Signed, Sealed and DeliveredSigned, Sealed and Delivered

How the emphasis on “encrypting” mail has hurt the cause of email security, and what to do about it.

Simson L. GarfinkelMIT Computer Science and Artificial Intelligence Laboratory

Email Security 101Email Security 101

Internet email is not “secure”“Email is like a postcard” --- anybody can read itPeople can forge email with your name on it.

Encryption is the only protection for email.

PGP: Pretty Good Privacy (1992)PGP: Pretty Good Privacy (1992)

“Email encryption for everybody”Protects private email from government snoops“Web of Trust”Many books writtenFringe activity

web of trust

Phil Zimmermann

S/MIME: Secure Mail, Circa 1998S/MIME: Secure Mail, Circa 1998

RSA Data Security promotes “S/MIME” standard.Certificate-based identificationS/MIME incorporated into:

Microsoft Outlook ExpressMicrosoft OutlookLotus Notes

CN: Simson L. GarfinkelDN: simsong@acm.org

CN: Marian GarfinkelDN: mariang102@aol.com

1999: Email Security Mess #11999: Email Security Mess #1

PGP not compatible with S/MIMEOngoing legal battles between PGP & RSADSIPlug-ins add to confusion

Product PGP S/MIMEEudora Lotus Notes * *

Microsoft Outlook * Microsoft Outlook Express * Netscape Messenger *

1999: Email Security Mess #21999: Email Security Mess #2

Usability must be to blame!PGP is hard to use…

“Why Johnny Can’t Encrypt.” Alma Whitten & D. Tygar, Usenix Security, 1999

S/MIME is easy, but you need a certificate, and getting a certificate is hard…

Whitten

Tygar

Email Security TodayEmail Security Today

16 years since the release of PGPMost Internet mail is not encrypted

but…

For many people, email is nevertheless “secure.”

What is Email Security Anyway?What is Email Security Anyway?

For the academic security establishment:“Secure” was synonymous with “encrypted” (sealed)Reflects longstanding bias of military security objectives ascendancy over commercial objectives.“A comparison of commercial and military computer security models,” Clark & Wilson, Proceedings 1987 IEEE Symposium on Security and Privacy, pp. 184-194

“Secure” doesn’t mean “encrypted!”

Email Security means…Email Security means…

CONFIDENTIALITY -- Others can’t read it

INTEGRITY -- Message not modified after SEND

AUTHENTICITY -- From: is really sender

RELIABILITY -- It really gets thereHow do we get

these today?

Email Security TodayEmail Security Today

CONFIDENTIALITYIf I send mail to mom@aol.com, I’m pretty sure that nobody else is going to read it…

… because I trust AOL… because I trust my ISP and the Internet… because my mail just isn’t that important

Email Security TodayEmail Security Today

CONFIDENTIALITYIf both me and my mother are AOL users, then I only need to trust AOL…

… if I don’t trust AOL, then the game is already over (I’m using AOL’s software!)

Email Security TodayEmail Security Today

CONFIDENTIALITY -- Others can’t read itINTEGRITY -- Message not modified after SEND

Mail is rarely modified after it is sent.Crypto guarantees don’t apply to:

• Quoted material• Forwarded messages (unless message forwarded as an

attachment.)Few people (if any) seem to realize when their mail is modified, anyway.

No Inte

grity,

no cr

y

Email Security means…Email Security means…

CONFIDENTIALITY -- Others can’t read itINTEGRITY -- Message not modified after SENDAUTHENTICITY -- From: is really sender

Big part of today’s SPAM problem!We don’t really need a certificate hierarchy…… we need to know that this simsong@acm.org is different than that other simsong@acm.org!

Email Security means…Email Security means…

CONFIDENTIALITY -- Others can’t read itINTEGRITY -- Message not modified after SENDAUTHENTICITY -- From: is really sender

Authentic AOL Mail Internet Mail Received on AOL

Email Security means…Email Security means…

CONFIDENTIALITY -- Others can’t read itINTEGRITY -- Message not modified after SENDAUTHENTICITY -- From: is really senderRELIABILITY -- It really gets there

SPAM filtering is the threat!

