Internet and Secure Messaging

Basit Hussain August 7, 1997

article explores today's most recent and most economical
communication medium, that also works faster than most of the message
transmission systems. We are, of course, talking about the Internet. However,
there is always a catch and this case is no exception. In its current form,
this medium lacks the privacy and the security that its users would like it to
possess. The focus of this paper is to identify the important characteristics
that would serve as a pre-requisite for securing this transport.

1. Introduction

The traditional Internet was mostly associated with educational and research
work. Some of most widely used services involved electronic mail, file transfer
and remote login. Only a limited number of users accessed the Internet and knew
how to access it. A few years ago, the Internet was provided a Graphical User's
Interface that made the information access and navigation process far more
easier. At that point its utility as a business tool also came to light and a
mad rush ensued to get one's presence felt on the Internet (now also known as
the World Wide Web).

Although the presence on the Internet provided a very convenient method to
reach a lot more people, it also opened up the businesses to new types of
hazards. One's trade secrets and the information flowing in and out of a
company's web site were now exposed to break-ins, eavesdropping and tampering.
This gave birth to new markets and new technologies. The first concern was to
secure the web sites, which was achieved by placing firewalls at the junction
to the Internet and making sure that only certain type of data traffic was let
in. The second objective was to ensure that the information sent out on the
Internet was protected against tampering and eavesdropping. A great deal of
research work was put into this in order to define the objectives required for
secure communications. We'll look at some of these issues in the next section.
Some of the solutions commercially in use nowadays are presented in the third
section.

2. The elements needed for security

Security can be defined as a means for ensuring that the smooth operation of a
system is not compromised due to unauthorized tampering. A global set of
standards for security implementation is very hard to define and hence does not
exist. Therefore, security standards and practices are usually defined within
the scope of an organization. One such standard that has received widespread
support is the Orange Book from the United States Department of Defense
[1]. It explains a criteria called C2 that has become a de facto standard for
implementing commercial level security. The C2 security criteria is based on
the four principles briefly explained below:

1. Security Policy: This principle dictates that an explicit and
well-defined security policy should be enforced by the system. This policy
should define a set of rules that explain when a certain subject would be
permitted to access a certain object.

2. Accountability: A detailed audit trail should be maintained regarding
the access to the objects affecting the system security. This allows any
actions to be traced back to the responsible party.

3. Assurance: This principle states that the system (including the
operating system) should possess sufficient features that allow it's
independent evaluation (testing) that it enforces the security principles.

4. Documentation: Adequate documentation should be provided to reflect
the manufacturer's philosophy of protection and how that philosophy can be used
to build a secure environment.

In order to provide compliance with the security standards, it is important to
understand the issues that can cause possible breach of security. Some key
elements of the security process are described next. A complete discussion of
these concepts is beyond the scope of this paper. The user is referred to the
references at the end for this purpose.

2.1. Authentication

Authentication deals with verifying the identity of a person. It is one of the
most crucial elements of security, if not the most crucial. Its importance can
be considered analogous to the importance associated with identifying a person
that you would allow inside your abode. Authentication can be based on one of
three factors (a) what you are (b) what you have and (c) what you know. The
what you are postulate deals with identifying the person based on his or
her physical attributes e.g., retina scans or finger prints. The what you
have type of authentication is based on the person possessing an object
like a key or a card. The what you know type of authentication is based
on some knowledge that the person might possess, e.g., a password. The first
type is obviously the most robust, but the complexity associated with
implementing that type of authentication has made its utility limited in the
Internet circles. The other two are easier to implement but not quite as secure
as that type of information is susceptible to theft or eavesdropping. A
workable solution is a combination of the two. An example is an ATM card that
requires that you possess the card and also know the PIN number associated with
it.

2.2. Authorization

Contrary to popular belief, authorization is quite different from
authentication. Authorization deals with defining the level of information that
has to be made available to a person after the authentication process has been
passed. It also deals with the actions allowed to the person regarding the
manipulation of that information. One example is the access control lists that
are built into the operating systems. The person is authenticated through a
login procedure and his authorization level is defined by the ACLs associated
with the file objects.

