EXECUTIVE
SUMMARY | MOST E-MAIL IS
vulnerable—it can be read by
computer-savy snoops and even tampered
with.
THERE ARE WAYS TO
make your e-mail more secure—at
least to the extent that no one can
intercept it and read it. And there is a
way to know whether it was tampered with
as it traveled through the Internet.
THE TWO MOST
popular security tools are PGP
(Pretty Good Privacy) and S/MIME (Secure
Multipurpose Internet Mail Extensions).
PGP is the more popular security program
of the two.
IN ADDITION,
DIGITAL certificates can
ensure that the message you receive from
a client or a customer actually came
from the person who signed it.
SECURITY ISSUES
have recently become even more
vital now that specially prepared and
electronically signed e-mail is
considered as legal as its paper
counterpart.
SOME INTERNET
EXPERTS claim that as much as
25% of e-mails are vulnerable to legal
voyeurism by Internet and company e-mail
administrators and blatant trespassing
by snooping hackers. |
MAUREEN FRANCIS MASCHA,
CPA, PhD, is an assistant professor at
Elmhurst College, Elmhurst, Illinois. Her
e-mail address is maureenm@elmhurst.edu
. CATHLEEN L. MILLER, CPA, PhD, is an
assistant professor at the University of
Michigan, Flint. Her e-mail address is catmillr@flint.umich.edu
. |
id you know that your e-mail is only
slightly more secure than that picture postcard
you mailed from Jamaica? While it’s true that not
everyone can easily intercept and read your
e-mails, the risk exists. And since you probably
transmit lots of confidential and legally
sensitive files via the Internet that risk should
immediately set off liability alarms, sending
chills down your spine. What can you do
about it? As it happens, you can make your
e-mail more secure—at least to the extent
that a snoop can’t read it—and you can
know whether anyone has tampered with it.
You also can guarantee that the message
you receive from a client or a customer
actually came from the person who signed
it. Such security issues have recently
become even more vital now that
electronically signed e-mail is considered
as legal as its paper counterpart.
Before we get to the solutions, let’s
see what makes e-mail vulnerable.
|
Regardless of the
fact that e-security breaches
cause in excess of $15 billion
in damage worldwide annually,
more than 50% of businesses
spend 5% or less of their IT
budget on security. Source:
Datamonitor, www.datamonitor.com/viewnewsstory.asp?id=1375
,
| |
BEWARE THE SNIFFER
What’s the likelihood that someone is
intercepting, reading or tampering with your
e-mail? Some Internet experts claim that as much
as 25% of electronic mail is scanned by Internet
service providers (ISP), company e-mail
administrators and hackers who have software that
lets them sneak a look at Internet mail.
The most common form of e-mail abuse is
electronic eavesdropping, sometimes called
sniffing. Don’t assume that your password—no
matter how long and complex—provides total
protection. Aside from hackers who usually can
break a password code, many people have access to
your password or can snoop into your mailbox even
without it, and that has to do with the way
e-mails are transmitted and stored. Every
organization that has its own e-mail system has a
“postmaster” with access to your e-mail content.
Ditto for the vendor that provides the e-mail
function—that is, the ISP. And if that
doesn’t shatter your privacy fantasy, consider
this: All your transmitted e-mails (sent or
received or deleted) end up on digital disks
operated by your ISP or your own organization.
Even worse: When the message files are removed
from the your organization’s storage or your ISP’s
computer, they are moved to separate electronic
storage disks as archives and who knows what, if
any, security is maintained over this information.
KEYS TO THE CODE
The most common way to prevent someone from
reading your e-mail is to use software to encrypt
it, thus rendering it incomprehensible to anyone
without the decoder, or key. And with today’s fast
computers, it does it so quickly that you aren’t
even aware of the time it takes to perform the
translation. There are two major
commercial encryption standards in use today: PGP
(Pretty Good Privacy) and S/MIME (Secure
Multipurpose Internet Mail Extensions). PGP is the
most widely accepted tool. Like a safe-deposit
box, it uses two keys—one private and one
public—only its keys are complex electronic
passwords. To read a PGP-encrypted message, you
need both keys. Private keys, or passwords, should
never be divulged by the sender. Public keys,
however, which are distributed to all potential
e-mail recipients, can be distributed through
e-mail, posted on a Web site or registered with a
digital certificate authority—a subject we’ll
discuss later. It’s up to users how widely they
want their public keys distributed. Most users
distribute their public keys to a limited number
of people or register one with a digital
certificate authority—a firm that operates such
services. Here’s an illustration of how a
message is sent with PGP security: Bob wants to
send an e-mail to Mary. He encrypts his message
using either his private key or Mary’s public key.
Upon receipt, Mary decrypts the message using the
opposite key—that is, if the message had been
encrypted with Bob’s private key, then Mary uses
Bob’s public key. Conversely, if the message had
been encrypted using Mary’s public key, then Mary
would use her private key to decrypt the message.
