Email has dramatically increased business productivity over the past decade. Its use has allowed companies and individuals to communicate quickly, reliably, easily and cheaply. However, standard email has generally been lacking in the area of ​​security. It is for this reason that companies should seriously consider implementing secure email strategies. Secure email can benefit businesses by providing confidentiality, integrity, authentication, and non-repudiation.

The confidentiality of secure email is achieved by encrypting the messages that are sent over the Internet. This provides privacy. Encryption also provides integrity by ensuring that the data has not been changed during transit. The use of secret encryption keys ensures that only the owners know and have access to the email, and know the person who sent the email. Also, non-repudiation occurs because the recipient of the message knows who sent the message.

There are several features of secure email that make it a safe way to send data. The first is encryption. Encryption occurs when data is sent along with a key, through multiple mathematical formulas that make the data unreadable. To read the data, the process must be reversed using the appropriate key.

Another feature is the hash function. This function takes the original plain text data of any length and creates a single, fixed-length output. The result of the hash function is known as the message digest. The principle here is that if the input were changed by a single bit, the message digest would be different.

The use of digital signatures is also an important feature of secure email. Digital signatures are made using the hash function. The message is hashed to create a digest of the message. The message is then “signed” by encrypting the message digest with the sender’s private key. This allows the recipient to verify the integrity, authenticity, and non-repudiation of the message.

Digital Certificates are another feature that ensures email security. A digital certificate is a type of official credential/document, such as a driver’s license, that consists of the owner’s public key, information that uniquely identifies the owner, and an endorser’s digital signature, which establishes that the public key in reality belongs to the person in question. The purpose of the digital certificate is to help others verify that the owner of the public key is who they say they are. It is important that the authority that signed the certificate is trusted.

A combination of encryption methods is also a feature that can be used in secure email. PGP (Pretty Good Privacy)/MIME (Multipurpose Internet Mail Extensions) are said to be hybrid cryptosystems because they overcome the shortcomings of both public key and conventional cryptosystems. PGP is an encryption technology that is now the standard for email encryption, and S/MIME was designed to add security to email messages in MIME format by providing authentication through digital signatures and privacy through encryption.

There are several steps that PGP and S/MIME encryption systems take to protect email messages before they are sent. They are: The message is compressed (with PGP only), A session key is created, The message is encrypted using the session key with a symmetric encryption method, The session key is encrypted with an asymmetric encryption method, The encrypted session key and encrypted message are joined and transmitted to the recipient. These same steps are used in reverse order to decrypt the message.

There are several vulnerabilities involved in email communication. Some of the most common are: espionage, phishing and masking, man-in-the-middle attack, session hijacking, data manipulation, malware, social engineering, password guessing, and information leaks.

– The eavesdropping vulnerability is fixed by encrypting email for communications that require confidentiality.

– Phishing and masking are resolved through the use of Digital Certificates issued by a trusted certificate authority that proves to the client/recipient that the sender of an email is who they say they are.

– Man-in-the-middle attack or session hijacking tricks an email server into sending your data via a third note. This is countered by digital data signing, which ensures that both parties authenticate each other. Encrypting emails will also counteract this vulnerability.

– The problem of data tampering can be countered by email encryption, which stops both reading and tampering with email, and digital signatures, which ensure that if data is changed, the recipient will know it.

– Malware is malicious software; viruses, Trojan horses, backdoors, and worms. This is countered by the use of virus filtering software.

– Social engineering uses tricks on people instead of software. This is also fixed by using email encryption and digital signatures.

– The countermeasure against password guessing attack is to choose a strong passphrase for your certificate or key.

– Finally, information leaks can be countered by training users on the acceptable use of email and on the use of an email filtering solution. These countermeasures can also combat the negative and corrosive effects of email spam, hoaxes, and viruses.

In conclusion, standardized email can significantly increase the productivity of your business. Their use can enable you to communicate reliably, easily, and cheaply. Additionally, using secure email can provide you with confidentiality, integrity, authentication, and non-repudiation.

Works Cited
* Boswell, S., Calvert, B., Campbell, P. (2003). Security + Network Security Fundamentals Guide. Boston, Mass.: Thomson Course Technology.
*Roberts, Paul F. (2005). Cloudy future for authentication [online version]. Electronic Week, Vol. 22 Number 27. Retrieved September 3, 2005 from the EBSCO Host Research Database.