Encryption: Protecting the Data that Travels Outside Your Network

*** Secure Email ***

September 17, 2008

Jeff KalweriskySecurity Consultant

************Jeff @InfoEgis.com

Email Works? Right?

• Email has become the ubiquitous service of our time Anybody written a letter lately? ;-)

• Let’s take a closer look at email from a security or risk management point of view

• The Internet is designed to be highly resilient to failures anywhere between sender and receiver As a result, an email may transit many different servers en route to its

destination Which implies the email is stored on each one of those unknown servers So, any nosey sysadmin person with access to the server can read emails Or, worse, can make surreptitious and undetectable changes to it

• Neither the sender nor the receiver knows (or can know) of such egregious violations of privacy

It has been said, with justification, that email is as secure as “… a postcard, written in pencil, and placed in the US Mail.”

So, What’s the problem?

• The 3 pillars of information security are Confidentiality, aka Privacy

Information is available only to authorized individuals or systems Integrity (of information)

Data changes occur only in response to authorized transactions Nothing changes “behind our backs”

Availability (of services and systems) Systems are available at all times when the authorized users need them

• So, email scores really well on Availability The mail always gets through, “Neither rain nor sleet nor gloom of night …”

• But it doesn’t do very well on either Confidentiality or Integrity Unauthorized third parties can surreptitiously read and change emails They can do it without leaving any trace of their nefarious deeds

• One out of three ain’t good enough …

Can We Fix That? If So, How ?

• The simple answers are: (1) Yes! and (2) With encryption.

• Encryption is the process of transforming information so that it can be understood only by those for whom the information is intended• Encryption must work seamlessly for both text and graphics data

• Encryption has been around for centuries – the Romans used simple ciphers to protect written communications – but the modern mathematical treatment is relatively new, dating to the start of the electronic computer era

• Encrypting of information in this way usually involves the use of complex – but usually easy to use - mathematical algorithms to transform the data• The original data is known as plaintext• The transformed, or encrypted data is known as ciphertext• The plaintext is treated as a long binary integer that is mathematically

transformed into another integer, the ciphertext, which bears no resemblance to the original, as in the following example

Plaintext: We the People of the United States, in order to form a more perfect Union

Ciphertext: QGiBDuVqKgRBAD5Mcvdc41W5lpeZvYplEuyEBXwmxnUryE2KaCG1C06 PXPbgIPKOUt4veMycVoqU4U4ZNuIeCGPfUvkGKLKvy5lK3iexC1Qvat+9ek

Email Encryption

• Assume our good friends, Alice and Bob, wish to share encrypted data across the Internet In fact, Alice has some important and sensitive information to send to Bob

• First, Alice must choose a cryptographic algorithm

• Second, Alice must choose a key, the secret code used by that algorithm to encrypt and decrypt the data

• Third, Alice must inform Bob of the algorithm and the key

• Fourth, Alice composes her message, encrypts it with the key/algorithm and sends it to Bob

• Finally, Bob receives the email in the normal way, decrypts it, and benefits from the message’s important contents

• Sounds simple. But the devil is always in those pesky details

• So what can go wrong?

Email Encryption – The Details

• First issue: how can Alice inform Bob which algorithm and encryption key she has chosen? If she emails him, then Eve (the criminal eavesdropper) may know, too This was essentially the same problem the Nazis had in WW2 and their

ineffective solution allowed the Allies to break their codes

• Second issue: what if Alice needs to communicate with 20 other people? She will soon have far too many keys to manage

• This is known as the problem of Key Management Number of keys grows exponentially as number of users increases

• Not a good solution for email

• So, now what?

The Magic of RSA

• In 1977, 3 MIT mathematicians developed an ingenious solution Known as RSA*, after the initials of the 3 intrepid cryptographers Known as public key cryptography (more accurately, public-private key)

• Now Alice and Bob each has 2 separate, unique keys (same for all other users) 1. A public key, which Alice provides openly to other people 2. A private key, which Alice keeps secret from all other users

• Now, Alice encrypts the email to Bob with his public key How does she know it? It’s public, so she (or her computer) can look it up in a

directory And she sends it to Bob, in the usual way

• Now, if Eve reads the email in transit, she sees gobbledygook:QGiBDuVqKgRBAD5Mcvdc41W5lpeZvYplEuyEBXwmxnUryE2KaC ….

• When Bob receives the email, he decrypts it, using his private key

• Magic! _________________________* Ron Rivest, Adi Shamir, Len Adleman

Neat! But What Does This Have To Do With My Email?

• The RSA guys founded a company (natch!), RSA Data Security …

• Which developed S/MIME (Secure / Multipurpose Internet Mail Extensions) Now the IETF standard for public key encryption and signing of emails

• Signing? Who said anything about signing emails?

• That’s another magic capability of the RSA concept (I did say it was ingenious!) RSA is reversible, i.e., if Alice encrypts some information with her own private

key, Bob – or anybody else - can decrypt it with Alice’s public key

• Now Bob knows, with strong assurance, that the message did come from Alice! Bob can assume that nobody knows Alice’s private key Therefore, only Alice could have sent it!

• It gets better: if the information Alice encrypts with her private key is a digital summary of the whole document (called a hash), then Bob can check the same hash of the received document If the 2 hashes are the same, then Bob can also be sure that the document has

not changed since Alice sent it (take that, Eve!) This is called Alice’s digital signature

Enough! How Do I Encrypt Emails?

• Easy! The good news is that email encryption is as simple as pressing a button

• It’s included with email clients, such as Microsoft Outlook / Exchange

• You can choose to encrypt a single email or (better) all emails

• Receiving encrypted emails is just as simple as receiving unencrypted The email client does all the hard work

Encrypt a Single Email - Outlook

1

2

3

Encrypt All Emails - Outlook

Factors to Consider

• Encrypted emails require you to issue digital certificates to all employees (who will use the feature)

• A digital certificate is an unforgeable electronic identity card, containing The owner’s name and public key

• Digital certificates are typically stored … On the client machine in a secure (i.e., encrypted) file Or in a Global Address List (GAL), e.g., on an Exchange server

• Email clients automatically include the sender’s certificate with outgoing email

• Consider whether all users have email clients which support S/MIME Not quite so easy with Webmail

• Stored emails may no longer be readable if the owner’s private key is lost Owner forgets the password to unlock the private key or owner is gone May impact storage of historical data – problems with eDiscovery in lawsuits

• Can get encrypted email from various vendors: Entrust, Google, PGP, Hushmail

• Need to develop and enforce policy on use of encrypted email

Historical Aside – The Famous Enigma Machine

• During WW2, the Nazis developed the first electrical encryption device. called Enigma

• Used to encrypt all military communications Had hundreds of thousands of combinations The Nazis believe the codes to be “unbreakable”

• Based on mathematical work done by the Polish underground, mathematician Alan Turin led a team of scientists at Bletchley Park in England which developed the first electronic computer and “cracked” the code

• The Allies were able to read many (but not all) Nazi military communications Which played a major role in defeating Rommel in North

Africa and destroying the deadly U-boat submarines

• The details of how cryptography played such a major role in winning WW2 were kept secret until around 1980!

That’s All, Folks …

Thanks!

Jeff@InfoEgis.com