Use of S/MIME technology for securing online communication
by Geetanjali Kulkarni
The threats to communication on public network have increased over the years of advent in Internet communication. Yet individuals and organizations today are ignorant of ways to secure their e-mail communication. The various threats to e-mail communication on public network are:
� Change / modification of e-mail content during transit
� Delivery of e-mails to unauthorized recipients
� Copy of e-mail to unauthorized recipient without the knowledge of the correspondents
� �Phishing� e-mail messages, i.e fraudulent email messages that appear to be authentic that direct the recipients to divulge personal confidential data or direct users to the fake websites that exist for the purpose of stealing usernames and passwords.
� The use of forged �from� address for sending unwanted mails and viruses
These kinds of attacks/ risks can be prevented by the use of S/MIME. S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for Public Key encryption and signing of e-mail encapsulated in MIME. S/MIME uses digital signatures that digitally sign and encrypt the email. The advantages of S/MIME communication are:
1. Authentication: The authenticity of sender of message
2. Message integrity: The data cannot be modified / changed on sending
3. Non-Repudiation of origin: The sender cannot repudiate later
4. Confidentiality: Data is hidden from all those unauthorized to read it
The digitally signed e-mail tends to increase recipients trust in email infrastructure. S/MIME functionality is built into the vast majority of modern e-mail software and interoperates between them. Financial organizations, retailers and other business entities doing business on internet or exchanging confidential information must adopt the practice of digitally-signing their mail to customers with S/MIME signatures using a certificate signed by a widely-published CA�s.
S/MIME uses two X. 509 certificates. The author digitally signs the email with their private key. The message is then cncrypted using recipients public key and sent. When message reaches the recipient the message is decrypted with the recipient�s private key, and the verified usign author�s public key.
One of the reasons S/MIME has not become popular with end users is the lack of awareness of the technology and its benefits. Another barrier in adopting e-mail security techniques has been the deployment of different and mutually incompatible standards for email security like Privacy Enhanced Mail (PEM), Open PGP, and S/MIME. The problem caused by deployment of these competing standards is that there is no guarantee that a signed message will be verifiable by the recipient. The other problem is that signatures or sometimes the original email message itself, appear as indecipherable attachments when email clients having some other MIME-based standard, receive them.
This standardization problem has now been solved by the wide-scale deployment of mail clients implementing the S/MIME standard. Support for S/MIME is built-in to Microsoft Outlook, Outlook Express, Mozilla and Netscape. Moreover, the keys by several popular certification authorities (CAs) are distributed both with these programs and with many popular operating systems. Thus, there is a high likelihood that digitally signed mail, once sent, can be readily verified.
For more information, please visit http://www.elock.com
About The Author
No comments:
Post a Comment