Presentation is loading. Please wait.

Presentation is loading. Please wait.

Signed, Sealed and Delivered How the emphasis on “encrypting” mail has hurt the cause of email security, and what to do about it. Simson L. Garfinkel MIT.

Published byMyra Beatrice Lane Modified over 8 years ago

Similar presentations

Presentation on theme: "Signed, Sealed and Delivered How the emphasis on “encrypting” mail has hurt the cause of email security, and what to do about it. Simson L. Garfinkel MIT."— Presentation transcript:

1 Signed, Sealed and Delivered How the emphasis on “encrypting” mail has hurt the cause of email security, and what to do about it. Simson L. Garfinkel MIT Computer Science and Artificial Intelligence Laboratory

2 Email Security 101 Internet email is not “secure” “Email is like a postcard” --- anybody can read it People can forge email with your name on it. Encryption is the only protection for email.

3 PGP: Pretty Good Privacy (1992) “Email encryption for everybody” Protects private email from government snoops “Web of Trust” Many books written Fringe activity web of trust Phil Zimmermann

4 S/MIME: Secure Mail, Circa 1998 RSA Data Security promotes “S/MIME” standard. Certificate-based identification S/MIME incorporated into: Microsoft Outlook Express Microsoft Outlook Lotus Notes CN: Simson L. Garfinkel DN: simsong@acm.org CN: Marian Garfinkel DN: mariang102@aol.com

5 1999: Email Security Mess #1 PGP not compatible with S/MIME Ongoing legal battles between PGP & RSADSI Plug-ins add to confusion ProductPGPS/MIME Eudora Lotus Notes ** Microsoft Outlook * Microsoft Outlook Express * Netscape Messenger *

6 1999: Email Security Mess #2 Usability must be to blame! PGP is hard to use… “Why Johnny Can’t Encrypt.” Alma Whitten & D. Tygar, Usenix Security, 1999 S/MIME is easy, but you need a certificate, and getting a certificate is hard… Whitten Tygar

7 Email Security Today 16 years since the release of PGP Most Internet mail is not encrypted but… For many people, email is nevertheless “secure.”

8 What is Email Security Anyway? For the academic security establishment: “Secure” was synonymous with “encrypted” (sealed) Reflects longstanding bias of military security objectives ascendancy over commercial objectives. “A comparison of commercial and military computer security models,” Clark & Wilson, Proceedings 1987 IEEE Symposium on Security and Privacy, pp. 184-194 “Secure” doesn’t mean “encrypted!”

9 Email Security means… CONFIDENTIALITY -- Others can’t read it INTEGRITY -- Message not modified after SEND AUTHENTICITY -- From: is really sender RELIABILITY -- It really gets there How do we get these today?

10 Email Security Today CONFIDENTIALITY If I send mail to mom@aol.com, I’m pretty sure that nobody else is going to read it… … because I trust AOL … because I trust my ISP and the Internet … because my mail just isn’t that important

11 Email Security Today CONFIDENTIALITY If both me and my mother are AOL users, then I only need to trust AOL… … if I don’t trust AOL, then the game is already over (I’m using AOL’s software!)

12 Email Security Today CONFIDENTIALITY -- Others can’t read it INTEGRITY -- Message not modified after SEND Mail is rarely modified after it is sent. Crypto guarantees don’t apply to: Quoted material Forwarded messages (unless message forwarded as an attachment.) Few people (if any) seem to realize when their mail is modified, anyway.

13 No Integrity, no cry

14 Email Security means… CONFIDENTIALITY -- Others can’t read it INTEGRITY -- Message not modified after SEND AUTHENTICITY -- From: is really sender Big part of today’s SPAM problem! We don’t really need a certificate hierarchy… … we need to know that this simsong@acm.org is different than that other simsong@acm.org!simsong@acm.org

15 Email Security means… CONFIDENTIALITY -- Others can’t read it INTEGRITY -- Message not modified after SEND AUTHENTICITY -- From: is really sender Authentic AOL MailInternet Mail Received on AOL

16 Email Security means… CONFIDENTIALITY -- Others can’t read it INTEGRITY -- Message not modified after SEND AUTHENTICITY -- From: is really sender RELIABILITY -- It really gets there SPAM filtering is the threat!

17 Threat Models “Security” is about protecting from specific threats. PGP’s threat model: oppressive governments vs. human rights workers. Web-of-trust protects against infiltration S/MIME’s threat model: Unlicensed implementations & Patent violations Certificate hierarchy promotes centralized control.

