Cryptography Reference
In-Depth Information
as well as passing through various potentially unprotected networks. There are
many points at which, at least in theory, the contents of an email message
could be viewed by someone other than the intended recipient. In addition,
users sometimes mistakenly send email to the wrong recipient, for example,
by replying to all the recipients of an email rather than just the original sender.
Thus there is certainly a case that could be made for requiring confidentiality
of some types of email message.
Data origin authentication
. Email messages are structured using a simple
protocol that facilitates their transfer. This protocol includes fields for
specifying the sender, recipient and subject, as well as the message itself. An
informed attacker can fairly easily generate forged emails. In addition, at most
of the points at which an attacker can read a genuine email (see confidentiality
concerns), the attacker could intercept and make changes to the email message
before forwarding it on to the recipient. This also makes a case for requiring
data origin authentication of email messages. Indeed, for some email messages
we might even want to go further and require non-repudiation, but data origin
authentication probably suffices for most traffic.
In certain corporate or government environments the above concerns are
sufficiently important that email applications are deployed that provide these
security services, sometimes applying protection by default to all email messages.
We will shortly discuss the typical use of cryptography in these solutions, but first
consider the appropriateness of secure email to a home user.
SHOULD HOME USERS SECURE THEIR EMAIL?
As we have just seen, in theory, email messages are insecure. It is thus unwise
for anyone to send highly confidential information in the body of a normal email
message. Confidential information is probably better protected by conveying it
using an alternative communication channel, if available, perhaps by telephone.
However, home users need to be realistic about the threats facing their email.
An informal risk assessment should be undertaken about the likelihood that
someone does want to interfere with a home user's email. This should consider the
environment within which the home user is operating (the other parties who may
have access to the user's email, the general security practices of the home user, the
local network, etc.), the wider infrastructure (for example, the reputation of the
user's ISP) and the nature of the information that the user exchanges using email.
In most cases a home user is likely to conclude that securing email is
unnecessary. However, it is certainly wise to carefully consider the possible
implications of someone accessing information in a specific email message.
Certain types of data should almost never be sent in an email. For example,
credit card numbers in unprotected emails can be detected by automatic scanning
of network traffic.
The main problem facing a home user who decides that they do want to
protect the email that they send is the potential inconvenience to recipients. As we
