Secure Messaging, Part 2: PKI-Enabled Email Security
Novell Cool Solutions: Trench
Digg This -
Posted: 5 Dec 2001
Version: GroupWise 6
E-mail security is a very hot topic for our readers these days. In the wake of the terrorist attacks of September 11, there has been heightened interest how government agencies, corporations, and individuals can protect the confidential and classified information that they share via e-mail. We turned to our new partners at Tovaris to help us explain these complex issues.
Tovaris is our newest secure messaging partner. They are an e-mail privacy and security company located in Charlottesville, VA, and outside Washington, D.C. Their product suite, the Tovaris Secure E-mail Solution (TSES), provides e-mail security capabilities to financial services firms, healthcare providers, and government agencies.
In this second article of a series about e-mail security, we explore the challenges of encrypting and decrypting e-mail messages.
Also in this series:
Criteria for Successful PKI Enabled E-mail Security
Public key encryption offers the best solution for e-mail security. However, because traditional PKI solutions were not designed with e-mail in mind, they are not suitable for e-mail security implementations. Based on analyzing factors that have impeded widespread adoption of secure e-mail, the following five characteristics are required of any successful secure e-mail solution:
A secure e-mail solution should use server-based cryptography, not desktop-based cryptography.
Many secure e-mail systems perform the encryption and decryption of e-mail at the user's desktop. In these systems, e-mail messages are already encrypted when they enter and depart an enterprise's e-mail infrastructure. This encryption makes enterprise level e-mail policy tools such as content filters, virus scanners and anti-spam products impossible to use. No filters can scan encrypted e-mail. Server-based e-mail cryptography, however, makes it possible to filter the e-mail either prior to encrypting it (for outgoing e-mail) or after decrypting it (for incoming e-mail). Thus, corporate level virus scanners and e-mail policy tools can still perform their functions. Desktop-based solutions can also compromise security itself due to such problems as misconfiguration, out-of-date software, expired public keys, and insecure storage of the user's private key. Server-based cryptography minimizes the impact on IT staff. Most IT personnel are overloaded with work just trying to manage the software already installed on their users' desktop and laptop systems. Server-based secure e-mail solutions have a much smaller impact on IT staff resources than desktop/laptop-based systems.
The Tovaris Secure E-mail Solution? uses server-based cryptography and integrates seamlessly into legacy e-mail systems.
A secure e-mail solution should be supported by a distributed, Internet-wide architecture to ensure discovery of valid public keys.
To succeed in protecting e-mail when using public-key cryptography, the digital certificates of all the e-mail users of a system must be readily available. Most secure e-mail solutions offer an intra-enterprise solution for finding and retrieving recipient certificates, but few solutions offer a method to discover the certificates of users at other enterprises. Only a scalable, distributed public key infrastructure (PKI) can make digital certificates easily available between multiple enterprises.
Tovaris enables public key discovery via Tovaris SecureTier?, which has a distributed and highly scalable architecture.
A secure e-mail solution should be based on widely accepted standards. The most widely recognized standard for public key cryptography certificates is known as X.509. Secure Multipurpose Internet Mail Extension (S/MIME) is the Internet standard for encrypting e-mail using X.509 certificates. These two standards should be followed by any secure e-mail system. Proprietary, non-standard solutions cannot support wide-scale adoption of secure e-mail, and they may even compromise security by using revoked or untrustworthy keys. Hence, enterprises that adopt proprietary solutions often find those solutions to be obsolete as standards-based solutions gain market share and market acceptance.
The Tovaris Secure E-mail Solution? is S/MIME and X.509 compliant.
A secure e-mail solution should be transparent to end users.
Most secure e-mail solutions require some amount of end user training. Desktop-based security tools for e-mail are even more complex than the e-mail tools themselves. In many cases, end users have to both find and send digital certificates through manual processes. These are complex and time-consuming tasks for end users. In addition, many systems expect end users to know whether or not their recipients have cryptographic capabilities. Because of these challenges, many companies that implement complex desktop-based secure e-mail systems rarely get past the testing or pilot stages. However, if end users are able send secure e-mail in exactly the same fashion that they send regular e-mail, much less training, if any, is necessary. The ability for users to continue using their existing e-mail programs -- unmodified -- eliminates a major barrier to adoption and use of secure e-mail. This level of transparency is necessary if end users are expected to effectively utilize a secure e-mail solution.