18 Today’s Email Security Threats SPAM Forged From: addresses SPAM filters block legitimate mail Phishing Email claiming to be from Citibank directs recipient to website in Russia… Hypothesis: Today’s email threats can be solved through digitally-signed mail alone.

19 What’s Digitally Signed Mail? Mail signed with a secret key.

20 What’s Digitally Signed Mail? Mail signed with a secret key. Signature verified with a public key.

21 What’s Digitally Signed Mail? Mail signed with a secret key. Signature verified with a public key. Provides: Proof that the secret key was used. Proof of identity if secret key is signed... Assurance that message wasn’t modified after it was sent. Not needed for today’s threats!

22 Digital Signatures Today S/MIME support is nearly universal Works great if Certificate Authority is known: Horrible if CA is unknown: Problem: Users can’t make their own certificates; they have to get them.

23 Plan for Secure Email 1. Organizations that send email should get certificates and send S/MIME-signed mail. 2. Next-generation of S/MIME clients should: Accept all certificates. Report when a certificate changes. (SSH security model.)

24 Amazon S/MIME Survey I gave a talk about self-signed certificate in January 2004 at Amazon. Unknown to me, Amazon had been sending S/MIME-signed email to its European Amazon Marketplace Sellers since June 2003.

25 Amazon Marketplace VAT Invoice

26 Research Questions Could people verify the signature? Did people know that the messages were signed? Did people know what a signed message meant? What did people think that the signed message meant? How did receiving a signed message affect their attitudes?

27 Methodology Web survey posted in Amazon Sellers Forums. 5 web pages; 40 questions total 2 minutes to complete each page Different URLs for Europe vs. America Europe Sellers – had received signed messages from Amazon US Sellers – had not receive signed messages from Amazon

28 Respondents 1083 sellers clicked on the link 470 submitted the first web page 417 completed all five pages Very educated: 26.1% advanced degree 34.9% college degree Very computer literate: 18% “very sophisticated” computer user 63.7% “comfortable” using computers

29 Knowledge and Attitudes What do the respondents know?

30 “What Kinds of Email Have You Received?” Many knew what they had received. Passive learning about encryption by recipients. AllEuropeUS Email that was digitally-signed 22% 33%**20%** Email sealed with encryption 9% 16%*7%* Signed and Sealed 7%10%6% I do not think that I have received messages signed or sealed 37%30%39% I have not received messages signed or sealed 21%23%20% I’m sorry, I don’t understand what you mean by “signed,” “sealed” or “encrypted” 26% 17%*28%* * p < 0.05; ** p < 0.01

31 More Proof of Passive Learning Practically speaking, is there a difference between digitally-signed mail and sealed mail? Europe: 67%** yes ; 7% no; 25%** don’t know US: 51% yes** ; 7% no; 43%** don’t know Practically speaking, is there a difference between mail that is sealed and mail that is both signed and sealed? Europe: 62%* yes ; 9% no ; 28%** don’t know US: 48%* yes; 8% no; 44%** don’t know

32 “Savvy” vs. “Green” Savvy are respondents who: Say they have a 1 (“very good”) or 2 understanding of crypto on a 5-point scale (23 & 53 respondents) Say they have received a digitally-signed message (104 respondents) Say they have received a sealed message (39 respondents) Say that they “always” or “sometimes” send digitally-signed message (29 respondents) |Savvy| = 138 |Green| = 279 Savvy vs. Green: 78% vs. 42% on test question (p<.001)

33 What should be digitally signed? AllSavvyGreen Advertisements17% Questions to online merchants33%26%*36%* Receipts from online merchants59% Personal email sent or received at work40% Personal email sent or received at home21% Bank or credit-card statement65% Tax returns or complaints to regulators74% newsletters from politicians22% Mail to political leaders voicing opinion38%

34 What should be sealed? AllSavvyGreen Advertisements3% Questions to online merchants18% Receipts from online merchants47%39%*51%* Personal email sent or received at work38%26%***44%*** Personal email sent or received at home31%25*34%* Bank or credit-card statement79% Tax returns or complaints to regulators74% newsletters from politicians3% Mail to political leaders voicing opinion15% Europe: 30% US: 51%

35 Survey Conclusions 1 People feel that different kinds of email deserve different kinds of protection. Should be signed: Receipts from online merchants (59%) Tax returns or complaints to regulators (74%) Should be sealed: Bank or credit-card statements (79%) Tax returns or complaints to regulators (74%) Although many security gurus say that personal mail should be sealed and/or signed, Savvy users don’t feel that way.