Whether you encrypt with your private key or
the recipient’s public key depends on the reason
for encryption. For example: If Bob is concerned
about confidentiality—that is, he wants only Mary
to be able to see it—then Bob encrypts the message
with Mary’s public key. However, if Bob is
concerned about authentication—that is, assuring
Mary that he, not an imposter, sent the
e-mail—then he encrypts the message with his
private key, requiring Mary to open the e-mail
with Bob’s public key. If both
confidentiality and authenticity are desired, then
Bob uses the “double lock” method: Bob encrypts
his message with both his private key and Mary’s
public key. That way, Bob knows that only Mary can
open the message and Mary knows for sure that Bob
sent the message. PGP is available free to
noncommercial users. To download it and for more
information, go to www.nai.com/products/security/pgpfreeware.asp
. PGP is available in a variety of modes for
commercial users of various sizes, ranging from
standalone PCs for $52, to corporate desktop users
for $179. It’s also available for network users
for variable costs that depend on the number of
network nodes. One version for wireless appliances
goes for $52. You might want to consider
buying a commercial version because of its extra
features—the most important is that the user is
not tethered to one particular browser.
PGP is relatively easy to install and
configure—taking anywhere from 10 minutes (if you
accept the defaults) to two hours (if you
reconfigure every option). One advantage
of PGP over S/MIME is its acceptance rate. Since
PGP is the most widely used encryption software
package, compatibility is hardly ever an issue.
Additionally, it can be plugged into the most
popular e-mail software applications such as
Eudora, Microsoft Outlook and Netscape
Communicator. PGP has all facets of
encryption security, including a digital signature
module, and it provides telephone and online
support.
Disadvantage: If the sender chooses to
disseminate the PGP key widely, say, on a Web
site, then there is no way to be sure an imposter
didn’t obtain it. This risk eases if a digital
certificate authority is used for user
authentication, but this raises the cost (see
below). S/MIME is available free on the
Internet to all users and is included in the
Netscape Navigator and Microsoft Internet Explorer
browser packages. It’s available as a plug-in to
most e-mail packages. For more information, go to
www.baltimore.ie/products/mailsecure/index/html .
S/MIME is simple to configure and use—with
two major exceptions. S/MIME uses a shorter code
for its key, making it easier for a hacker to
crack, and S/MIME doesn’t rely on public keys;
instead it uses third-party authentication relying
on digital certificates. These contain the user’s
name, e-mail address and public key.
GETTING VERIFICATION
You can buy digital certificates from a
third-party digital certificate authority, of
which there are many. Two leading certificate
providers are VeriSign ( http://digitalid.verisign.com
) and Nortel ( www.nortelnetworks.com
). While prices vary, here are the particulars
for VeriSign:
A class 1 certificate costs $9.95. To
get it, the applicant completes only an identity
form—no proof required. VeriSign also offers a
free, six-month trial for noncommercial users.
A class 2 certificate costs $19.95.
The applicant is asked to provide only his or her
driver’s license and Social Security number.
A class 3 certificate varies from
about $300 to $1,000, depending on such things as
key length, and requires the applicant to undergo
a background check. Costs for the other
authorities vary according to the number of users
and the level of security. For a list of
certificate-granting authorities, go to www.pki-page.org
. Any organization can become a digital
certificate authority and thereby generate
certificates. This may be beneficial if the
organization has many employees who need to
encrypt e-mail.
Disadvantages: The less expensive
certificates offer little assurance of the user’s
identity. This means the certificate is only as
good as the granting authority. Another
downside is that each party to the
e-mail—sender and recipient—must obtain a digital
certificate. Finally, unlike public keys generated
by PGP, digital certificates expire and therefore
users must maintain and renew them at an
additional cost. (It should be noted that PGP
allows for digital certificates as
well; it does not require them, however.)
Now, here’s how S/MIME works: The sender—let’s
continue using Bob—encrypts his message to Mary
with his private key. Next, he uses his digital
certificate to “sign” the message. He also
includes Mary’s digital certificate if
confidentiality is desired. Upon receipt, Mary
compares the digital certificate “on file” at the
digital certificate authority with the one used to
sign the message. If the two agree, she’s assured
the sender is authentic and decrypts the message.
If Bob includes both his digital certificate and
Mary’s as well, then both confidentiality and
authenticity should be ensured.
MESSAGE TAMPERING
As good as encryption is, it doesn’t prevent
or detect someone’s tampering with the message
content during transmission. However, PGP and
S/MIME can detect message tampering by using their
digital signature features. PGP’s digital
signature software applies an algorithm (or
formula) to the message content that automatically
generates a unique code, or digital signature.
Bob, who is again sending a message to Mary,
appends his private key to the signature and the
two are attached to the e-mail. When Mary receives
the e-mail, she first decrypts the digital
signature using Bob’s public key. If signature
decryption is successful, she knows the sender is
authentic. Next, she opens the message
using Bob’s digital signature and that generates a
second algorithm. If the results of both
algorithms are the same, she knows the message
wasn’t tampered with during transmission.
S/MIME digital signatures also apply an
algorithm to the message content; the only
difference, again, is that the message is “signed”
using the digital certificate. Bob attaches his
signature to the e-mail and Mary compares the
digital certificate used to sign the message with
that on file, then applies the algorithm and
decrypts the message as described above.
As you can see, security is a double-edged
sword. While it does provide safety, it also adds
to complexity. Like it or not, you can’t have one
without the other. |