acronymes

3GPP 3rd Generation Partnership Project APDU Application Protocol Data Unit AES Advanced Encryption Standard

AH Authentication Header

BSS Basic Set Service

CA Certificate Authority

CHAP Challenge-Handshake Authentication Protocol CMS Cryptographic Message Syntax

CRC Cyclic Redundancy Check

CSMA/CD Carrier Sense Multiple Access with Collision Detection CORBA Common Object Request Broker Architecture

DER Distinguished Encoding Rules DES Data Encryption Standard DH Diffie-Hellman

DoS Denial of Service

EAP Extensible Authentication Protocol EAPoL EAP over LAN

ECC Elliptic Curve Cryptographic

EFF Electronic Frontier Foundation EPIS Embarquer un Protocole Internet Sécurisé ESP Encapsulating Security Payload

ESS Extended Service Set FTP File Transfer Protocol

GPRS General Packet Radio Service GSM Global System for Mobile GTK Group Transient Key HIPERLAN HIgh PErformance Radio LAN

HMAC-MD5 Hash-based Message Authentication Mode-Message Digest 5 HTML HyperText Mark-up Protocol

HTTP HyperText Transport Protocol

IBSS Independent BSS

IEEE Institute for Electrical and Electronic Engineers IETF Internet Engineering Task Force

IKE Internet Key Exchange

IP Internet Protocol

IPSec IP Security

ISO International Standard Organization ISP Internet Service Provider

IV Initialization Vector

JFK Just Fast Keying

KCK EAPoL-Key Confirmation Key KEK EAPoL-Key Encryption Key L2TP Layer Two Tunneling Protocol LAN Local Area Network

LDAP Lightweight Directory Access Protocol LLC Logical Link Control

MAC Message Authentication Code MAC Medium Access Control MAN Metropolitan Area Network

MD5 Message Digest

MIC Message Integrity Check MitM Man in the Middle

MPPE Microsoft Point-to-Point Encryption NAS Network Access Servers

NAT Network Address Translation NIST National Institute of Standards and Technology

OTA Over The Air

PDA Personal Digital Assistant

PEAP Protected EAP

PFS Perfect Forward Secrecy PIN Personal Identification Number PKC Public Key Cryptography

PKI Public Key Infrastructure

PKCS#7 Public Key Cryptography Standard #7 PMK Pairwise Master Key

PPP Point-to-Point Protocol PPTP Point-to-Point Tunneling Protocol PRF Pseudo Random Function

PSK Pre Shared Key

PTK Pairwise Transient Key

RADIUS Remote Authentication dial-In User Service

RC4 Rate Code 4

RSA Rivest Shamir Adleman RSN Robust Security Network SDU Service Data Unit

SHA Secure Hash Standard SIM Subscriber Identity Module SMS Short Message Service SMTP Simple Mail Transfer Protocol SRP Secure Remote Password SSID Service Set IDentity

SSO Single Sign On

T-SDU Transport SDU

TCP Transport Control Protocol

TK Temporal Key

TKIP Temporal Key Integrity Protocol TLS Transport Layer Security TTL Time To Live

TTLS Tunnel TLS

UMTS Universal Mobile Telecommunication Service URL Universal Resource Locator

USIM Universal SIM

VPN Virtual Private Network WAE Wireless Application Environment WAP Wireless Application Protocol WBML Wireless Binary Mark-up Language WDP Wireless Datagram Protocol

WEP Wireless Encryption Privacy Wi-Fi Wireless Fidelity

WML Wireless Mark-up Language WPA Wi-Fi Protected Access WSP Wireless Session Protocol WTA Wireless Telephony Application WTP Wireless Transport Protocol

WTLS Wireless TLS

WWW World Wide Web