The following is the third post in a series entitled, “Securing your Email.” If you’re just tuning in and you’re not very familiar with words like “digital signature” and “public-key cryptography,” you may want to take a few minutes to read the first two posts in this series.

After reading my earlier posts, hopefully you’ve gotten a better understanding of what digital signatures and encrypted emails are and why they can be necessary. Before getting into the technical details of how to obtain or create an encryption key, you should gain a better understanding of how keys are authenticated. After all, this entire process is about learning to trust a system more than a plain old email. So why should you trust an email with a digital signature more than a normal email? How do you know whether that digital signature is even valid? Your recipients need a way to verify that your digital signature actually belongs to you. There are two competing theories (or “schemes”) about how this should be done, each with advantages and disadvantages. Both involve “verifying” that the identity of someone’s key matches their true identity in real life. A key is considered “verified” when a person or company signs the key. By signing a key, the signer is asserting two things: the person is who they say they are and their identity matches their key.

In the public key infrastructure (PKI) scheme, a certificate authority is responsible for this verification. You’ve probably heard of Verisign, the most popular certificate authority. Certificate authorities are companies who take responsibility for verifying that your key matches your identity (as determined by a driver’s license or passport) in exchange for a fee. For example, an individual “Digital ID” from Verisign costs $20/year. Thus, for a fairly nominal fee you get a verified encryption key that can be used to digitally sign or even encrypt emails. In order to do this, you’ll need to use a desktop email client, such as Microsoft Outlook Express or Mozilla Thunderbird, or you’ll need to use a browser-based plug-in for web email, such as the GMail S/MIME extension for Firefox. It’s important to realize that your recipients also need to use one of these applications to be able to check your digital signature or decrypt your email messages.

While the PKI scheme costs an annual fee, nearly all of the work and upkeep is done by the certificate authority. The user simply has to purchase the key and start using it. Cost aside, however, many people in the computer industry do not trust keys that are signed by certificate authorities simply because the companies can be easily subverted. In other words, they do not trust that the certificate authorities are doing their jobs thoroughly. People claim that for your $20, you can get a certificate identifying you as basically whomever you want. If true, this destroys the integrity of the entire system. Once they have your $20, does the company have a significant interest in whether you actually are who you say you are? You also have to wonder how much you can trust a lesser known certificate authority. For example, if you got a message from Joe, whose key was verified by Jimbo’s Certificates, would you be more likely to trust Joe’s signature? Less likely? Also, what happens if a certificate authority goes bankrupt?

As an alternative to PKI, the web-of-trust (WOT) scheme is used. Instead of a central company (or set of companies) in charge of certifying people’s identities, groups of users validate each other’s identity. You first need to create an encryption key on your computer, which I will cover in my next post. Your key will have a “digital ID number.” You then need to meet in person and exchange “digital ID numbers” with your friends and colleagues. Once you’re back at a computer, if you’re satisfied with someone’s identity you can use this number to locate their key on the web and sign it. You’re essentially saying, “I met this person, and I can confirm their identity and that this is their true key.”

Using this scheme reduces cost (it’s free), and thus eliminates the bias of companies that are more concerned with profit than actual validity. Plus, multiple validations for a given key should greatly increase your ability to trust it. If 15 of your close friends have verified Joe’s key, would you be more likely to trust Joe’s signature or less likely? A disadvantage of the WOT scheme is that without a backing company, it is usually a lot more work for the individuals. You can’t just pay someone $20/year to take care of it for you. It also usually involves meeting face-to-face with people in order to verify their identity or have them verify yours, which can be difficult for some people depending on where they live. Fortunately, with the advent of free software tools like key servers, it is really easy to assess the trust level of a person’s key.

As with PKI, you need software tools to be able to digitally sign or encrypt an email. You’ll also need this software to be able to verify someone’s signature and decrypt an email. Some examples of these tools are the Enigmail plug-in for Mozilla Thunderbird or the FireGPG Firefox extension for GMail. I will go through how to use these two applications in more detail in my next post.