With the Tovaris Secure E-mail Solution?, end users send and receive e-mail just as they always have, but now they do so securely.
A secure e-mail solution should allow end users to send securely to anyone on the Internet.
E-mail messages must be protected, regardless of whether or not the recipients actively use secure e-mail products. If the recipient uses a standards-based secure e-mail product, the sender should be able to take advantage of it. If the recipient does not use a standards-based secure e-mail product, the sender still needs to be able deliver the information securely. The best secure e-mail products provide a way for senders to communicate securely with all recipients, regardless of the recipients' cryptographic capabilities.
The Tovaris Secure E-mail Solution? allows end users to send an encrypted e-mail to anyone with an e-mail address, even recipients with no encryption/decryption system.
Tovaris' Approach to Secure E-mail
For e-mail security to enter the mainstream, vendors must provide an implementation that balances usability, security, extensibility and interoperability. Tovaris believes that implementing PKI-enabled secure e-mail with an eye toward ease of use and implementation, increased scalability, and reduced expense will facilitate widespread adoption of PKI technology, especially within markets that deal with sensitive client and business partner information, such as the financial services and healthcare markets.
By developing a solution that meets the five requirements of the preceding section, Tovaris has overcome the barriers to widespread adoption of secure e-mail. The Tovaris Secure E-mail Solution is comprised of three primary components, Tovaris SecureTier, the PKI backbone of the solution suite, Tovaris SecureMail Server, the network appliance on which e-mail messages are encrypted and decrypted, and Tovaris SecureMessenger, a product bundled into the Tovaris SecureMail Server which enables end users to send an encrypted e-mail to anyone with a valid e-mail address.
Tovaris SecureTier, the PKI backbone of the Tovaris Secure E-mail Solution, is a distributed repository of public keys. SecureTier provides access to the public keys of all Tovaris Secure E-mail Solution users and allows standards-based secure e-mail users from different networks to communicate securely.
A typical PKI uses central database servers with the Lightweight Database Access Protocol (LDAP) for key distribution and for publication of certificate revocation lists. As mentioned earlier in this paper, such a centralized service is not well- matched to the distributed demands of e-mail and can create significant problems with regard to scalability issues, key discovery and key revocation.
In Tovaris SecureTier, public key certificates are stored in a distributed database arranged hierarchically by domain name. Tovaris operates several "root" servers at the top of the hierarchy, along with redundant distributed servers at other levels. These SecureTier servers respond to inquiries for public keys (corresponding to an e-mail address) from Tovaris SecureMail Servers located at enterprise or ISP sites. The hierarchy and protocol used ensure very fast response time with an assured, deterministic answer, providing either the requested key or the fact that the key does not exist for the requested e-mail address. Tovaris' PKI backbone promises quicker adoption of a PKI-enabled secure e-mail by solving fundamental problems associated with traditional PKI architectures, while being both interoperable with and complementary to those traditional PKIs. There are several distinguishing features that come as a direct result of using the Tovaris SecureTier architecture:
- Key Discovery. SecureTier provides a mechanism to obtain the public key certificates for individuals outside of an enterprise. Tovaris uses its new technology in key discovery to enable a transparent user experience.
- Key Revocation. Tovaris has created a system that enables instantaneous revocation and/or suspension of public key certificates. SecureTier provides a single, though distributed, source for both key discovery and key revocation. Users do not need to check RCs or CRLs to know that a certificate is valid.
- Delegation. Every distributed server responds to the questions for its users' keys and acts as a redundant, though subordinate, server for two others. The distributed servers are not single points of failure because multiple Tovaris SecureTier servers exist that can answer the same key queries.
- Hierarchy. Tovaris SecureTier is arranged hierarchically, enabling key discovery and revocation to be accomplished in a rapid and deterministic fashion.
- Caching. All distributed servers, intermediate Tovaris SecureTier servers, and root Tovaris SecureTier servers cache responses to all queries they answer. In a given time frame, the same server will not perform the same query twice. All public certificate entries have an easily configured cache lifetime, and those caches automatically delete expired entries.
