Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Email 3.0: The Next Generation
SECURITY SHELF

Email 3.0: The Next Generation 

Email has four basic use cases: notifications, discussions, file transfer, and electronic filing. However, SMTP, POP3, and IMAP were not designed to be secure and attempts to add security have been only marginally successful.

Notifications and discussions are not unique to email. This functionality is also provided by SMS, various instant messengers (IM), and social media sites. Sending small files such as photos and documents via email is convenient although many other file transfer services exist. However, we prefer email because our inbox has become an electronic filing cabinet. A good email system allows us to quickly find the receipt for the computer we bought a few years ago, directions to our uncle’s new home, and information for our latest project all in one place. For most people, the main uses of email are to aggregate, store, search, and retrieve information. As legacy email and IM are likely to exist for some time, Email 3.0 must be extensible and capable of handling multiple messaging protocols; this is where email and IM converge.

Email 3.0 must address four technical security challenges: content confidentiality, content integrity, sender authentication, and metadata confidentiality.

Existing encryption protocols such as S/MIME and PGP are capable of addressing the first three challenges through encryption and digital signatures. While available since the early 1990s, these protocols have not been widely adopted because they are too difficult for most users. They are also extremely difficult to implement in a web browser without the service provider being able to intercept plain-text messages. To succeed, Email 3.0 must make encryption mandatory and easy to use, with perhaps an exception for communicating with legacy email users. Keys must be possessed only by end users and must not be accessible to service providers.

Metadata confidentiality is the most difficult technical challenge for Email 3.0. Even when an email body is encrypted, information about the sender, recipient, and subject are exposed. While some people might not care, this envelope information allows anyone who can observe email traffic to gain insight into email patterns and the relationships they reveal. While the use of MTA-to-MTA TLS can protect this information, the majority of Internet sites do not use it and weaknesses in DNS and SSL certificate security models make it easy for a sophisticated attacker to defeat.

Today email is delivered to a server on a per-domain (or subdomain) basis. The identity of the sender and recipient(s) could be encrypted and made accessible only to the destination MTA. However, if Email 3.0 adopts a peer-to-peer approach (as opposed to storing email on a server for later retrieval) the architecture must take into account that other endpoint applications may leak information about the source or destination. For example, if a sophisticated attacker monitors a user logging into Facebook with their email address, and the same IP address subsequently sends an encrypted message, it’s easy to deduce their identity. Depending on the encryption protocol, it may also be possible to identify other messages sent by the same individual.

Email 3.0 also faces significant business and political challenges. It should not be necessary to log in to a dozen web sites each month to download financial statements and utility bills. Email 3.0 should have them delivered to our electronic mailboxes just as they used to appear in our physical mailboxes. For this to occur, businesses must see benefit in doing so and be confident that Email 3.0 provides an acceptable level of security. Business adoption of Email 3.0 will not be driven by fears of big brother. Names like “Dark Mail” will not attract corporate support. Businesses must instead be shown benefits such as cost reduction, customer satisfaction, and enabling new services. For example, the financial industry is still struggling to properly authenticate customers online. If Email 3.0 delivers a strong cryptographic authentication mechanism it has the potential to help authenticate customers to banking systems. It could also improve how financial institutions communicate with their customers.

On the political front, many governments will object to secure messaging and seek to overtly and covertly undermine the system. To overcome this challenge, and prevent governments from forcing developers and service providers to build in backdoors, all protocols must be open source and unencumbered by patents. In other words, anyone who wants to build their own Email 3.0 compatible system must have access to the required technical information and not have to pay licensing fees. Ensuring a choice of vendors is our best defence against political interference.

The next generation of email is full of possibilities and fraught with risk. Stay tuned.

Related posts