Now that you’ve got a good background on how key validation works, you’re ready to get started with your own key. If you’d like to purchase a key from a certificate authority, go for it. Unfortunately, I can’t describe how to use it in detail since I’ve never purchased one, but some of the information I’ll provide may still be helpful. In my next post in this series, I’ll show you how to use free software to create your own encryption key right on your computer for free. I’ll also discuss how to use it and how to get started in the web-of-trust.

The following is the second post in a series entitled, “Securing your Email.” Throughout the post, I am going to be referencing an analogy about mailing a letter that I described in the first post of the series. If you’re not familiar with it, you may want to take a minute to read it. I’ll wait…

There are a number of ways you can make email a more secure form of communication. One of the easiest ways to start patching holes in your current system is to look for major lapses in security and take care of those first. In my analogy, multiple security threats could be effectively eliminated by handing your postcard directly to the mail carrier and having your boss’ mail carrier hand it directly to him or her. That way, the postcard is never left sitting in an insecure location. There’s no chance for a random person walking down the street to read, copy, or change your message. If you really trust your postal workers and your message doesn’t contain too much sensitive information, this may be all the protection you need.

The equivalent in the email world is making sure you do all of your communication to and from your email provider over a secure connection. This is actually really easy to do, as long as your email provider supports it. Since GMail is fairly ubiquitous these days, I’ll use them as an example.

You want to make sure you’re viewing, sending, and receiving email over a secure connection. If you’re using a web browser to access GMail, you just need to make sure you log in using https://gmail.com (note the https). GMail also intelligently offers an option to “Always connect using https,” which makes sure you never forget and leave a postcard sitting out by the curb. I highly recommend enabling that option if you haven’t already. If you’re using a desktop mail client like Outlook or Thunderbird to access your email, make sure you specify a TLS or SSL connection when you’re setting up your account. By making sure the connection to and from your email service is secure, you’ve eliminated a major lapse in email security. Since many email services offer (or even require) it, it’s a good idea to get into the habit of verifying that you’re communicating over a secure connection whenever you check your email. It’s also imperative that you’re using a secure connection if you’re emailing on public networks, especially insecure wireless networks.

But what if your email service doesn’t offer secure connections? Or what if that’s not enough? Personally, I don’t think it is! If you look back to my analogy, you’ll see that there are still a number of prominent security threats. For example, what if some nefarious character at the post office tampers with your message?

The best way to deal with the remaining threats is using public-key cryptography. This is a fairly complicated topic, and I’ll only be scratching the surface of it in my posts. For now, let’s say that all you need is a file on your computer called an encryption key. In future posts, I’ll briefly cover how to obtain and use an encryption key and some of the basic theory behind public-key cryptography. For now, let’s understand some of problems that public-key cryptography aims to solve.

In my analogy, I pointed out that upon receiving your message, your boss has no way to verify whether you were the original author. In the real world, a person uses their written signature to symbolize a document’s authenticity. Unfortunately, forged signatures are sometimes difficult to spot, except by experts. To provide an extra layer of verification, important documents that have been authenticated usually bear a seal. In the old days, many important people sealed their letters using some wax that they would impress with a unique design. This ensured the recipient that a document had not been tampered with en-route. Today, an official document whose signature was verified by a notary public also bears a seal. A digital signature is similar to a seal. It asserts that all (or part) of an electronic document was verified by the signer and that it has not been tampered with en-route. Since the documents are electronic, this makes a digital signature much more portable than a paper document bearing a seal. Unlike a wax-sealed message, digital signatures do not prevent anyone who comes across the message from reading or copying it. It is simply a indicator of the author’s authenticity.

If you need to send a message that contains extremely private information, which no one but the intended recipient must see, the message needs to be encrypted. As you can probably guess, this is means that even if someone were to examine the message text, they would not be able to read it. For example, the Enigma machine was used by the Germans in World War II to encrypt messages between their armies. An encrypted message contains a long string of seemingly random letters and numbers that have been disguised using a code. Messages are encoded so that only a person who has the proper key can unlock the code and reveal the original message. This is starting to sound a bit like a Dan Brown novel, isn’t it? Aside from that, encryption is kind of boring. It does its job really well, and as long as you pick an adequate passphrase for your encryption key, your information is fairly secure. Just make sure the Allies don’t capture your Enigma machine, or you might be sunk.