- Scalability. Because individual distributed servers share the burden of answering queries for public keys, Tovaris SecureTier servers do not have to be large.
- Security. The data stored on Tovaris SecureTier servers is public, by definition, but Tovaris does need to protect against false data being injected into the system. All key queries are signed cryptographically, and responses to those queries are also digitally signed. The Tovaris Secure Email Solution can both detect and ignore falsified responses to queries for public keys.
- Two-way safe updating. Public keys can either be modified at the Tovaris SecureMail Server level (e.g. a new user is created), or be modified at the Tovaris SecureTier level (e.g. a new endorsement is applied to a public key). In either case, the other components of Tovaris' PKI are notified of the key changes, and the newly modified key is distributed automatically.
Tovaris SecureMail Server
The Tovaris SecureMail Server is an appliance that is collocated with an enterprise e-mail server. The Tovaris appliance serves as an SMTP proxy for the enterprise mail server and transparently encrypts and digitally signs e-mail as it enters or leaves the network. Because of its unique implementation of PKI technology, the Tovaris SecureMail Server can be readily integrated into third party software solutions, such as virus detection, content filtering, and spam prevention. Tovaris SecureMail Server works seamlessly and transparently with legacy e-mail clients, so end users do not need to learn how to use new software in order for them to enjoy the benefits of secure e-mail.
Tovaris SecureMail Server operates with all major delivery and retrieval protocols, relieving e-mail administrators of the burden and expense of installing unfamiliar and expensive systems. Because the Tovaris SecureMail Server securely stores and manages the encryption process ?behind the scenes?, users are not burdened by the cumbersome key generation, distribution, and revocation processes. The Tovaris SecureMail Server is also able to automatically harvest 3 rd party certificates for automatic use in the encryption process. This method of obtaining the public certificates of entities outside the client enterprise maintains the transparent nature of the Tovaris system for end users.
Tovaris SecureMessenger enables secure, encrypted communications between a Tovaris user and any other user on the Internet. SecureMessenger requests a password from the sender if no public key is found for the recipient. The recipient is simply prompted, with the clue, for the password and then presented the e-mail after decryption. This patent pending technology eliminates a significant barrier to widespread adoption of PKI encrypted e-mail. No longer does the recipient need to be part of a PKI in order to receive and respond to secure e-mail. The Tovaris SecureMessenger also provides the sender the opportunity to save a particular password and clue for future use.
Tovaris SecureMessenger bridges the gap between adopters of PKI encrypted e-mail and those who have no e-mail security. Because Tovaris SecureMessenger works in conjunction with SecureTier and Tovaris SecureMail Server, it is able to determine automatically whether the recipient has an associated key pair. Should the recipient migrate to Tovaris SecureTier, Tovaris SecureMessenger ?learns? of this migration and sends the message through the normal Tovaris SecureMail Server.
While traditional PKI solutions successfully offer robust authentication and security, they are impractical for widespread implementation of secure e-mail due to their inability to effect key discovery and key revocation, and remove burdens from the end- user. By focusing its design requirements on ease of use and implementation, increased scalability, interoperability and reduced cost, Tovaris has created the best PKI-enabled encrypted e-mail product for mainstream markets. The Tovaris Secure E-mail Solution is virtually transparent to end users, eliminates costly training and lengthy implementation times, and is easy for system administrators to manage.
Tovaris' solution suite integrates seamlessly into organizations' existing legacy systems, relieving enterprises of the expense of installing and managing unfamiliar systems. Because it is standards compliant, Tovaris' solution suite can extend the capabilities of with traditional PKI systems. Additionally, Tovaris Secure E-mail Solution allows easy integration with server-based content scanning, virus checking and ?spam? filtering solutions, allowing enterprises to effectively control their e-mail policies. Finally, Tovaris' SecureTier PKI solves the basic problems of key revocation and discovery while presenting a lower cost of ownership than traditional PKI.
For more information regarding the Tovaris Secure E-mail Solution, contact Tovaris at1-866-TOVARIS (1-866-868-2747) or visit the company's website at www.tovaris.com.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com