Remember in the old days when we only had snail mail as a method of communicating in writing with our friends, family and colleagues? That’s providing you discount pigeon mail. We almost always popped our letter of note into an envelope, unless of course we were sending a “wish you were here” postcard from sunnier climes. Well isn’t it funny that in todays electronically connected world we almost always send our communications via the digital equivalent of a postcard… Email!
I wonder why? Do we believe that no one except our intended recipient reads the emails we send? Because if you think about it for more than a second you know that’s not the case. How else do you imagine the likes of Google and other online businesses seem to know exactly what we might be interested in. Not too mention big brother our friendly government spooks who scan everything in the name of anti terrorism. Have we suddenly decided that we no longer care who can read what we might be saying, what information we might be relaying? I don’t think so! I guess we have all become a little lazy, or maybe we didn’t know how easy it could be to read these online communications. Or could it be that to do anything constructive to prevent our email from being read by all and sundry is just too difficult, expensive and time consuming. Well I’m hear to tell you that finally it needn’t be a pain any longer and what’s more in this age where your stolen identity can be a real nightmare the like of which you really don’t want to get involved with it’s time to look again at our emailing habits.
The Electronic Envelope
I believe we have always needed an electronic envelope for our email, it’s nothing new it’s called encryption. But the very mention of the word encryption tends to make people back away. Way too complicated! How on earth am I going to get that sorted and then let all my possible recipients get on-board with the idea of decrypting what I’ve sent them. More trouble that the risks involved, that’s the usual response.
Well no more I promise you. Out there right now are products that make use of identity-based encryption, which once utilised can be modelled to be simplicity it’s self in execution.
Why Identity-based Encryption?
Here are three good reasons why identity-based encryption is definitely the answer where email is concerned:
- With identity-based encryption you immediately ensure you link the content to be protected and shared with the intended recipient.
- There needn’t be yet another password that has to be remembered.
- The user doesn’t need to understand “key pairs” along with the necessary need to exchange/share their public key.
The brilliant think about email is that we all have a unique address, knowing this we can construct an identity-based encryption system based on that single fact.
No Limits
Given that we don’t just share emails with our contacts, we also fairly regularly share files, we can also extend this type of system to include file transfer. Even to cover removable media such as disks, thumb drives, CD-ROMs pretty much anything you want to protect. There need not be a limit to this system.
How Does It Work
In simple terms this is how it works. Using a persons email address as the core input data a “Key pair” can be generated which are then used to encrypt and decrypt the target data. A “Key pair” consists of a public key and a private key. The public key can be freely shared with anyone, it’s does the encryption that only it’s private key partner can decrypt.
In our example of an identity-based encryption system when we send an email to a recipient it uses that persons email address to generate the key pair required, allowing access to the public key that will encrypt the email. On receipt of the email by the addressee they will be authenticated by their email address and given access automatically to the private key to decrypt the email. All of this can be done “behind the scene” so to speak so that the recipient is not troubled by the complexity of what has just happened.
Meanwhile whilst the email was in transit or at rest in the inbox of the recipient it is in encrypted form, safe within it’s electronic envelope. Simple and yet smart!
These key pairs can be made to be one-time pairs. They will only apply to one email or data exchange further improving the security. Since each key pairing is only good for one exchange, if they were to be compromised it will not result in and future or past exchanges being put at risk, clever! A new key pair will be generated each time the system is used, still based on the recipients email address.
What to Look For
Your convinced, I want this type of functionality. But where do I go? Things to consider are:
- How good is the algorithm being used?
- Has the algorithm been implemented correctly?
- Has sufficient entropy been collected to utilise the full force of the algorithm?
Pardon? I know! This is where it gets quite technical. However there is a simple way of ensuring you are looking at a well thought out product that has been independently certified by professionals. Look for the following logos on vendors websites;
These marks indicate that the product has gone through rigorous certification and as a result you can be assure that it offers robust protection. Egress Software Technologies is the first UK encryption company to become CESG certified with their email and file encryption product Switch, and I’m sure with the importance of this government approval other providers will be trying their best to gain this same high level accreditation.