1. 1
Yosef Gamble
10 June 2014
CS 325 - Dr. Harper
Email Security & Future Development
Abstract
This paper outlines some of the problems of email communications, specifically, the issue of
privacy of the Simple Mail Transfer Protocol (SMTP). This paper also explores 2 attempts to
solve email security, Public key infrastructure (PKI) and Pretty Good Privacy (PGP) encryption,
and the issues with these attempts that can still make encrypted information vulnerable to theft.
Also discussed, are solutions that are in current development. Modern email encryption solutions
are aiming to replace SMTP with new protocols such as Extensible Messaging and Presence
Protocol (XMPP) to address the problem of metadata leaks and difficult usability.
1. Introduction
Internet privacy has become the forefront of discussion in the media and online for the
last two years. With the role of the United States’ National Security Agency (NSA) being
revealed, people around the world have become more concerned about their own personal
privacy online, especially in regards to text-based communication. Communication mediums
such as email, text messaging, and social networking have all come under scrutiny for providing
global government agencies with easy access to private information without a person’s consent.
But there are a very limited amount of options for people to secure their data. For some people,
there is a lack of knowledge or ability to be able to encrypt information, but many experienced
computer users know that the real reason is because snooping government agencies were not
2. 2
always on the minds of security professionals who helped make internet communication the way
it is today.
2. Email Security
The way that email works is naturally insecure and vulnerable to cyber-criminals.
According to Danny Bradbury, in “Can We Make Email Secure”, “Email has always been
insecure”. Bradbury states that email relies upon an outdated system that has not evolved to
accommodate the modern necessities of internet communication. The modern standard for email
communication, called Simple Mail Transfer Protocol (SMTP), was developed when
“collaboration and openness” were necessary. But as internet grew and online services became
more security conscious, email did not change to accommodate the modern concerns regarding
security and privacy (Bradbury 2014).
Danny Bradbury explains that when an email is sent, the message is formatted in plain
text, using the Multipurpose Internet Mail Extension (MIME) and includes metadata that
contains the email sender’s IP address and route information that the email travelled through a
server, revealing exactly where the email came from and who possibly sent it. Using the IP
address in the email header, a reverse lookup could reveal the geographic location of the email
sender (Bradbury 2014).
The main reason why information is so vulnerable in email is because of the way it
travels, In order for the email to reach the recipient’s inbox, it is relayed to an SMTP server that
belongs to the domain name contained in the email address. The relay process uses a list of
addresses in the server called a mail exchange (MX) record to look up the inbox that the email
should be sent to. If the email is valid and the inbox is found, the email arrives in the correct
inbox. If the email is not found, or if there are complications in finding the correct server, the
3. 3
email is “bounced” around until the right inbox is found. The problem with this protocol is that
there is a possibility that the email could be intercepted during this process. There is a way to
encrypt the email contents called Secure Multipurpose Internet Mail Extension (S/MIME), but it
is not widely used and does not address the problem with metadata (Bradbury 2014). Since the
email protocol hasn’t been changed, the best way to send sensitive information via email is by
encrypting the email message itself.
3. PKI Encryption
According to Carl Ellison and Bruce Schneier’s article, “Risks of PKI: Secure Email”, an
encryption standard called Public-key infrastructure (PKI) became the “cure all for security
problems”. PKI provided a level of security, trust, and privacy for corporate email users (Ellison
& Schneier 2000). PKI relied on the digital certificates, sold by third-party venders, called
certificate authorities (CA), to encrypt an email and sign the email with a unique verified
signature. The certificate has to be bought on an annual basis, and requires that each person is
issued an identification that is linked to the main certificate. This method was aimed to ensured
trust in which an encrypted email could be sent where both the sender and recipient are able to
encrypt, verify, and decrypt an email (Ellison & Schneier 2000).
With separate identities being tied to one main certificate used by a company or group,
there were a number of security problems that came up. First, the theft of a certificate would
compromise this entire network, and give thief the ability to decrypt any email using that
particular certificate. Second, the advent of having to use a third-party CA presents the
possibility of uncontrolled access if the CA is compromised. Last, a large company or group may
run the risk of having to provide identity certificates to people with similar names, which may
create a security problem due to the confusion that could cause (Ellison & Schneier 2000).
4. 4
4. PGP Encryption
According to Carl Ellison and Bruce Schneier in, “Risks of PKI: Secure Email”, The
problems addressed are the reason why a standard called Pretty Good Privacy (PGP) became
more favoured for email encryption, especially for non-commercial groups and individuals
concerned about privacy who did not want to pay for enterprise software or annual certificate
licences. PGP certificates are free and do not require a CA to obtain them. With PGP, a user who
wishes to send and receive encrypted email will generate a two keys, a public and a private key.
The public key is available to the intended contacts in order for them to encrypt an email, and the
private key is used to decrypt any text or file that is encrypted using the associated public key.
The private key is unique for everyone and is never shared to anyone else besides the key owner.
A group of multiple people can associate their identities with a set of private and public keys,
and form a web-of-trust. In a web-of-trust, each individual in a group signs their public keys with
the private key, minimising the risk of an unauthorised person encrypting information the a
stolen certificate (Ellison & Schneier 2000). The other main reason why PGP became a standard
was because the certificate was generated by free open-source cryptography programs such as
OpenPGP and GNU Privacy guard (GPG) (Nguyen, 2004).
