Thanks to diligent education efforts by security administrators, almost every modern computer user is aware that electronic mail, in its standard form, is insecure. The SMTP and POP standards that govern Internet e-mail exchange provide no inherent security capabilities, and it's a trivial task for even the most novice hacker to create a falsified (or spoofed) e-mail message.
Let's take a brief look at the ways that encryption technology may be applied to electronic mail to make it more secure. In this tip, we'll examine some general techniques that may be used, while future tips will focus on specific applications.
In general, there are four main security goals that users of electronic mail wish to achieve:
- Confidentiality – Users want to be assured that their messages are not intercepted and read by unauthorized individuals.
- Integrity – Users want to be confident that their messages are not altered by a third party.
- Authentication – Users want to know that the messages they receive were actually sent by the person listed in the "from" field and not some other individual.
- Non-repudiation – Users want to have irrefutable evidence that a message was sent, preventing the sender from later claiming that they never sent the message.
In order to achieve these goals, security-conscious users implement a public- or private key cryptosystem. (If you're not quite sure
|Goal||Private key Cryptosystem||Public key Cryptosystem|
As you can see, public key cryptosystems provide added functionality over their private key counterparts. The trade-off is that private key cryptosystems require less computational overhead and are capable of operating much faster than public key systems.
At this point, you're probably asking how cryptosystems achieve these goals. Private key cryptosystems achieve the goals in the following manner:
- Confidentiality – The sender of the message encrypts the content using the private key. Recipients use the same key to decrypt the message. Users without knowledge of the key can't decrypt the message.
- Integrity – The sender of the message digitally signs the message using the secret key and the recipient verifies it using the same key. If the message was altered in transit, the verification would fail. (If you're not familiar with digital signature technology, you may wish to read the white paper An introduction to digital signatures.)
- Authentication – The sender of the message digitally signs the message using the secret key and the recipient verifies it using the same key. Private key cryptosystems only achieve the goal of authentication when the secret key is known only to two users.
- Non-repudiation – It is not possible to achieve non-repudiation in a private key cryptosystem.
Let's take a similar look at how public key cryptosystems achieve these goals:
- Confidentiality – The sender of the message encrypts the content using the recipient's public key. The recipient decrypts the message using the recipient's private key.
- Integrity – The sender of the message digitally signs the message using the sender's private key and the recipient verifies it using the sender's public key.
- Authentication – The sender of the message digitally signs the message using the sender's private key and the recipient verifies it using the sender's public key. Because the sender's private key is only known to the sender, the recipient can be confident that the message actually came from the purported sender.
- Non-repudiation – The sender of the message digitally signs the message using the sender's private key and the recipient verifies it using the sender's public key. Because each user in a public key cryptosystem has a unique keypair, there is no way that the recipient could forge a digital signature that would properly validate with the sender's public key.
And that's e-mail security in a nutshell! Keep a close eye on this space for future tips providing insight into specific applications of these techniques.
About the author
Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a Miami-based marketing consultancy. He previously worked as an information security researcher for the U.S. National Security Agency. His publishing credits include the TICSA Training Guide from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep Guide from John Wiley. He's also the About.com Guide to Databases.
This was first published in May 2003