TECHNICAL NOTE
Understanding AD RMS and S/MIME
Understanding AD RMS and S/MIME
AD RMS is intended to protect both messages and documents by encrypting them, but the key
focus is on helping enterprises control how their information can be used. AD RMS allows content
creators to provide content protection which is managed from a centralized AD RMS server; when
users want to open a protected item, their credentials must be verified from the AD RMS
infrastructure. RMS-aware clients such as Microsoft PowerPoint, Word, and Outlook are designed
to enforce the content restrictions (e.g., "do not print," "do not forward") that the creator applied.
AD RMS provides confidentiality and use control as its primary features. This RMS encryption
protection stays with the information throughout its life, regardless of where it is sent, stored, etc.
Every email or document that RMS handles is encrypted with state-of-the-art AES encryption.
RMS does not simply enforce DRM-style permissions on content users, like many believe – it also
helps protect the content against unauthorized third party “eavesdroppers.” In addition, entities
involved in the RMS-protected document workflow (such as RMS servers and end users) have RSA
public-private key pairs in order to enable the distribution of protected documents more securely.
S/MIME (Secure Multipurpose Internet Mail Extensions) is an open Internet standard for digitally
signing and encrypting email messages using a variety of algorithms and formats. It's intended to
provide point-to-point protection for messages by having the sender sign and encrypt the
message, and S/MIME protects the message until an authorized recipient opens it. S/MIME provides
for three security features: confidentiality, message integrity, and nonrepudiation.
There are some important differences between AD RMS and S/MIME:
1.
AD RMS provides a persistent Information Protection and Control mechanism, as data is
always encrypted and effectively protected at rest, in transit and in usage (data-centric
security). S/MIME lacks the persistency attribute, as the protection is solely effective while
data is in transit (point-to-point).
2.
S/MIME is intended primarily as a confidentiality and integrity protocol. It doesn't provide
any sort of use control or restrictions. Malicious (or careless) recipients can open an
S/MIME message—provided they have the correct digital certificate—and after that, they
can forward it, print it, and so on. By contrast, AD RMS applies restrictions that control
what recipients can do with the message, when the message expires, and so forth.
3.
The infrastructure requirements between the two are quite different. S/MIME requires you
to have a public key infrastructure (PKI) to issue certificates to each user who will
participate. There are many different ways to deploy PKI, with a great variety of
complexity and cost, so this is an important point to bear in mind. AD RMS requires that
you deploy an AD RMS root server as part of the ubiquitous Active Directory environment.
AD RMS deployments don't require as much planning to account for cross-certification.
4.
The use case for S/MIME is for companies that want to secure email messages between
client desktop to client desktop. As for AD RMS it is targeted at companies who have
valuable information to protect and control throughout the enterprise.
5.
As far as interoperability goes, from within Microsoft Outlook, for example, one can apply
both RMS policy and S/MIME protection on the same email, e.g. you can create a “Do Not
Forward” email that you sign and encrypt with your S/MIME certificate.
www.watchfulsoftware.comm
www.watchfulsoftware.co m
© Copyright Watchful Software S.A. 2013 All Rights Reserved.
1
TECHNICAL NOTE
Understanding AD RMS and S/MIME
What is S/MIME
S/MIME is a standard just as is SMTP. S/MIME provides two security services:
1.
2.
Digital signatures
Message encryption
Understanding Digital Signatures
Digital signatures are the more commonly used service of S/MIME. As the name suggests, digital
signatures are the digital counterpart to the traditional, legal signature on a paper document. As
with a legal signature, digital signatures provide the following security capabilities:
1.
Authentication: A signature serves to validate an identity. Because there is no
authentication in SMTP e-mail, there is no way to know who actually sent a message.
Authentication in a digital signature solves this problem by allowing a recipient to know
that a message was sent by the person or organization who claims to have sent the
message.
2.
Nonrepudiation: The concept of nonrepudiation is most familiar in the context of paper
contracts: a signed contract is a legally binding document, and it is impossible to disown an
authenticated signature. Digital signatures provide the same function and are recognized
as legally binding, similar to a signature on paper. Because SMTP e-mail does not provide a
means of authentication, it cannot provide nonrepudiation. It is easy for a sender to
disavow ownership of an SMTP e-mail message.
3.
Data integrity: With data integrity services, when the recipient of a digitally signed e-mail
message validates the digital signature, the recipient is assured that the e-mail message
that is received is, in fact, the same message that was signed and sent, and has not been
altered while in transit. Any alteration of the message while in transit after it has been
signed invalidates the signature.
Although digital signatures provide data integrity, they do not provide confidentiality. Messages
with only a digital signature are sent in clear text, similar to SMTP.
Authentication, nonrepudiation, and data integrity are the core functions of digital signatures.
Together, they ensure recipients that the message came from the sender, and that the message
received is the message that was sent.
Digital signatures are a solution to impersonation and data tampering, which are possible with
standard SMTP-based Internet e-mail.
Understanding Message Encryption
Message encryption provides a solution to information disclosure. An SMTP Internet e-mail
message can be read by anyone who sees it as it travels or views it where it is stored. These
problems are addressed by S/MIME through the use of encryption.
Encryption is a way to change information so that it cannot be read or understood until it is
changed back into a readable and understandable form.
www.watchfulsoftware.comm
www.watchfulsoftware.co m
© Copyright Watchful Software S.A. 2013 All Rights Reserved.
2
TECHNICAL NOTE
Understanding AD RMS and S/MIME
Although message encryption is not as widely used as digital signatures, it does address what
many perceive as the most serious weakness in Internet e-mail. Message encryption provides two
specific security services:
1.
Confidentiality: Message encryption serves to protect the contents of an e-mail message.
Only the intended recipient can view the contents, and the contents remain confidential
and cannot be known by anyone else who might receive or view the message. Encryption
provides confidentiality while the message is in transit and in storage.
2.
Data integrity: As with digital signatures, message encryption provides data integrity
services as a result of the specific operations that make encryption possible.
Although message encryption provides confidentiality, it does not authenticate the message sender
in any way. An unsigned, encrypted message is as susceptible to sender impersonation as an
unencrypted message. Because nonrepudiation is a direct result of authentication, message
encryption also does not provide nonrepudiation.
Although encryption provides data integrity, an encrypted message can show only that the
message has not been altered since it was sent. No information about who sent the message is
provided. To prove the identity of the sender, the message must use a digital signature
Confidentiality and data integrity provide the core functions of message encryption. They ensure
that only the intended recipient can view a message and that the message received is the message
that was sent.
Understanding how digital signatures and message encryption work together
Digital signatures and message encryption are not mutually exclusive services. Each service
addresses specific security issues. Digital signatures address authentication and repudiation issues,
and message encryption addresses confidentiality issues. Digital signatures address security issues
related to senders, and encryption addresses security issues primarily related to recipients.
Digital signatures and message encryption complement one another and provide a comprehensive
solution to the security issues that affect SMTP-based Internet e-mail.
Digital certificates and message encryption are the core functionality of S/MIME. The most
important supporting concept for message security is public key cryptography. Public key
cryptography makes digital signatures and message encryption within S/MIME viable.
Along this scale, ADRMS also provides these benefits of a) confirming the sender of the message via
their Active Directory credentials, b) protecting the message contents via encryption (not only
during the time it is in transit, but perpetually), and c) confirming the proper receipient via their
Active Directory credentials.
www.watchfulsoftware.comm
www.watchfulsoftware.co m
© Copyright Watchful Software S.A. 2013 All Rights Reserved.
3