My purpose here is not to convince everyone to start using public-key cryptography to digitally sign or encrypt all of their emails. My purpose is to help you understand how insecure your email is and why this extra security is used and ultimately necessary in a lot of situations. Many of us have come to rely heavily on email as form of communication. If you are one of those people, it may be time to reconsider how much trust you place in that system. The methods that I described in this post should help restore most of the trust you may have taken for granted in the past. Still, if I can get a handful of you to start digitally signing your emails when I’m through, I will consider that a victory.

Now that I spent almost this entire post talking about strange things like digital signatures and encryption keys, you might be fairly confused. Before things get any more technical, I wanted to help you understand why we use these things and how they work on a basic level. In my next installment in this series, I’ll discuss some of the theory behind public-key cryptography and how it’s used to create an extra layer of security on top of email by establishing your true electronic identity. In the future, I’ll also cover how to obtain or create an encryption key and how to use it. Then you’ll truly be on the road to secure messaging!

One of my friends has the following “signature” attached to all his outgoing emails:

The materials in this message are private and may contain Protected Healthcare Information. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.

I’ve seen messages like this many, many times, and I feel like they really highlight a major problem with email. This message is like someone putting a sign outside of a window that says “Warning: You are not allowed to look in this window, and if you do, forget what you see immediately.” Does that message do any good at all? It almost makes you want to look in the window more, doesn’t it?

The following is the first post in a series entitled, “Securing your Email.” I’ll start the series by highlighting the dangers of insecure email and why this topic is important. Once I’ve got you convinced that every email you’ve ever read is a fraud, I’ll use the rest of the series to outline many different options you have to address the problems.

In case you are unaware, email is an inherently insecure form of communication. If you don’t know a lot about how web servers and the Internet work, that might not be terribly intuitive, so let’s start off with a pretty good analogy. Let’s pretend there’s no such thing as email. You work from home, and you need to send your boss a fairly important message with some sensitive information in it. It’s brief, so you just grab a pencil and jot your thoughts down on the back of a postcard and stick it out in your mailbox by the curb for the postal carrier to pick up. Pretty soon afterwards the message gets picked up, and it makes its way through various post offices and into your boss’s mailbox a while later.

Ignoring how slow things went, that still probably sounds like a pretty dumb way to send an important message. Unfortunately, it’s a pretty good description of how email works. To get a better picture of why it’s dumb, let’s examine some of the security flaws present in a system like the one described above. First, you left the message in your mailbox unattended. Anyone walking down the street could just open up the box and read what you wrote. Considering the message contains sensitive information, you probably don’t want just anyone to read it. More importantly, if the person had a pencil they could easily erase what you wrote and replace it with something else.

You also place an inherent trust in the postal system. If the message you’re sending truly contains sensitive information, you need to have it available in a form that only the intended recipient can read. Then, even if someone steals your letter, at least you won’t have to worry about private information getting out.

Finally, once your boss receives the message, there is no way for him or her to verify that you actually wrote it. Did the person who opened your mailbox change what you wrote? Did someone from a competing company send your boss false information under your name? The information is highly suspect unless your boss can verify that you were the original author and that the message hasn’t been altered since you sent it.

If you’ve made it this far, you may be asking yourself whether any of this is even relevant to you. Maybe you don’t make it a habit of emailing people sensitive information, but I would bet that you’re mistaken. A lot of seemingly harmless information in the wrong hands could be used to do a lot of damage. Plus,what if a criminal tried to impersonate you for their own gain? Don’t your friends and colleagues deserve to know that you actually wrote the words they’re reading? The same applies to emails you receive from your friends and colleagues. Maybe you don’t think that anyone would ever waste their time reading, copying or altering your private emails. There are a lot of good reasons why criminals would want to do this, however. The most obvious would be to make money at your expense. Plus, some of these security flaws could be used to get you into a lot of trouble at work. Is that something you want to risk?

The rest of the posts in this series will outline both simple and more complicated steps you can take to secure your email. Since my original reason for these posts was to address email security for health care providers, I’ll include a post that demonstrates how the health care community could begin implementing more secure email today. Hopefully this analogy has taught you something about the emails you read every day. Check out the rest of the entries in the days to come, and leave comments if you have questions or think I’m wrong about something!