Email Security - let's start with a short example:
Alice and Bob are upgrading from a long friendship in letter writing to the faster 21st-century version of email communication. But before getting started, Alice and Bob should understand that email also carries a level of risk and learn what some of the requirements are to mitigate those risks.
First, let’s have a look at how emails are sent.
Alice wants to email Bob who is not online; she uses SMTP (Simple Mail Transfer Protocol) to deliver the email from her server to Bob’s where it is then stored on a POP server (Post Office Protocol).
Once online, Bob can download the message from the POP server to his computer or mobile device and read it.
To use another example, Alice may work for a school or organisation. If she wants to email Bob from her work email, all her emails will be routed through a work server to Bob’s POP server and eventually his device.
You can look at the chain of communication as a string of attack vectors, where each area is a possible opportunity for a cyberattack or data breach, as follows:
- Alice and her system
- Alice’s organisation’s (or her own) SMTP server
- Alice’s or Alice’s work ISP (Internet Service Provider)
- Bob’s POP server
- Bob and his computer system
To protect against these 4 attack vectors, you need to ensure you have the following requirements at each stage:
- Message Integrity – the message sent and received are exactly the same.
- Message Confidentiality – the message is not exposed or readable to any third party.
- Message Authenticity – the recipient is very confident about the identity of the sender.
- Non-Repudiation – the sender cannot deny that they have sent a message.
The problem with email message integrity
Emails do not come with message integrity checks by default so, there is no standard way of knowing if your message hasn’t been changed during its travel to the recipient.
During its travel, it could bounce through several servers including an email scanning server.
Often, email malware and virus scans involve a slight change to the message header, either adding in its own entries or removing harmful content.
This process makes it more difficult to check integrity because the message is changed in the scanning process.
Message integrity can be verified using something called a hash. A hash is a result of encrypting a message with a chosen hash algorithm. The result is a string of characters known as a hash.
On arrival, the receiving server does a hash check to ensure that the hash from the sending server is the same as the hash that the receiving server has calculated for the message itself.
Message Confidentiality and Authenticity
Ensuring message confidentiality means knowing with great certainty that your message cannot be read by anyone other than who it is intended for. I group authenticity and confidentiality because the methods of providing these in the email are much the same.
Online, confidentiality is handled with encryption and digital identity, ensuring the message is only opened by the person it is intended for, also ensured that no third party is able to read it.
Encrypting the message is not enough to ensure confidentiality as an encrypted message could still come from a malicious source or if decryption keys are somehow discovered by a malicious third party, the message can be read by the wrong person on arrival.
PGP and S/MIME encryption techniques deal with this by binding a public and private key pair to an email address. The user must keep the private key secure at all times to ensure that only they can open the sender’s message.
Non-repudiation is very important for the future of digitisation in the workplace. If a sender cannot deny they have sent the message in question, then emails can have legal standing. This opens up opportunities for paperless workflows in the signing of and agreeing of contracts or work.
Integrity, authenticity and confidentiality play a role in non-repudiation but do not paint a full picture. Yes, we must say with a great deal of confidence that a message has not been changed, is from who it says it’s from and that it cannot be opened by anyone else.
While protocols used for internet communications can provide an assurance that a given client system is “talking” to its intended server, there’s no fool-proof method for recording a session where the client could not dispute this in a legal case with the service provider.
You can have authenticity and confidentiality without non-repudiation but you cannot have non-repudiation without confidentiality and authenticity.
Non-repudiation can be provided with a high level of confidence using a digital certificate managed and issued by a Certificate Authority.
The digital certificate would be linked to an email address and used to encrypt and sign messages. Additional options also allow some digital certificates (those used in signing and encrypting documents) to record timestamps for when data is changed and by who.
Understanding Email Encryption Techniques
Email encryption is not a simple concept to understand and is often left to the cryptographers and email providers to deal with.
Unfortunately, without a public understanding of how it all works, there aren't opportunities to scrutinise providers when they do not provide full security.
No email provider is currently ensuring all 4 areas are covered.
Gmail and Microsoft, for example, will provide end-to-end encryption ensuring confidentiality and integrity but not providing any means to authenticate the identity behind the sender or receiver.
As fraud and cyberattacks continue to rise, organisations and institutions must ask themselves how they’re ensuring protection in each area. If there are gaps with current email providers, they can be filled without the need to switch providers.
One way to do this is to integrate an email gateway solution. Email gateways provide a middle destination server for messages where they can be scanned, encrypted, validated and authenticated.
To request a demo of our email encryption gateway and see how it works in practice, contact us today.