Improving the security services of the message handling systems in X.400.

Abstract

This thesis studies some security problems in the X.400 Message Handling System (MHS). It focuses on the so-called message-token, a cryptological data structure, used to convey the security-related information and support several basic security services in X.400 MHS. The current X.400 message-token which conforms to the X.509 one-way authentication protocol cannot protect X.400 messages from the attack of impersonation. An exisiting solution in terms of the one-way authentication protocol still cannot solve this problem when it is applied as a message-token in MHS. This thesis develops three new message-tokens for solving the problem. Correctness of the new message-tokens is proved by means of the authentication logic, a formal analysis technique for checking if authentication protocols are able to achieve their goals. Through the study, some weaknesses have been found in the postulates known as the Hash-Function Rules. New Hash-Function Rules are proposed for improving the authentication logic. The newly proposed message-tokens are proved to be capable of ensuring the integrity and originality of the conveyed information and thus prevent the impersonation threat for X.400 messages.