2. Introduction
Consider some situations where an end user may
take the active decision to use cryptography to
protect some data.
“End user” here refers to a user who is not
particularly computer literate and not part of a
wider organisation with centralised security
controls.
The two applications are:-
file encryption
email security.
3. File Protection
Two main reasons for a home user wanting to use
cryptography to protect a file:
Additional storage protection:-home users have basic
security controls that provide some protection against
unauthorised parties from accessing the files that are
stored on them. They not normally provide strong
protection. In addition, different types of portable
media have no default file storage protection
mechanisms.
File transfer security:- During the transfer of files the
end users are secure but channels are not secure.
4. Full Disk Encryption
It encrypts every bit of data contained on the computer
system.
Advantages in full disk encryption mechanisms:
Performance.
Avoidance of storage overhead.
One example of a full disk encryption mechanism is
BitLocker provides its security through both hardware and
software mechanisms by employing some of the
functionality of the Trusted Platform Module (TPM) chip
that is installed in some computer systems.
The main concern with a full disk encryption mechanism is
the implications of the loss of the key used to protect the
disk.
5. Virtual Disk Encryption
It is used to encrypt chunks of data, usually referred to
as containers.
The advantages of virtual disk encryption over full disk
encryption:
encrypt selected data on a disk.
provide security for data transfer and storage.
6. File Encryption
The advantage of file encryption is that it can protect
a file on a running computer system that an
attacker has gained access to.
File encryption is also appropriate for a user who
only occasionally needs to encrypt a file, usually for
transfer purposes
7. Email Security
Email is a common communication mechanism.
Two potential concerns about the security of email:
Confidentiality:-Usually email messages are
unprotected during their transfer from the email sender’s
device to the email receiver’s device. There are instances where
sent messages are no longer secure due to user mistakes. Thus
there is certainly a case that could be made for requiring
confidentiality of some types of email message.
Data origin authentication:-An informed attacker can
fairly easily generate forged emails or might easily read
genuine mails . Hence this is required.
8. Should Home Users Secure
Their Email?
Usually email messages are insecure.
In most cases a home user is likely to conclude
that securing email is unnecessary. However, it is
certainly wise to carefully consider the possible
implications of someone accessing information in a
specific email message. Certain types of data
should almost never be sent in an email.
The main problem here is the potential
inconvenience to recipients.
If a home user wishes to occasionally protect an
email message is to send the sensitive data in a
protected attachment(File encryption)
9. Email Security Applications
There are two well-known standards for protection of email:-
Open Pretty Good Privacy (OpenPGP)
Secure/Multipurpose Internet Mail Extensions
(S/MIME)
There are three ways in which email messages can be protected
using these applications:
Confidentiality only. This is provided by hybrid encryption.
Data origin authentication only. This is provided by a digital
signature scheme with appendix.
Confidentiality and data origin authentication:-a symmetric
encryption key is generated and the email message is digitally
signed.