106
Chap. 7
Security in Networks
7.6
Secure E-mail
The final control we consider in detail is secure e-mail. Think about how much you use e-
mail and how much you rely on the accuracy of its contents. How would you react if you
received a message from your instructor saying that because you had done so well in your
course so far, you were excused from doing any further work in it? What if that message
were a joke from a classmate? We rely on e-mail's confidentiality and integrity for sensi-
tive and important communications, even though ordinary e-mail has almost no confiden-
tiality or integrity. In this section we investigate how to add confidentiality and integrity
protection to ordinary e-mail.
Security Threats for E-mail
E-mail is vital for today's commerce, as well a convenient medium for communications
among ordinary users. But, as we noted earlier, e-mail is very public, exposed at every
point from the sender's workstation to the recipient's screen. Just as you would not put
sensitive or private thoughts on a postcard, you must also acknowledge that e-mail mes-
sages are exposed and available for others to read.
It is clear that there are times when we would like e-mail to be more secure. To define
and implement a more secure form, we begin by examining the exposures of ordinary e-
mail.
Requirements and Solutions
Consider threats to electronic mail:
· message interception (confidentiality)
· message interception (blocked delivery)
· message interception and subsequent replay
· message content modification
· message origin modification
· message content forgery by outsider
· message origin forgery by outsider
· message content forgery by recipient
· message origin forgery by recipient
· denial of message transmission
Confidentiality and content forgery are often handled by encryption. Encryption can also
help in a defense against replay, although we would also have to use a protocol in which each
message contains something unique that is encrypted. Symmetric encryption cannot protect
against forgery by a recipient, since both sender and recipient share a common key; however,
public key schemes can let a recipient decrypt but not encrypt. Because of lack of control
over the middle points of a network, it is difficult for a sender or receiver to protect against
blocked delivery.
If we were to make a list of the requirements for secure e-mail, our wish list would
include the following protections.