Signed, Sealed and Delivered How the emphasis on “encrypting” mail has hurt the cause of security, and what to do about it. Simson L. Garfinkel MIT Computer Science and Artificial Intelligence Laboratory
Security 101 Internet is not “secure” “ is like a postcard” --- anybody can read it People can forge with your name on it. Encryption is the only protection for .
PGP: Pretty Good Privacy (1992) “ encryption for everybody” Protects private from government snoops “Web of Trust” Many books written Fringe activity web of trust Phil Zimmermann
S/MIME: Secure Mail, Circa 1998 RSA Data Security promotes “S/MIME” standard. Certificate-based identification S/MIME incorporated into: Microsoft Outlook Express Microsoft Outlook Lotus Notes CN: Simson L. Garfinkel DN: CN: Marian Garfinkel DN:
1999: Security Mess #1 PGP not compatible with S/MIME Ongoing legal battles between PGP & RSADSI Plug-ins add to confusion ProductPGPS/MIME Eudora Lotus Notes ** Microsoft Outlook * Microsoft Outlook Express * Netscape Messenger *
1999: Security Mess #2 Usability must be to blame! PGP is hard to use… “Why Johnny Can’t Encrypt.” Alma Whitten & D. Tygar, Usenix Security, 1999 S/MIME is easy, but you need a certificate, and getting a certificate is hard… Whitten Tygar
Security Today 16 years since the release of PGP Most Internet mail is not encrypted but… For many people, is nevertheless “secure.”
What is Security Anyway? For the academic security establishment: “Secure” was synonymous with “encrypted” (sealed) Reflects longstanding bias of military security objectives ascendancy over commercial objectives. “A comparison of commercial and military computer security models,” Clark & Wilson, Proceedings 1987 IEEE Symposium on Security and Privacy, pp “Secure” doesn’t mean “encrypted!”
Security means… CONFIDENTIALITY -- Others can’t read it INTEGRITY -- Message not modified after SEND AUTHENTICITY -- From: is really sender RELIABILITY -- It really gets there How do we get these today?
Security Today CONFIDENTIALITY If I send mail to I’m pretty sure that nobody else is going to read it… … because I trust AOL … because I trust my ISP and the Internet … because my mail just isn’t that important
Security Today CONFIDENTIALITY If both me and my mother are AOL users, then I only need to trust AOL… … if I don’t trust AOL, then the game is already over (I’m using AOL’s software!)
Security Today CONFIDENTIALITY -- Others can’t read it INTEGRITY -- Message not modified after SEND Mail is rarely modified after it is sent. Crypto guarantees don’t apply to: Quoted material Forwarded messages (unless message forwarded as an attachment.) Few people (if any) seem to realize when their mail is modified, anyway.
No Integrity, no cry
Security means… CONFIDENTIALITY -- Others can’t read it INTEGRITY -- Message not modified after SEND AUTHENTICITY -- From: is really sender Big part of today’s SPAM problem! We don’t really need a certificate hierarchy… … we need to know that this is different than that other
Security means… CONFIDENTIALITY -- Others can’t read it INTEGRITY -- Message not modified after SEND AUTHENTICITY -- From: is really sender Authentic AOL MailInternet Mail Received on AOL
Security means… CONFIDENTIALITY -- Others can’t read it INTEGRITY -- Message not modified after SEND AUTHENTICITY -- From: is really sender RELIABILITY -- It really gets there SPAM filtering is the threat!
Threat Models “Security” is about protecting from specific threats. PGP’s threat model: oppressive governments vs. human rights workers. Web-of-trust protects against infiltration S/MIME’s threat model: Unlicensed implementations & Patent violations Certificate hierarchy promotes centralized control.
Today’s Security Threats SPAM Forged From: addresses SPAM filters block legitimate mail Phishing claiming to be from Citibank directs recipient to website in Russia… Hypothesis: Today’s threats can be solved through digitally-signed mail alone.
What’s Digitally Signed Mail? Mail signed with a secret key.
What’s Digitally Signed Mail? Mail signed with a secret key. Signature verified with a public key.
What’s Digitally Signed Mail? Mail signed with a secret key. Signature verified with a public key. Provides: Proof that the secret key was used. Proof of identity if secret key is signed... Assurance that message wasn’t modified after it was sent. Not needed for today’s threats!
Digital Signatures Today S/MIME support is nearly universal Works great if Certificate Authority is known: Horrible if CA is unknown: Problem: Users can’t make their own certificates; they have to get them.
Plan for Secure 1. Organizations that send should get certificates and send S/MIME-signed mail. 2. Next-generation of S/MIME clients should: Accept all certificates. Report when a certificate changes. (SSH security model.)
Amazon S/MIME Survey I gave a talk about self-signed certificate in January 2004 at Amazon. Unknown to me, Amazon had been sending S/MIME-signed to its European Amazon Marketplace Sellers since June 2003.
Amazon Marketplace VAT Invoice
Research Questions Could people verify the signature? Did people know that the messages were signed? Did people know what a signed message meant? What did people think that the signed message meant? How did receiving a signed message affect their attitudes?
Methodology Web survey posted in Amazon Sellers Forums. 5 web pages; 40 questions total 2 minutes to complete each page Different URLs for Europe vs. America Europe Sellers – had received signed messages from Amazon US Sellers – had not receive signed messages from Amazon
Respondents 1083 sellers clicked on the link 470 submitted the first web page 417 completed all five pages Very educated: 26.1% advanced degree 34.9% college degree Very computer literate: 18% “very sophisticated” computer user 63.7% “comfortable” using computers
Knowledge and Attitudes What do the respondents know?