36 People Can Receive Signed Mail! 65% had S/MIME-capable mail clients 42% Outlook Express 31% Outlook 10% Netscape Mail 3% Apple Mail The rest use systems that could be trivially modified to display S/MIME signatures 18% AOL 29% Hotmail 43% Yahoo Mail 25% Your organization’s web mail 12% Your ISP’s web mail

37 … But people don’t know it! “Does your email client handle encryption?” + S/MIME- S/MIME Yes34% ***14% *** No5% I don’t know54% *66% * “What’s encryption?”7%**14%** * p <.05; ** p <.01 ; *** p <.001

38 People have the software; why don’t they use it? “I don’t because I don’t care” “I doubt any of my usual recipients would understand the significance of the signature.” “Never had the need to send these kinds of emails.” “I don’t think it’s necessary to encrypt my email & frankly it’s just another step & something else I don’t have the time for!”

39 Receiving vs. Sending Receiving signed mail is easy! You can just receive it! Receiving sealed mail is hard You need a cert! If you lose your cert, you can’t read your old mail! Sending is hard To send signed mail, you need a cert! To send sealed mail, you need the recipient's cert!

40 The Danger of Receiving Sealed Mail [Delete your cert, you won’t be able to read stored mail.] “Before you read the paragraph above, did you know that you might lose the ability to read mail sealed with encryption after you had received it?” UsersNon-Users Yes56% ***25% *** No40% ***63% *** Don’t know4% *11% * * p <.05; *** p < 0.001

41 Why don’t people sign mail? Do you send digitally-signed mail? 45% - Never; I don’t know how 19% - Rarely; it is not necessary for my kind of mail 10% - I usually don’t; I don’t care enough to do it 4% - Sometimes 2% - Always 24% - Sorry, I don’t understand what you mean by “digitally-signed”

42 Why don’t people seal mail? Do you send email that is sealed? 17% - Rarely; not necessary for my kind of mail 41% - I don’t; don’t know how 14% - I don’t; afraid recipient won’t be able to read it 8% - Rarely; I just don’t care 6% - No; it’s just too hard 4% - Sometimes 22% - Sorry, don’t know what you mean by “sealed” or “encrypted”

43 Outlook Bugs A variety of bugs in Microsoft Outlook cause problems with S/MIME-signed mail. Outlook tries to sign replies to signed mail --- even if the user doesn’t have a key! Mail that is signed with an attachment but no text can’t be read. Microsoft must address these problems before we can recommend signing for the masses.

44 Metaphors for digital signatures 37% - “It’s like signing your name at the bottom of a message” 31% - It’s like putting your fingerprint on the bottom of a message 28% - It’s like having the message notarized 19% - It’s like printing the message on official stationery 8% - It’s like taking a photograph of the message 6% - Other

45 Conclusions… Signing: Companies like Amazon and eBay should start sending out signed mail today. Although individuals can send signed mail today, there’s little compelling reason to do so. Sealing: The technology still isn’t ready Fortunately, we don’t really need it right now.

Download ppt "Signed, Sealed and Delivered How the emphasis on “encrypting” mail has hurt the cause of email security, and what to do about it. Simson L. Garfinkel MIT."

Similar presentations

With your instructor, Jeremy Hyland

With your instructor, Jeremy Hyland
Internet Online Safety How to have FUN and Stay in Control.

Internet Online Safety How to have FUN and Stay in Control.
Managing Incoming Email Chapter 3 Bit Literacy. Terminology Email client – program which retrieves emails from a mail server, lets you read the mails,

Managing Incoming Chapter 3 Bit Literacy. Terminology client – program which retrieves s from a mail server, lets you read the mails,
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
Caleb Stepanian, Cindy Rogers, Nilesh Patel

Caleb Stepanian, Cindy Rogers, Nilesh Patel
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
CS470, A.SelcukE-mail Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
What do I need to know?.  E-mail  Instant Messages  Social Networking.

What do I need to know?.   Instant Messages  Social Networking.
Spam and E-Mail. Spam Spam is unwanted e-mail usually meant to sell something to the recipient. If a business or organization with which you are affiliated.

Spam and . Spam Spam is unwanted usually meant to sell something to the recipient. If a business or organization with which you are affiliated.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
Emailing Your Grandchildren Pleasures and Pitfalls.

ing Your Grandchildren Pleasures and Pitfalls.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Email By Laura Trawin.

By Laura Trawin.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

Similar presentations

Ads by Google