Focus: Messaging Security
Encrypted e-mail as a business tool
There are no measures to ensure the privacy, integrity or
security of any e-mail, since that's not what e-mail systems were created for.
That's all the more reason why e-mail in transit needs to be encrypted. by Graeme
K. Le Roux
Internet e-mail has about the same level of privacy as writing your message
on the back of a postcard and dropping it on the street for a passer-by to deliver
for youi.e. next to none. Since your office e-mail is likely to use similar
standards as Internet e-mail, the level of privacy is about the same.
Furthermore, there is no certainty that the message actually came from the purported
sender or that it has not been tampered with in transit. The reason for this
is simple: e-mail systems transfer data as text. Even when you create an e-mail
that is not text, it is encoded as text and transferred that way.
There are no measures to ensure the privacy, integrity or security of any
e-mail, since that's not what e-mail systems were created for.
E-mail systems are designed to move messages of arbitrary content from a source
to one or more destinationsno more, no less.
In the case of SMTPthe heart of Internet e-mailthere
is not even any guarantee of delivery or notification of non-delivery. Who hasn't
had an e-mail disappear without trace?
Given the millions of e-mails carried by the Internet e-mail system every
day, it is almost a miracle that only a relatively tiny percentage are lost.
While keeping a system simple and robust is perfectly reasonable, there are
some drawbacks when it comes to using e-mail as a business tool.
E-mails in business
Every company has confidential internal communication which are generally restricted
to a small group of employees. Such communication might be between the HR department
and individual employees, regarding terms of employment and salary. Besides,
all companies also need to communicate confidential information to their clients
and business partners.
Currently, such communication are delivered via the Intranet
and/or Internet e-mail at a low cost but at the expense of privacywhich
is unacceptable in many business cases. Similar problems occur at the receiving
endif a client sends you information or instructions via e-mail, how can
you be certain that the sender is in fact your client and not someone else?
The same problem exists when you use paper communication, but most countries
have laws against interfering with postal articles.
If e-mail is to match paper-based communication as a reliable business tool,
we need a way to ensure that confidential information remains confidential during
its transmission; that an e-mail can only be read by the intended recipient;
that the e-mail has not been forged or tampered with; and that the e-mail came
from the purported sender.
Public key encryption
Providing such features in an e-mail system can be done with public key encryption.
Typically, e-mail cryptosystems are overlaid on an ordinary e-mail system by
introducing encryption into the process of encoding an e-mail message. These
systems may interact with a more general PKI system, or they may be standalone
as they use a separate key service infrastructure. They can also be a mixture
This article will focus on standalone systems, specifically PGP. While there
are several PKI systems available that support e-mail encryption, PGP is arguably
the most common. You can download a freeware version for most platforms, and
the corresponding source code, from the Internet.
PGP can be used to encrypt an attachmenti.e. you encrypt a file and
then attach it to an otherwise un-encrypted messageor you can encrypt
a message body. For the latter, the e-mail message's header is generated as
normal (which is necessary to allow a mail server to process it properly), but
the message body is encrypted using PGP, and then MIME encoded in the normal
It should be understood that "encoded" is not the same as "encrypted."
When you encrypt a bit streama message body in this examplethe result
is another bit stream and both streams can contain non-text characters which
could cause a problem during message transmission.
To prevent such problems, MIME will encode a bit stream into one that does not
contain character strings; this allows a mail system to regard them as commands.
A header is included in the encrypted message, which indicates to the receiving
mail client that the message has been encrypted by PGP. This allows the receiving
client to call PGP to decrypt the message. PGP will also check for any digital
signature and verify it against a key database if one is found. It is the digital
signature that provides proof that the message has not been tampered with and,
provided that the signatory's private key has not been compromised and is valid,
that the sender of the message is who they purport to be.
Encryption is likely to become an integral part of doing global business in
the very near future. Either you learn how to use encryption as a business tool
now, or risk your future ability to compete against other companies who are
currently putting the time and effort into developing business systems that
are based on encryption.
This article first appeared in Network Magazine Asia.
| In one of those ironies that seem to pervade
IT, the very fact that encryption prevents an e-mail from being read by
a third-party (or even recovered by the sender under some circumstances),
represents a problem for corporate record keepers.
E-mail is a company record,
and as such, it is generally required by law that companies copy and archive
it just like any other company document. E-mail is generally archived
by copying it to some form of log on the server and then archiving the
log, or by setting all mail clients to save a copy of "sent mail"
in a folder that is regularly archived. Received e-mail is similarly archived.
The problem with encrypted
e-mail is that any message arriving at a mail server is unreadable by
anyone except the person it is addressed to. In some cases, even the copies
of a message saved in the "sent mail" folders are encrypted.
If the addressee of a mail message is on your internal network, then you
might be able to archive the message once they receive and decrypt it--provided
they export an unencrypted copy of the message to an archive folder.
But if the addressee or
sender of a message neglects to save an unencrypted copy then all you
can archive is something you can't read. And unless the particular PKI/encrypted
e-mail package you use has a way to deal with this problem, all you can
do is to teach all your users to keep unencrypted copies of all the mail
they send or receive. To complicate matters, companies who provide encryption
software have not really addressed this issue nor do they appear likely
to do so in the near future.