Focus: Messaging Security

Encrypted e-mail as a business tool

There are no measures to ensure the privacy, integrity or security of any e-mail, since that's not what e-mail systems were created for. That's all the more reason why e-mail in transit needs to be encrypted. by Graeme K. Le Roux

Internet e-mail has about the same level of privacy as writing your message on the back of a postcard and dropping it on the street for a passer-by to deliver for you—i.e. next to none. Since your office e-mail is likely to use similar standards as Internet e-mail, the level of privacy is about the same.

Furthermore, there is no certainty that the message actually came from the purported sender or that it has not been tampered with in transit. The reason for this is simple: e-mail systems transfer data as text. Even when you create an e-mail that is not text, it is encoded as text and transferred that way.

There are no measures to ensure the privacy, integrity or security of any e-mail, since that's not what e-mail systems were created for.

E-mail systems are designed to move messages of arbitrary content from a source to one or more destinations—no more, no less.

In the case of SMTP—the heart of Internet e-mail—there is not even any guarantee of delivery or notification of non-delivery. Who hasn't had an e-mail disappear without trace?

Given the millions of e-mails carried by the Internet e-mail system every day, it is almost a miracle that only a relatively tiny percentage are lost.

While keeping a system simple and robust is perfectly reasonable, there are some drawbacks when it comes to using e-mail as a business tool.

E-mails in business

Every company has confidential internal communication which are generally restricted to a small group of employees. Such communication might be between the HR department and individual employees, regarding terms of employment and salary. Besides, all companies also need to communicate confidential information to their clients and business partners.

Currently, such communication are delivered via the Intranet and/or Internet e-mail at a low cost but at the expense of privacy—which is unacceptable in many business cases. Similar problems occur at the receiving end—if a client sends you information or instructions via e-mail, how can you be certain that the sender is in fact your client and not someone else?

The same problem exists when you use paper communication, but most countries have laws against interfering with postal articles.

If e-mail is to match paper-based communication as a reliable business tool, we need a way to ensure that confidential information remains confidential during its transmission; that an e-mail can only be read by the intended recipient; that the e-mail has not been forged or tampered with; and that the e-mail came from the purported sender.

Public key encryption

Providing such features in an e-mail system can be done with public key encryption. Typically, e-mail cryptosystems are overlaid on an ordinary e-mail system by introducing encryption into the process of encoding an e-mail message. These systems may interact with a more general PKI system, or they may be standalone as they use a separate key service infrastructure. They can also be a mixture of both.

This article will focus on standalone systems, specifically PGP. While there are several PKI systems available that support e-mail encryption, PGP is arguably the most common. You can download a freeware version for most platforms, and the corresponding source code, from the Internet.

PGP can be used to encrypt an attachment—i.e. you encrypt a file and then attach it to an otherwise un-encrypted message—or you can encrypt a message body. For the latter, the e-mail message's header is generated as normal (which is necessary to allow a mail server to process it properly), but the message body is encrypted using PGP, and then MIME encoded in the normal way.

It should be understood that "encoded" is not the same as "encrypted." When you encrypt a bit stream—a message body in this example—the result is another bit stream and both streams can contain non-text characters which could cause a problem during message transmission.

To prevent such problems, MIME will encode a bit stream into one that does not contain character strings; this allows a mail system to regard them as commands. A header is included in the encrypted message, which indicates to the receiving mail client that the message has been encrypted by PGP. This allows the receiving client to call PGP to decrypt the message. PGP will also check for any digital signature and verify it against a key database if one is found. It is the digital signature that provides proof that the message has not been tampered with and, provided that the signatory's private key has not been compromised and is valid, that the sender of the message is who they purport to be.

Encryption is likely to become an integral part of doing global business in the very near future. Either you learn how to use encryption as a business tool now, or risk your future ability to compete against other companies who are currently putting the time and effort into developing business systems that are based on encryption.

This article first appeared in Network Magazine Asia.