As Phong Nguyen’s journal, “Can We Trust Cryptographic Software? Cryptographic
Flaws in GNU Privacy Guard v1.2.3”, illustrates, PGP implementation can have drawbacks.
While the algorithm is nearly impossible for even a modern supercomputer to crack, the software
that creates the keys may be subject to bugs and flaws that can compromise private encryption
keys. One such flaw happened with GNU Privacy Guard (GPG) v1.2.3 encryption software. An
attack on an arbitrary message generated with the ElGamal algorithm, in this particular version,
5. 5
allowed the private key to easily be recovered. A serious bug like this showed that software does
not always implement the best encryption techniques (Nguyen 2004).
With the advent of PGP, S/MIME, and various other encryption tools out there, there are
still a great number of challenges to ensure absolute privacy for email users. According to
Jiangshan Yu, Vincent Cheval, and Mark Ryan, in “Challenges with End-to-End Email
Encryption”, there are a few problems that have yet to be resolved. One is the challenge with
law-enforcement. Email services that aim to provide a secure email platform are threatened to
shut down if the government agencies aren’t provided access to plain text data. For example, the
secure email company, lavabit, was forced “to shut down its service to prevent being forced by
the NSA to sabotage its own encryption”. The same fate was met for PrivateSky, which shut
down “because of the pressure from GCHQ” (Yu, Cheval & Ryan 2014).
5. Future Development
As for the future of email security, it seems like it will remain a cat and mouse game
between privacy advocates and the global governments that want access to information. The
development of modern email communication networks are going down to the root of the
problem with email, and moving away from using the SMTP protocol. According to Danny
Bradbury, the creators of the now defunct lavabit and Silent Circle, are working on a new project
of securing email communication called Dark Mail. The purpose of Dark Mail is to replace the
SMTP with a protocol called Extensible Messaging and Presence Protocol (XMPP). If an email
from an SMTP supported service is introduced to the Dark Mail server, the message will be
converted to ensure that the Dark Mail network is secure. With this service, headers would not be
included in the email, and only the IP address would be exposed, something that can be hidden
using an anonymiser program (Bradbury 2014).
6. 6
Possibly, the introduction to an end-to-end email system like Dark Mail, that will require
little to no effort on the user’s part to secure a message, is something that could possibly help
encourage more people to encrypt their email messages. According to “Challenges With End-to-
End Encryption”, a new proposed project, named Confimail, is attempting to do just that. The
idea behind Confimail is to “provide e2e email encryption, claimed to be user friendly, while
without requiring a trusted party” (Yu, Cheval & Ryan 2014).
More future development of email encryption services would possibly become more
focused on the user experience. According to Phillip Hallam-Baker’s article, “Privacy Protected
Email”, the reason why most people do not encrypt email is because “the number of users who
can accept an encrypted email is vanishingly small”. Encrypting an email can be very difficult to
do. GPG and most other encryption software do not have a graphical user interface, and instead
rely on terminal commands to work. On top of that, the person sending an email has to do all of
the work of installing the encryption software, generating the keys, and making sure that the
recipient can receive and decrypt the email message (Hallam-Baker 2014). The increased use of
webmail has also made encryption more complex. In order to encrypt an email message in gmail
for instance, it would require a third party javascript in order to achieve that (Yu, Cheval & Ryan
2014).
6. Conclusion
While the issue of civil liberties and the right to privacy, there may be a good reason why
law-enforcement is nervous about email communication that is untraceable. People involved in
criminal organisations will go through any length to hide their activities from law-enforcement,
including the use of encryption. As much as it seems like the NSA is hunting random data just
because they can, national security plays a big role in their decisions to have access to secure
7. 7
email services. In “Organized Crime, Terrorism and Cybercrime”, Louise I. Shelley reveals that
“The hijackers of the September, 11th planes were aware that their phones and cell phones might
be tapped”, and that “international drug traffickers are among the most widespread users of
encrypted messages, coded messages by cell and satellite phones and use anonymizer features on
computers” (Shelley 2003).
The truth is, security professionals and political activists will always try to find ways to
protect the right to privacy, whether it is helping develop new ways to encrypt messages or using
the tools already available on the market. And as time goes on, new email protocols such as
XMPP will greatly improve the usability and anonymity that S/MIME and PGP had failed to
address.
8. 8
Works Cited
Bradbury, D. (2014, March). Can we make email secure? Network Security, 2014(3), 13-16.
Retrieved May 27, 2014, from ACM Database.
Ellison, C., & Schneier, B. (2000). Risks of pki: Secure email. Communications of the ACM,
43(1), 160.
Hallam-Baker P. (2014). Privacy protected email. Retrieved from
https://www.w3.org/2014/strint/papers/01.pdf
Nguyen P. (2004). Can we trust cryptographic software? cryptographic flaws in gnu privacy
guard
V1.2.3. In C. Cachin and J. Camenisch (Eds.), Advances in Cryptology - EUROCRYPT
2004, 3027, 555-570.
Shelley L. I. (2003). Organized crime, terrorism and cybercrime. In A. Bryden, P. Fluri (Eds.),
Security sector reform: Institutions, society and good governance (pp. 303-312).
Baden-Baden, DE: Nomos Verlagsgesellschaft.
Yu J., Cheval V., Ryan M. (2014). Challenges with end-to-end email encryption. Retrieved from
https://www.w3.org/2014/strint/papers/08.pdf