Attack of the Email Snoops

By Seth Ross

The Problem with PKI
Encryption Plus for Email

Who can intercept a corporate email message? The short answer is, anyone on any of the networks the email traverses. That includes all the employees with access to the network on the sending end, employees at the sender's Internet Service Provider (ISP), customers of the sender's ISP, employees or others at any of the intermediary sites between sender and recipient, employees at the recipient's ISP, customers of the recipient's ISP, and employees with access to the recipient's network. This can add up to thousands of people, even before counting employees of major national governments who run vast spy systems.

How does mail get intercepted? By definition, mail servers handle email -- mail administrators have routine access to all the mail that traverses their systems. Many companies have set up mail monitoring systems that seek out inappropriate email - if your company doesn't do this, your recipients' may. While most ISPs are not intrinsically interested in their customers' email, they can view and/or record it at will. Fundamentally, the Internet and supporting technologies like Ethernet are broadcast media. In many situations, every machine on a Local Area Network (or in a cable modem neighborhood) sees every packet addressed to every machine. If a machine's Ethernet interface is kicked into promiscuous mode, that machine can analyze every packet on the network looking for passwords, confidential messages, etc.

Then there's Echelon, a top-secret worldwide spying system set up by the United States, the United Kingdom, Canada, Australia, and New Zealand. Echelon is capable of automatically inspecting billions of messages a day through taps on telephone, Internet, microwave, cellular, fiber-optic, and satellite communications. While the system was designed for national security purposes, the operators have been accused of intercepting sensitive corporate communications for the commercial benefit of US companies (a charge strenuously denied by the National Security Agency). Echelon has most likely intercepted this email, since this dictionary-based system looks for keywords (including, presumably, the words "Echelon" and "National Security Agency"). For an overview of what's known about Echelon, see http://www.echelonwatch.org/

The solution to the problem of email confidentiality - whether the threat is a bored sysadmin, a competitor, or a national government - is strong encryption. Implementing secure email with encryption is theoretically easy but hard to pull off in a fast- changing world with diverse users and mail systems.

One common approach is to use asymmetric or public key encryption to secure email. Several substantial companies like RSA Data Security, Verisign, and Entrust Technologies sell solutions built around public key cryptography that enable the wide-scale roll-out of secure email. Many of these solutions utilize hooks for the S/MIME (Secure Multipurpose Internet Mail Extensions) standard built into email clients. Public key cryptography works with two different (asymmetric) but mathematically-related keys - a private key that you use to decrypt messages sent to you and a public key that others use to encrypt messages addressed to you. If I needed to send you an encrypted message using public key cryptography, I would seek out your public key, use it to encrypt my message, and send it to you. Only someone who holds your private key could read it.

The downfall of these systems is complexity. The whole idea of using two keys is contrary to common sense (and the real world, where just one key grants access). Ideally, users can be protected from this complexity to some extent. But system administrators can't be. In order to effectively deploy public key cryptography, you need a public key infrastructure (PKI) - a system that uses digital certificates from Certificate Authorities to verify and authenticate the validity of each party involved in an electronic transaction or message exchange. PKIs are extremely complex to plan, implement, and manage, even when very bright and capable system designers attempt to make them transparent. Verisign, for example, put out a white paper last April entitled "Secure Messaging for Your Enterprise Email" that outlines a roadmap to PKI-enabled email. This document describes thirteen "easy" steps to implement the company's Go Secure! service, including items like "Identify naming conventions for setting up Certificate Authority (CA)", "Determine key recovery configuration (Single vs. dual key)", "Identify authentication model", "Install OnSite local hosting site kit", "Set up AutoAuthentication", "Configure CRL retrieval and storage", "Set up Key Manager", etc.

Complexity is the enemy of security. Complex solutions are difficult to implement correctly and easy to implement with fundamental security errors. They require ongoing management and maintenance by highly-skilled experts. They are also difficult to audit or analyze in the wake of a security breach. Worst of all (and despite the best efforts of program designers), they are difficult for end users - those on the front lines of computer security - to master. One of the simplest (and first) public key encryption programs is PGP (Pretty Good Privacy), first coded by Philip Zimmerman and now offered by Network Associates. But even experienced users routinely get it wrong with PGP. In the classic usability study, "Why Johnny Can't Encrypt", researchers at Carnegie Mellon University found that of twelve experienced users given 90 minutes to successfully send a single encrypted email with PGP 5.0, only four succeeded. As the researchers note:

Security mechanisms are only effective when used correctly. Strong cryptography, provably correct protocols, and bug-free code will not provide security if the people who use the software forget to click on the encrypt button when they need privacy, give up on a communication protocol because they are too confused about which cryptographic keys they need to use, or accidentally configure their access control mechanisms to make their private data world-readable.

When the software designers here at PC Guardian set out to design a secure email product, they laid out several requirements. In keeping with corporate philosophy, it had to be simple and effective. It had to work with the popular email clients that companies already have installed, with no more than a password and a single click required of the sender. It had to work without any special software requirement for the recipient, beyond a Windows workstation.

The result was Encryption Plus for Email, a plug-in that works with Microsoft Outlook and Lotus Notes to provide simple one-click encryption of email messages and attachments. Once installed and activated, Encryption Plus for Email intercepts each outgoing mail and prompts the sender to encrypt it with a password. It then takes the mail and any attachments, encrypts and compresses them into a self-extracting executable file, and sends the file on to the recipient. When the recipient double-clicks the self-extracting file and provides the password, the contents - including message and attachments - are decrypted and decompressed into viewable form.

Encryption Plus for Email provides strong encryption since it's built around the tried-and-true Blowfish algorithm. But that's not the main selling point. By reducing complexity, the program increases security - users don't need to understand asymmetric cryptography and abstract concepts like public keys. Nor do they need to run a special mail client or connect to a web-based mail system. Administrators are spared any setup short of sending the program out and telling users to double-click the setup program (the program can be customized but it's not necessary).

This simplicity comes at some cost, however. While PKI allows a sender to encrypt with the recipient's public key and a recipient to decrypt incoming messages with a private key that's stored locally, Encryption Plus for Email users have what's known as a "key exchange problem" - they need a secure way to communicate the key that enables secure communication. For many, this means picking up the phone and verbally reciting the password. Face-to-face meetings, letters, and fax transmissions are other possibilities. All of these methods carry some risk that the key will be exposed since phones can be tapped and letters can be opened.

From the perspective of computer security theory, public key cryptography is more elegant than the simple symmetric/one-key approach taken by Encryption Plus for Email. But good theory doesn't necessarily equate good practice. Email security is breached in the real world where theory breaks down, where users confuse the public and private keys on their virtual keychains, where elaborate PKI systems necessary for security crash or otherwise become unavailable, where the rush of business or war often means it's more expedient to turn the crypto off than to lose time.

If you're interested in implementing secure email for your company or for yourself, check out the alternatives.

PC Guardian offers both enterprise and single-user versions of Encryption Plus for Email. You can download a free version of the single-user product at
http://www.pcguardian.com/email_download/nl.html

To find out more about the enterprise version of Encryption Plus for Email, surf to
http://www.pcguardian.com/software/email_e_nl.html

If you haven't tried PGP, you can find a link to the freeware version at
http://www.pgp.com/

You can find out more about PKI-based email solutions at
http://www.rsasecurity.com/products/keon/
http://www.verisign.com/onsite/prod/messaging/secure.html
http://www.entrust.com/products/pki/index.htm