Fiskerstrand - Sending Emails The Safe Way

Talking to an acquaintance on the phone, it is generally easy to know whether you're talking to the one you expected. This is however not necessarily as easy when sending an email. As a result the credibility of email messages in general is lower and implicitly many would rather talk to someone one the phone over sending an email, despite email's advantages for efficient communication. And there are many advantages: Email is an asymmetrical form of communication which doesn't require the other party to be present at the exact time you yourself have the time for it. It gives both the sender and the recipient time to properly formulate the communique in an unambiguous way, as well as do the necessary research for the information contained to be as accurate as possible. Our focus here will however be on another aspect: Emails enables the possibility of secure communication. There is an old proverb stating: There is no use closing the door, once the horse has left the barn . Sadly many ignore any security considerations, often on a basis of claiming it too difficult of a concept to grasp. This excuse is often used until, and sometimes even after, the issue is overdue escalation. It is about time for this to change. Since you are already reading this book I hope you don't do so because you just had a security breach, or if you do; I urge you to inform others of your reasoning in order to help them be pro-active in protecting their privacy and their data and hope that the results in your own case did not lead to any permanent ramifications. Because security is usually considered a secondary, or even tertian need, it increases the difficulty of educating people. We do not generally sit down in front of our computer wanting to manage our security. Rather we want to send emails, browse web pages, download software, and we want security in place to protect us while we do these things. A paper written in 1998 named Usability of Security: A Case Study by Alma Whitte and J.D. Tygar, where they call this element the unmotivated user property discusses this. It follows up by defining the abstraction property which states Computer security management often involves security policies, which are systems of abstract rules for deciding whether to grant accesses to resources. The creation and management of such rules is an activity that programmers take for granted, but which may be alien and unintuitive to many members of the wider user population.

Combining the effect of the abstraction property and the unmotivated user property can give scary results. The general user will not understand the basis for the policies put forth in security applications without education, but at the same time, the general user is not to be expected to be interested in learning about security.

This book is logically divided into two. A great deal of the content is a generic introduction to digital signatures and encryption on a general basis. The rest will, however be quite practical. Hopefully both parts are useful to you.

Bruce Schneier is often quoted with an expression stating: Security is a process, not a product . Hopefully this book can help you gaining both interest and knowledge into the process of securing your email communication as well as your data, and help you increase the credibility of emails, by sending emails the safe way.

Data/Content that can be read and understood without any special measures is called plaintext , or cleartext . When you go through the encryption process you get ciphertext as output, data that can appear garbled and has to be decrypted before it once again can be read as cleartext. Cryptography is the science of using mathematics to encrypt and decrypt data. It enables you to store sensitive information or transmit it across insecure channels (like the Internet) so that it cannot be read by anyone except the intended recipients. While cryptography is the science of securing data, cryptanalysis is the science of analysing and breaking secure communication. Classical cryptanalysis involves a combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination and luck. Cryptology covers both cryptography and cryptanalysis. Lets start off by a simple question: Do you write down sensitive data on the back of a postcard? If the answer is no and I hope it is, why not? Because you know, that anyone dealing with the mail under ways; postal workers, the delivery guy, or anyone peaking in your mailbox, can read it. The same goes for e-mail, except then it's done electronically in a matter of seconds. Why do you put mail in an envelope? Breaking a sealed envelope is a felony in most countries, and as such it adds a level of judicial protection to the content in addition to making it more difficult to read. The solution for putting emails in an envelope is even harder to break through, but not necessarily more difficult to apply; it is called encryption.