8-7 E-mail Security Using Pretty Good Privacy
WILLIAM STALLINGS
Users who rely on electronic mail for business or personal communications should beware. Messages sent over a network are subject to eavesdropping. If the messages are stored in a file, they are subject to perusal months or even years later. There is also the threat of impersonation and that a message may not be from the party it claims to be from.
Protection is available in the form of Pretty Good Privacy (PGP), an E-mail security package developed by Phil Zimmermann that combines confidentiality and digital signature capabilities to provide a powerful, virtually unbreakable, and easy-to-use package.
PGP DEFINED
The most notable features of this E-mail security program are that it:
- Enables people to send E-mail messages that are secure from eavesdropping. Only the intended recipient can read a PGP message.
- Enables people to send E-mail messages that are guaranteed authentic. The recipient is ensured that the PGP message was created by the person who claims to have created it and that no one has altered the message since it was created.
- Is available as freeware on the Internet, many electronic bulletin boards, and most commercial services such as CompuServe.
- Is available in versions for DOS, Macintosh, UNIX, Amiga, OS/2, VMS, and other operating systems.
- Works with any E-mail package to create secure E-mail messages.
E-MAIL RISKS
PGP provides protection from the threat of eavesdropping. A message sent over the Internet can pass through a handful of mail forwarders and dozens of packet-switching nodes. A systems administrator or someone who has gained privileged access to any of these transfer points is in a position to read those messages.
Although E-mail users may feel they have nothing to hide, they may someday want to correspond with their lawyers or accountants using the Internet, or they may work for companies that want to send proprietary information over the Internet. Many people already use the Internet for sending highly personal or sensitive messages.
There is also a civil liberties issue to be concerned about. The police, intelligence, and other security forces of the government can easily monitor digital and computerized E-mail messages, looking for key words, names, and patterns of exchanges. Any user could be innocently caught up in such a net.
Authenticity of messages poses another potential risk. It is not difficult to spoof the network into sending a message with an incorrect return address, enabling impersonation. It is also relatively easy to trap a message along its path, alter the contents, and then send it on its way.
For example, if a user is on a shared system, such as a UNIX system that hooks into the Internet, then the impersonator could be someone with superuser privileges on the system. Such a person could divert all incoming and outgoing traffic from an unsuspecting mailbox to a special file. The impersonator could also have access to a router, mail bridge, or other type of gateway through which all traffic between the user and a correspondent must pass. Such impersonators could use their privileged status on the gateway to intercept mail and to create and send mail with a fraudulent return address.
PGPS HISTORY: PRIVACY
PGP is a legitimate tool that can be used for legitimate reasons by ordinary citizens, although some users consider it slightly suspect.
Phil Zimmermann began working on PGP in the 1980s and released the first version in 1991. One of the key motivating factors for PGPs development was an effort by the FBI to secure passage of a law that would ban certain forms of security algorithms and force computer manufacturers to implement security features for E-mail that could be bypassed by government agencies. Zimmerman saw this as a threat to privacy and freedom. Thus, PGP was conceived as a package that could be used by the average person on a small system to provide E-mail privacy and authenticity. Zimmerman accomplished this by:
- Selecting the best available security algorithms as building blocks.
- Integrating these algorithms into a general-purpose application that is independent of the operating system and processor and that is based on a small set of easy-to-use commands.
- Making the package and its documentation, including the source code, free and widely available.
Because PGP uses encryption algorithms, it was subject to export controls. An encryption algorithm lets users scramble a message in such a way that allows only the intended recipient to unscramble it.
Encryption algorithms are classified by the US government as armaments and fall under the International Trafficking in Armaments Regulations (ITAR). ITAR requires that users get an export license from the State Department to export armaments. In practice, the State Department will not grant any such license for strong encryption algorithms, and PGP uses two of the strongest.
This problem does not need to concern the average user because there is no law against using PGP in the US. There is also no law outside the US to prevent use of a product that was illegally exported from the US. Furthermore, some of the more recent versions of PGP actually originated outside the US, eliminating the problem altogether.
A second problem has to do with patents. One of the two encryption algorithms in PGP is known as Rivest-Shamir-Adleman (RSA). Anyone using PGP inside the US was, for a time, potentially subject to a lawsuit for RSA patent infringement.
A new release of PGP, known as version 2.6, which was developed at MIT with the supervision of Phil Zimmermann, has patent approval from the RSA patent holders. Like the original PGP, this version has also made its way onto bulletin boards and Internet sites outside the US. In addition, a compatible non-US version 2.6 was created outside the US. As long as a user chooses any of the flavors of version 2.6, there is no infringment on any patents.
|