|
e-mail safe from prying eyes'' ACN 099 947 056 |
Security features ...
Security is only as strong as the weakest link in the chain. The Unicrypt Secure E-mail Server applies security to all facets of e-mail communication, preventing eavesdropping, forgery, and spamming wherever possible. Encrypted e-mail protocols such as PGP and S/MIME make use of digital certificates. These certificates have two components - a public one and a secret one. The public component, which is made widely available, can be used to encrypt messages and verify digital signatures. The secret component, which the user reveals to nobody, is used to decrypt and digitally sign messages. However, setting up digital certificates is not something that can be carried out by a typical end-user. It requires specialized technical knowledge, and can be fairly time-consuming. In addition, to make the public component of a certificate as widely known as possible, it should be registered with public key servers, such as MIT's PGP key server at http://pgp.mit.edu The Unicrypt server automatically generates a PGP and S/MIME certificate for each user, and registers the PGP certificate with the MIT server. The S/MIME certificate is registered with a built-in key server, which can be remotely queried via the industry-standard LDAP protocol. And because the secret component of the certificates are stored securely on the server, users can send and receive e-mail securely from any machine in the world - unlike other products, which install certificates on the user's desktop, thus tying them to that particular machine. An e-mail's journey begins when it is composed and sent by a user. Its first port of call is a server, which looks at the list of recipients and sends the message across the internet to each of them. At the receiving end, the message is stored on another server until the recipient downloads and reads it. When a message is submitted to the first server, there are two main security issues. The first is that an eavesdropper might intercept the message while it is being sent. The second is that the message might be submitted by an unauthorized user and used for unsolicited bulk e-mail, or spam. Because messages are usually submitted to a server over a local area network, or through a modem, the risk of eavesdropping is fairly small. However, the increasing use of wireless protocols, such as 802.11b, makes eavesdropping much easier. To remove this possibility, the Unicrypt server supports the SSL extension to the SMTP protocol, which causes the connection to be encrypted. Although most e-mail servers theoretically support SSL, it is only enabled if the system administrator goes to the effort of obtaining and installing a digital certificate - which almost never happens. A Unicrypt server will always have have a valid digital certificate installed. To prevent spammers from hijacking a server, they are usually configured to only accept e-mail submitted from particular IP addresses. For example, a corporate server will only accept messages from the local area network, or an ISP will only accept messages from their dial-up lines. This is a major inconvenience for users who move around, but is a fundamental limitation of the SMTP protocol, which doesn't handle password authentication. The Unicrypt server solves this problem by using prior POP3 or IMAP connections - which do handle password authentication - to determine that a user is located at a particular IP address. Messages submitted by that user from that address, which can be anywhere in the world, will then be accepted. This feature, unique to Unicrypt, allows users to send e-mail through their usual server from anywhere in the world, while keeping out spammers. Sending messages across the internet When a message travels across the internet it goes through any number of public networks and servers, and could in theory be intercepted on any of them. For example, it is known that the Echelon programme, run by the intelligence agencies of the US, UK, Canada, Australia, and New Zealand, routinely scans e-mail communications sent by satellite. The Unicrypt server attempts to prevent eavesdropping through the use of encryption. Firstly, when sending e-mail to a recipient's server, it will use the SSL extension to SMTP if the other server supports it. However, this is not sufficient, because the connection may not be encrypted if the message is forwarded on to another server, nor will the message be encrypted when it arrives on the recipient's server and waits to be downloaded. The only way to guarantee that a message can only be read by its intended recipient is to encrypt it using a protocol such as PGP or S/MIME. But for this to happen, the recipient must be equipped to decrypt such messages, and the sender needs a copy of their digital certificate. To maximize the chance of this happening, Unicrypt supports both PGP and S/MIME, and is the only product to do so. In addition, Unicrypt automates the process of obtaining the recipient's digital certificate, if it exists. Before sending a message across the internet, the Unicrypt server first checks its internal address book to see if it has a copy of the recipient's certificate. The certificate may be known because of a previous search, or because a digitally-signed e-mail was received from the user some time in the past, and the certificate would have been extracted from the signature. If the certificate is not known, Unicrypt automatically searches MIT's key server for a PGP certificate, and Verisign's key server for an S/MIME certificate. It will also check to see if there is a key server running on the recipient's machine, and if so query it for an S/MIME certificate. If a certificate is found, the message will be encrypted. Whether a certificate is found or not, the message will also be digitally signed so that the recipient can be sure the message hasn't been forged or modified in transit. Another benefit of digitally signing the message is that the recipient will get a copy of the sender's certificate, which they can then use to encrypt their response. S/MIME encryption is supported by most commercial e-mail applications, such as Outlook, Eudora, and Netscape Communicator, so most users will be able to take advantage of this. Incoming messages suffer from the same eavesdropping risks as outgoing ones, and the solution is the same, namely SSL-encrypted SMTP. However, an even greater risk occurs while they reside on the server waiting to be downloaded by the recipient. They can be read by curious co-workers, hackers who manage to break in to the server, and anyone with access to backup tapes. The Unicrypt server protects incoming messages by encrypting them before writing them to disk. They are encrypted in such a way that only the intended recipient can decrypt them, so they will be safe even if they fall into the wrong hands. However, a complicating factor is that organizations often need to be able to read their employees' e-mail, for example to deal with departing employees, forgotten passwords, or subpoenas. On the other hand, employers also have to respect workplace privacy laws, which vary from jurisdiction to jurisdiction. Unicrypt solves these problems by giving a system administrator the option of setting up a master recovery key, which has the power to change a user's password to a specified value. This allows a system administrator to gain access to a user's e-mail, but not do it covertly, since the user will notice that their password has been changed - and there is no way for the system administrator to secretly change it back because they don't know it's original value. Downloading messages from the server When a user downloads their e-mail from a server, there is a chance that an eavesdropper will be listening. Fortunately, there are SSL-encrypted variants of the POP3 and IMAP protocols which will prevent such eavesdropping, and these variants are both supported by the Unicrypt server. Another security risk with downloading e-mail is that they might be infected with a virus. Although the best solution is to install a virus scanner on the user's desktop machine, Unicrypt works with most third-party commercial virus scanners to scan messages and remove viruses. Because encrypted messages cannot be virus scanned, the scanning only occurs at the point where they are decrypted, i.e. when the user downloads them. One beneficial side-effect of scanning messages when they are downloaded rather than when they first arrive, is that it gives the anti-virus software more time to be upgraded, thus increasing the chance that a virus will be detected. Viruses are only successful if they can spread faster than the anti-virus updates, and their lead time is often only a few hours. By delaying the scan until the last possible moment many more viruses will be caught. |