MMMSec - Security in Multimedia Mail
by Ronald Fromm, Rafal Kowalski, Jürgen Sander, Roland Schwarz, Burkhard Wiegel and Andreas Zisowsky
MMMSec is a German research project performed by the Open Distributed Multimedia Applications Group at GMD Institute for Open Communication Systems in Berlin. It is funded by DeTeBerkom, Ltd. - 100% subsidiary of Deutsche Telekom AG. The main goal of the project is the development of a Security platform tailored to Multimedia-Messaging and the integration of this platform within a multi Messaging-System enabled Multimedia-Mail User Agent in a homogeneous and user friendly fashion. This Security-Demonstrator-UA is called 'S-Mail' and supports Internet Electronic Mail and X.400(88).
The main threads of the project are:
- Security services tailored to single X.420-bodyparts. This will allow the application of separate security services for each bodypart of one X.400-message
- security services for External References and the referenced data
- a Security-Platform, which makes it possible to adapt and use different security services such as X.420-Security-Bodyparts, PEM, MOSS, PGP, etc, under an homogeneous interface and to automatically control these services by a defined Security Policy
- homogeneous, user friendly security controls, which are integrated into the user interface of the Security-Demonstrator-UA (S-MAil). The graphical user interface elements for security are uniform and independent of specific Messaging-Systems and Security-Services. The user cannot override Security Policy settings.
X.420-Security Bodypart
With the introduction of multicontent/multimedia messages, the separate protection of individual bodyparts is necessary if users are to be able to retrieve single bodyparts from a remote message store. There might also be different security requirements for different bodyparts of one message.
Bodypart security within MIME is provided by RFC1847/48. Nothing appropriate was available for X.420. Hence, the concept of the X.420-Security-Bodypart was developed within MMMSec. It provides for Integrity, Confidentiality and Digital Signatures by encapsulating arbitrary ASN.1-encoded X.420-bodypart within a Security-Bodypart.
Security Platform
The main task of protecting and unprotecting messaging content is to process bodyparts, which are data objects. In general there are security tools for different bodypart (object) types. Such tools can be integrated into the Security Platform. Then they are controllable through the uniform platform interface. In addition there is a Security Policy component, which automatically generates Security Processing Information (SPI) for a given bodypart type. The SPI then controls the appropriate Security Services. Key-Management, cryptographic mechanisms and some other useful functions are also provided.
Secure External References
The concept of External References was developed to address messaging problems introduced by the high volume of multimedia content and to provide efficient messaging-based data distribution for high volume content providers. Instead of bulky data, only a pointer to the data is transferred within the message. A security concept for External References was developed within MMMSec, whereby the sender protects the data to be referenced, transfers it to a publicly accessible Global Store, inserts the External Reference and additional Security Parameters into a bodypart, and submits the message.
The receiver retrieves the referenced data from the store and unprotects it using the security parameters from the External Reference. The concept was specified for MIME and X.420. sxRef" (Secure External Reference Manager) is the implementation of the concept for X.420. It is also based upon the Security Platform and can be controlled by Security Policies. The graphical user interface also lets the user recognize known Security Elements.
More Information about this project is available on the World Wide Web at: http://www.fokus.gmd.de/ovma/mmms/
Please contact:
Burkhard Wiegel - GMD
Tel: +49 30 25499 373
E-mail: wiegel@fokus.gmd.deMichael Gehrke - DeTeBerkom GmbH
Tel: +49 30 46701 122
E-mail: gehrke@deteberkom.de