What
is Secure E-Mail?
Secure
electronic mail is electronic communication which guarantees messages arrive
intact and unhampered in the intended recipient's inbox. If a message can be
intercepted, the contents can and most likely will be tampered with. The process
of intercepting electronic communication on public networks, such as the Internet,
has been simplified. A party interested in viewing point to point e-mail can
visit one of numerous news groups and hacking web sites for a full instruction
set and tools to read your mail. The process has been documented perfectly,
to the point that the 12 year old round the corner can easily read your latest
business plan, innovation, stock trades and on-line banking transactions from
the comfort of his or her bedroom.
The
number of Internet users with e-mail capabilities has surpassed 200,000,000
people. Given the explosion of Internet e-mail, it is shocking that security
has only now become a major concern. The standard flavors of POP3 e-mail clients
only offer a Data Encryption Standard (DES) of 40-Bits. A 40-Bit encryption
level, for today's advanced hackers, offers virtually no protection. By contrast
the military uses a 4096-Bit DES encryption level that is unshakeable. At this
point the best an average e-mail user can do is register and download a 128
Bit Security patch from their mail client provider's web site, which offers
a much greater level of security, but is not hacker proof.
How
is E-mail Encrypted?
MIME
(Multipurpose Internet Mail Extensions) is the most
common method for transmitting non-text files via Internet e-mail, which was
originally designed for ASCII text. MIME encodes the files by using one of two
encoding methods and decodes it back to its original format at the receiving
end. A MIME header is added to the file, which includes the type of data contained,
and the encoding method used.
S/MIME
(Secure MIME) is a version of MIME that adds RSA encryption (Rivest-Shamir-Adleman)
a highly secure cryptography method by RSA Data Security, Inc., Redwood City,
CA, (www.rsa.com) for secure transmission. S/MIME was introduced in 1996, and
has emerged as the messaging industry's standard for secure e-mail. S/MIME utilizes
Public Key Cryptography Standards (PKCS) to ensure cross-platform and multi-vendor
compatibility. S/MIME has been, and continues to be widely adopted by the messaging
industry.
S/MIME, like MIME, uses two cryptographic encoding methods that both utilize
RSA (PKCS), a digital signature and a digital envelope. The digital signature
provides some level of security but does not provide for privacy. To encrypt
the message for privacy a digital envelope is used so that only the intended
recipient can read the contents of the message. The message is not encrypted
using RSA, but with encryption algorithms such as DES or RC5 (The latest in
a family of secret key cryptographic methods developed by RSA Data Security,
Inc).
United
States Government Plans
The
pending "Cyberspace and Electronic Security Act" sponsored by the Clinton Administration
will allow the FBI unlimited access to private e-mail at their discretion. The
FBI would not even require a search warrant. Circumventing Fourth Amendment
Search and Seizure standards will viably allow the government access to all
third party encryption algorithms and keys. If this Act passes successfully
through Congress, a user's e-mail will never be safe from prying eyes.
How
do you protect your E-mail?
-
Verify
that your Internet Service Provider Supports S/MIME. If not, ask when they
will. Chances are high that S/MIME is supported (probability 80%). If your
ISP has no intention of implementing S/MIME, look for a new ISP.