Cryptography Reference
In-Depth Information
system that an attacker has gained access to. Contrast this situation with, for
example, a full disk encryption mechanism running on a computer that the user
has authenticated to and then (foolishly) walked off and left unattended. Unlike
full and virtual disk encryption, however, file (and folder) encryption do not
normally prevent an attacker from learning data associated with the file, such as
file size, file type and the folder name in which the file resides.
Some operating systems provide in-built file encryption, such as the
Encrypting
File System
(EFS) deployed in many Microsoft operating systems. EFS uses hybrid
encryption to protect a file by first encrypting it with a unique symmetric key,
which is then itself encrypted using the user's public key. The user's private key
is then required in order to decrypt. One issue with in-built file encryption of
this type is that the protection is not always maintained when the encrypted file
is transferred to another storage medium. However, there are many third-party
software applications providing general file encryption capability, some of which
support transfer of encrypted data.
File encryption is also appropriate for a user who only occasionally needs to
encrypt a file, usually for transfer purposes. An example of encryption software
for casual encryption of this type is
GNU Privacy Guard
(GPG). This uses hybrid
encryption to encrypt files, as well as supporting digital signatures. A range of
patent-free symmetric and public-key algorithms are supported. Users generate
their own key pairs locally, using a passphrase to generate, and later activate,
a key encrypting key that is used to protect the decryption key. Public-key
management is lightweight and left at the user's discretion. Users could, for
example, exchange public keys directly with known contacts or use a web of
trust (see Section 11.4.1).
Finally, some application software supports encryption for specific data
formats. For example, Adobe software allows users to encrypt pdf files. Adobe
originally used RC4 but now also supports AES. The key is activated using a
password, which can be sent to the recipient of an encrypted file in order to allow
them to decrypt and view it.
12.7.2
Email security
Email has become a common communication mechanism for many people.
Indeed, many of us use email almost every day. Thus users should at least consider
the issue of email security. We will shortly discuss whether home users really need
to secure their email or not.
EMAIL SECURITY REQUIREMENTS
There are two potential concerns about the security of email:
Confidentiality
. By default, email messages are unprotected during their transfer
from the email sender's device to the email receiver's device. During that
transfer the email message resides on several email servers and internet routers,