“What Kinds of Have You Received?” Many knew what they had received. Passive learning about encryption by recipients. AllEuropeUS that was digitally-signed 22% 33%**20%** sealed with encryption 9% 16%*7%* Signed and Sealed 7%10%6% I do not think that I have received messages signed or sealed 37%30%39% I have not received messages signed or sealed 21%23%20% I’m sorry, I don’t understand what you mean by “signed,” “sealed” or “encrypted” 26% 17%*28%* * p < 0.05; ** p < 0.01
More Proof of Passive Learning Practically speaking, is there a difference between digitally-signed mail and sealed mail? Europe: 67%** yes ; 7% no; 25%** don’t know US: 51% yes** ; 7% no; 43%** don’t know Practically speaking, is there a difference between mail that is sealed and mail that is both signed and sealed? Europe: 62%* yes ; 9% no ; 28%** don’t know US: 48%* yes; 8% no; 44%** don’t know
“Savvy” vs. “Green” Savvy are respondents who: Say they have a 1 (“very good”) or 2 understanding of crypto on a 5-point scale (23 & 53 respondents) Say they have received a digitally-signed message (104 respondents) Say they have received a sealed message (39 respondents) Say that they “always” or “sometimes” send digitally-signed message (29 respondents) |Savvy| = 138 |Green| = 279 Savvy vs. Green: 78% vs. 42% on test question (p<.001)
What should be digitally signed? AllSavvyGreen Advertisements17% Questions to online merchants33%26%*36%* Receipts from online merchants59% Personal sent or received at work40% Personal sent or received at home21% Bank or credit-card statement65% Tax returns or complaints to regulators74% newsletters from politicians22% Mail to political leaders voicing opinion38%
What should be sealed? AllSavvyGreen Advertisements3% Questions to online merchants18% Receipts from online merchants47%39%*51%* Personal sent or received at work38%26%***44%*** Personal sent or received at home31%25*34%* Bank or credit-card statement79% Tax returns or complaints to regulators74% newsletters from politicians3% Mail to political leaders voicing opinion15% Europe: 30% US: 51%
Survey Conclusions 1 People feel that different kinds of deserve different kinds of protection. Should be signed: Receipts from online merchants (59%) Tax returns or complaints to regulators (74%) Should be sealed: Bank or credit-card statements (79%) Tax returns or complaints to regulators (74%) Although many security gurus say that personal mail should be sealed and/or signed, Savvy users don’t feel that way.
People Can Receive Signed Mail! 65% had S/MIME-capable mail clients 42% Outlook Express 31% Outlook 10% Netscape Mail 3% Apple Mail The rest use systems that could be trivially modified to display S/MIME signatures 18% AOL 29% Hotmail 43% Yahoo Mail 25% Your organization’s web mail 12% Your ISP’s web mail
… But people don’t know it! “Does your client handle encryption?” + S/MIME- S/MIME Yes34% ***14% *** No5% I don’t know54% *66% * “What’s encryption?”7%**14%** * p <.05; ** p <.01 ; *** p <.001
People have the software; why don’t they use it? “I don’t because I don’t care” “I doubt any of my usual recipients would understand the significance of the signature.” “Never had the need to send these kinds of s.” “I don’t think it’s necessary to encrypt my & frankly it’s just another step & something else I don’t have the time for!”
Receiving vs. Sending Receiving signed mail is easy! You can just receive it! Receiving sealed mail is hard You need a cert! If you lose your cert, you can’t read your old mail! Sending is hard To send signed mail, you need a cert! To send sealed mail, you need the recipient's cert!
The Danger of Receiving Sealed Mail [Delete your cert, you won’t be able to read stored mail.] “Before you read the paragraph above, did you know that you might lose the ability to read mail sealed with encryption after you had received it?” UsersNon-Users Yes56% ***25% *** No40% ***63% *** Don’t know4% *11% * * p <.05; *** p < 0.001
Why don’t people sign mail? Do you send digitally-signed mail? 45% - Never; I don’t know how 19% - Rarely; it is not necessary for my kind of mail 10% - I usually don’t; I don’t care enough to do it 4% - Sometimes 2% - Always 24% - Sorry, I don’t understand what you mean by “digitally-signed”
Why don’t people seal mail? Do you send that is sealed? 17% - Rarely; not necessary for my kind of mail 41% - I don’t; don’t know how 14% - I don’t; afraid recipient won’t be able to read it 8% - Rarely; I just don’t care 6% - No; it’s just too hard 4% - Sometimes 22% - Sorry, don’t know what you mean by “sealed” or “encrypted”
Outlook Bugs A variety of bugs in Microsoft Outlook cause problems with S/MIME-signed mail. Outlook tries to sign replies to signed mail --- even if the user doesn’t have a key! Mail that is signed with an attachment but no text can’t be read. Microsoft must address these problems before we can recommend signing for the masses.
Metaphors for digital signatures 37% - “It’s like signing your name at the bottom of a message” 31% - It’s like putting your fingerprint on the bottom of a message 28% - It’s like having the message notarized 19% - It’s like printing the message on official stationery 8% - It’s like taking a photograph of the message 6% - Other
Conclusions… Signing: Companies like Amazon and eBay should start sending out signed mail today. Although individuals can send signed mail today, there’s little compelling reason to do so. Sealing: The technology still isn’t ready Fortunately, we don’t really need it right now.