Threat ModelsThreat Models

“Security” is about protecting from specific threats.PGP’s threat model:

oppressive governments vs. human rights workers.Web-of-trust protects against infiltration

S/MIME’s threat model:Unlicensed implementations & Patent violationsCertificate hierarchy promotes centralized control.

Today’s Email Security ThreatsToday’s Email Security Threats

SPAMForged From: addressesSPAM filters block legitimate mail

PhishingEmail claiming to be from Citibank directs recipient to website in Russia…

Hypothesis: Today’s email threats can be solved through digitally-signed mail alone.

What’s Digitally Signed Mail?What’s Digitally Signed Mail?

Mail signed with a secret key.

What’s Digitally Signed Mail?What’s Digitally Signed Mail?

Mail signed with a secret key.

Signature verified with a public key.

What’s Digitally Signed Mail?What’s Digitally Signed Mail?

Mail signed with a secret key.

Signature verified with a public key.

Provides:Proof that the secret key was used.Proof of identity if secret key is signed...

Assurance that message wasn’t modified after it was sent.

Not needed for today’s threats!

Digital Signatures TodayDigital Signatures Today

S/MIME support is nearly universalWorks great if Certificate Authority is known:

Horrible if CA is unknown:

Problem: Users can’t make their own certificates; they have to get them.

Plan for Secure EmailPlan for Secure Email

1. Organizations that send email should get certificates and send S/MIME-signed mail.

2. Next-generation of S/MIME clients should:Accept all certificates.

Report when a certificate changes.

(SSH security model.)

Amazon S/MIME SurveyAmazon S/MIME Survey

I gave a talk about self-signed certificate in January 2004 at Amazon.Unknown to me, Amazon had been sending S/MIME-signed email to its European Amazon Marketplace Sellers since June 2003.

Amazon Marketplace VAT InvoiceAmazon Marketplace VAT Invoice

Research QuestionsResearch Questions

Could people verify the signature?Did people know that the messages were signed?Did people know what a signed message meant?What did people think that the signed message meant?How did receiving a signed message affect their attitudes?

MethodologyMethodology

Web survey posted in Amazon Sellers Forums. 5 web pages; 40 questions total2 minutes to complete each pageDifferent URLs for Europe vs. America

Europe Sellers – had received signed messages from AmazonUS Sellers – had not receive signed messages from Amazon

RespondentsRespondents

1083 sellers clicked on the link470 submitted the first web page417 completed all five pages

Very educated:26.1% advanced degree34.9% college degree

Very computer literate:18% “very sophisticated” computer user63.7% “comfortable” using computers

Knowledge and AttitudesKnowledge and Attitudes

What do the respondents know?

“What Kinds of Email Have You Received?”“What Kinds of Email Have You Received?”

Many knew what they had received.Passive learning about encryption by recipients.

All Europe USEmail that was digitally-signed 22% 33%** 20%**Email sealed with encryption 9% 16%* 7%*Signed and Sealed 7% 10% 6%I do not think that I have received messages signed or sealed

37% 30% 39%

I have not received messages signed or sealed

21% 23% 20%

I’m sorry, I don’t understand what you mean by “signed,” “sealed” or “encrypted”

26% 17%* 28%*

* p < 0.05; ** p < 0.01

More Proof of Passive LearningMore Proof of Passive Learning

Practically speaking, is there a difference between digitally-signed mail and sealed mail?

Europe: 67%** yes ; 7% no; 25%** don’t knowUS: 51% yes** ; 7% no; 43%** don’t know

Practically speaking, is there a difference between mail that is sealed and mail that is both signed and sealed?

Europe: 62%* yes ; 9% no ; 28%** don’t knowUS: 48%* yes; 8% no; 44%** don’t know

“Savvy” vs. “Green”“Savvy” vs. “Green”

Savvy are respondents who:Say they have a 1 (“very good”) or 2 understanding of crypto on a 5-point scale (23 & 53 respondents)Say they have received a digitally-signed message (104 respondents)Say they have received a sealed message (39 respondents)Say that they “always” or “sometimes” send digitally-signed message (29 respondents)

|Savvy| = 138 |Green| = 279Savvy vs. Green: 78% vs. 42% on test question (p<.001)

What should be digitally signed?What should be digitally signed?

