Secure Enterprise Email

Many of us make false assumptions about the security of our "personal" or "private" communications. For example, when we phone a friend, we don't think about someone monitoring the call. When we send a letter, we don't consider that someone can intercept it. And when we send email, we don't expect anyone to alter its contents.

The truth is that all these communications methods are subject to interception and intrusion. Analog phone lines can be tapped. Cellular phone calls can be picked up on wireless scanners. Letters can be intercepted, compromised, and re-mailed. And email can be monitored, altered, or forged.

Some people don't worry because they don't send particularly valuable information. However, since worldwide email has emerged as an important component in today's business world, people have been transmitting increasingly important--and extremely valuable--information through the Internet and other public networks (see the sidebar, "Internet Email Architecture," ). Fortunately, new email standards and extensions are emerging to address the need for secure email delivery.

Concepts and Techniques
The most important technique in computer security is encryption. Secure or scrambled voice telephone lines and satellite television signals, and the secret codes that the military uses are examples of encryption. Encryption algorithms, such as the Data Encryption Standard (DES), the International Data Encryption Algorithm (IDEA), and RC2, transform data until no trace of it is left. IDEA is a symmetric-key block-cipher algorithm newer than, but similar to, DES. RC2 is a variable key-size, symmetric-key block-cipher algorithm also similar to DES and popular for exportable cryptographic systems because of its variable-length key.

An encryption key is required to return encrypted data to its original form. An encryption key is a binary value 40 or more bits long. With a good algorithm, you must have every bit of the key correct to retrieve any encrypted information. Even if you have 55 of 56 bits correct, decryption cannot occur. The longer the key is, the stronger the security is.

No encryption scheme can claim to be secure forever. Today, a home computer can crack World War II's best encryption algorithms in just a few minutes. In 100 years, some new device may crack today's algorithms just as easily. Fortunately, most secrets don't need to be kept forever. A monetary consideration is that the value of encrypted information determines whether accessing it is worth the price: If you can ensure secrecy either until no one cares about the information or so that cracking the code costs more than the information is worth, it's "secure enough."

For example a 40-bit key takes about $10,000 worth of supercomputer time and two weeks to crack. Although this key may be adequate to protect my checking account, it's probably not large enough for the accounts of a major corporation.

A slightly longer key of 56 bits re-quires millions of dollars to crack and should protect the information for years to come. A 56-bit encryption key has 2⁵⁶--or 72 quadrillion--possible keys. With 1000 computers, each trying 1,000,000 keys per second, trying them all would take 833 days. On average, you find the key halfway through your search.

An even longer key of 168 bits requires more money and potentially extends the data's secrecy for hundreds of years. With 168-bit keys, there are 2¹⁶⁸ possible keys. This number is so staggeringly large that nothing can give you a feel for it. Suffice it to say that 1000 computers wouldn't be even close to trying all the keys by the time the sun finally burns out. That's probably secure enough for anything you want to protect.

The two basic kinds of encryption algorithms are symmetric key and public key.

• Symmetric-key algorithms require that both the person encrypting and the person decrypting have the same key. A real problem with how to securely share keys between two or more parties is that most security systems based solely on symmetric-key algorithms break down in the area of key management. Symmetric-key algorithms, however, are a lot faster than public-key algorithms. DES, IDEA, and RC2 are symmetric-key algorithms.
• Public-key algorithms use two keys: a public key and a private key. The public key is available to everyone you want to have access to your system. Your private key is your secret. For example, you might use your private key to digitally sign your email; then anyone with the public key will know that you--and only you--signed it. Unfortunately, public-key algorithms are extremely slow. To get around the speed issue, you can use a faster technique, such as a message-digest algorithm, to reduce the amount of data and then use a public-key algorithm to encrypt that smaller amount.

One public-key algorithm, the Diffie-Hellman key exchange, lets the sender and the receiver share a symmetric key securely. Thus, you can use a symmetric-key algorithm to encrypt the message. This combination achieves both speed and security.