S/MIME을 이용한 Exchange 서버 메시지 보안 강화 방법
Enhancing Exchange Server Message Security with S/MIME
정보보호 및 전자상거래학과 정보보호전공
S/MIME Exchange 서버메시지 보안강화;
- 원문 URL
With the growth of the Internet in recent years, e-mail has fundamentally changed. E-mail has arguably become the single most important benefit of the Internet to date. The SMTP standard makes it possible for different e-mail systems connected to the Internet to exchange information with one another. However, despite all the benefits that SMTP has brought to the Internet, it has an inherent problem. The SMTP standard was originally developed to carry brief, relatively unimportant messages on a closed network, not to carry critical and sensitive information in an interconnected world. Secure/Multipurpose Internet Mail Extension (S/MIME) has emerged as a standard to enhance SMTP e-mail messages with security capabilities. Using S/MIME, encryption protects the contents of e-mail messages and digital signatures verify the identity of a purported sender of an e-mail message. Digital signatures and message encryption are not mutually exclusive services. Each service addresses specific security issues. Digital signatures address authentication and repudiation issues, and message encryption addresses confidentiality issues. There are other methods to enhance mail security, such as Privacy Enhanced Mail(PEM) and Pretty Good Privacy. But these are not widely used cause of complexity in implementation or lower in security. Microsoft has delivered Exchange 4.0 in March 1996 as a part of push into enterprise application market. Exchange 5.0 followed in October 1996 and serves as a patch-up release. Exchange 5.5 was released in November 1997 and the first product to support S/MIME(only service pack 1 or later). In the year 2000 Microsoft announced almost newly product, Exchange 2000 Server, which integrated Active Directory, Internet Information Service(IIS) and support multiple databases and so on. In September 2003, Exchange Server 2003 was introduced, which eliminated the need of Key Management Service(KMS) because all of key-related things were integrated into Windows Active Directory and Certificate Service. PKI and Exchange do not directly integrate with one another in a message security system. Instead, they work together through the e-mail client. Because Exchange only provides delivery and storage of S/MIME messages, all other functionality in S/MIME e-mail results from interactions between the e-mail client and PKI. Although Microsoft Exchange Server has been widely used in Korea, there have rarely understood in messaging security which includes S/MIME. At the point of clients, almost of Microsoft's clients are support S/MIME. Messaging Application Programming Interface(MAPI)- Outlook 2000 SR1, Outlook 2002 and Outlook 2003-support S/MIME Version3 and Exchange Advanced Security. Exchange 2003 also support Internet standards Post Office Protocol version(POP3) and Internet Message Access Protocol version(IMAP4), Outlook Web Access, Outlook Mobile Access, Exchange ActiveSync clients. But not all of client does not support both message encryption and digital signature.