All Savvy GreenAdvertisements 17%

Questions to online merchants 33% 26%* 36%*

Receipts from online merchants 59%

Personal email sent or received at work 40%

Personal email sent or received at home 21%

Bank or credit-card statement 65%

Tax returns or complaints to regulators 74%

newsletters from politicians 22%

Mail to political leaders voicing opinion 38%

What should be sealed?What should be sealed?

All Savvy GreenAdvertisements 3%

Questions to online merchants 18%

Receipts from online merchants 47% 39%* 51%*

Personal email sent or received at work 38% 26%*** 44%***

Personal email sent or received at home 31% 25* 34%*

Bank or credit-card statement 79%

Tax returns or complaints to regulators 74%

newsletters from politicians 3%

Mail to political leaders voicing opinion 15%

Europe: 30%US: 51%

Survey Conclusions 1Survey Conclusions 1

People feel that different kinds of email deserve different kinds of protection. Should be signed:

Receipts from online merchants (59%)Tax returns or complaints to regulators (74%)

Should be sealed:Bank or credit-card statements (79%)Tax returns or complaints to regulators (74%)

Although many security gurus say that personal mail should be sealed and/or signed, Savvy users don’t feel that way.

People Can Receive Signed Mail!People Can Receive Signed Mail!

65% had S/MIME-capable mail clients42% Outlook Express31% Outlook10% Netscape Mail 3% Apple Mail

The rest use systems that could be trivially modified to display S/MIME signatures

18% AOL29% Hotmail43% Yahoo Mail25% Your organization’s web mail12% Your ISP’s web mail

… But people don’t know it!… But people don’t know it!

“Does your email client handle encryption?”

+ S/MIME - S/MIME

Yes 34% *** 14% ***

No 5% 5%

I don’t know 54% * 66% *

“What’s encryption?” 7%** 14%**

* p < .05; ** p < .01 ; *** p < .001

People have the software; why don’t they use it?People have the software; why don’t they use it?

“I don’t because I don’t care”“I doubt any of my usual recipients would understand the significance of the signature.”“Never had the need to send these kinds of emails.”“I don’t think it’s necessary to encrypt my email & frankly it’s just another step & something else I don’t have the time for!”

Receiving vs. Sending Receiving vs. Sending

Receiving signed mail is easy!You can just receive it!

Receiving sealed mail is hardYou need a cert!If you lose your cert, you can’t read your old mail!

Sending is hardTo send signed mail, you need a cert!To send sealed mail, you need the recipient's cert!

The Danger of Receiving Sealed MailThe Danger of Receiving Sealed Mail

[Delete your cert, you won’t be able to read stored mail.]“Before you read the paragraph above, did you know that you might lose the ability to read mail sealed with encryption after you had received it?”

Users Non-UsersYes 56% *** 25% ***No 40% *** 63% ***Don’t know 4% * 11% ** p < .05; *** p < 0.001

Why don’t people sign mail?Why don’t people sign mail?Do you send digitally-signed mail?

45% - Never; I don’t know how19% - Rarely; it is not necessary for my kind of mail10% - I usually don’t; I don’t care enough to do it4% - Sometimes2% - Always

24% - Sorry, I don’t understand what you mean by “digitally-signed”

Why don’t people seal mail?Why don’t people seal mail?

Do you send email that is sealed?17% - Rarely; not necessary for my kind of mail41% - I don’t; don’t know how14% - I don’t; afraid recipient won’t be able to read it8% - Rarely; I just don’t care6% - No; it’s just too hard4% - Sometimes

22% - Sorry, don’t know what you mean by “sealed” or “encrypted”

Outlook BugsOutlook Bugs

A variety of bugs in Microsoft Outlook cause problems with S/MIME-signed mail.

Outlook tries to sign replies to signed mail --- even if the user doesn’t have a key! Mail that is signed with an attachment but no text can’t be read.

Microsoft must address these problems before we can recommend signing for the masses.

Conclusions…Conclusions…

Signing:Companies like Amazon and eBay should start sending out signed mail today.Although individuals can send signed mail today, there’s little compelling reason to do so.

Sealing:The technology still isn’t readyFortunately, we don’t really need it right now.