2.3. Integrity

Integrity of the data deals with assuring that it was not tampered with during
the transport. Hence the integrity mechanism assures that the data received is
exactly the same as the data transmitted from its source. This factor is
accomplished by using one way functions that provide a unique hash for that
data. If the data is modified by a malicious person while it is in transit, the
one way function is not valid anymore. It is, of course, possible for the
malicious person to re-compute and modify the hash value as well. A solution
for such a situation is described later on.

2.4. Reliability

This is an extension of the integrity principle. Reliability assures that the
data always remain available in its true form, no matter when it was
transmitted received.

2.5. Privacy

The privacy factor protects the data from "prying eyes." The most probable
occurrence of such an event can be associated with the time when the data is in
transit. It can also happen when the data resides on a storage media like a
hard disk. A number of attacks exist against data privacy. One good source that
explains these attacks is [2]. Privacy is achieved by using data encryption
algorithms. Some of the popular encryption algorithms include DES, RC4 and
RC5.

2.6. Non-repudiation

This is one of the harder problems to solve. Non-repudiation deals with
assuring that any action carried out by a person cannot be denied in the
future. Hence a person receiving data cannot deny the receipt and a person
sending data cannot deny that she sent the data. This problem is solved by
combining a sufficient amount of information associated with a person's
identity with any transaction. One such information is the person's digital
signature (see section 3.1).

2.7. Denial of service

Denial of service means that the data becomes unavailable for some reason. Thus
legitimate users cannot access it for the purpose that it was intended for.
This can happen for a number reasons that include flooding a web site with
bogus requests and bringing it down.

3. Security Solutions

As explained above, a lot of things can go wrong if you venture into the
Internet jungle. This has provided the theorists (and the practitioners) to
build solutions against the possible hazards. Some of these solutions are
presented below. These solutions are a combination of certain security
technologies including symmetric key cryptography, asymmetric key cryptography,
one way functions and digital signatures. Definitions of these terms are
provided in the section below.

3.1. PKC from RSA

PKC stands for Public Key Cryptography, sometimes also known as asymmetric key
cryptography. One of the leading companies in this area is RSA [3]. A
traditional method for achieving data privacy (while it is in transit or placed
on a storage media) is by encrypting it. Encryption usually requires a
symmetric key that is used to both encrypt and decrypt the data. Such keys can
vary in length from 40 bytes to as long as 1024 bytes. Normally, 128 bytes is
considered to be quite secure.

The problem with this approach resides with the transportation of the
encryption key that has to be provided at the destination. The key must be
transported through another secure medium that makes the approach less
workable. Public key cryptography solves this problem by providing two keys, a
private key and a public key. The keys are a matched pair. Any data encrypted
by the public key can only be decrypted by the corresponding private key. The
parties involved in the data transfer freely publish their public keys that are
available to anyone who wishes to send them data. This data can be decrypted at
the destination using the private key that may never transmitted across the
Internet.

A rudimentary solution for non-repudiation can also be provided here. A hash of
the document is created by using a one way function and then signed by the
sender's private key. This constitutes a digital signature by the sender. The
signature can be verified at the other end by using the sender's public key and
comparing the hash value thus obtained with the actual computed hash of the
data. A match of the two values implies data integrity and authentication of
the source.

3.2. PGP

Although Public Key Cryptography solves the key transportation problem, it
introduces one of its own. The performance of PKC is quite slow and encrypting
large amounts of data can take a while. One solution was provided by PGP [4].
Although PGP provides a number of services, one of its services is the merger
of the symmetric and public key cryptography technologies.

The data is encrypted using a random encryption key with a symmetric key
encryption algorithm. The encryption key is encrypted using PKC with the
recipient's public key. Since the encryption key is small, the operation does
not cause much overhead. The two are sent together to the destination. The
receiver decrypts the encryption key using his private key. The decrypted key
thus obtained is used to decrypt the data.

3.3. Digital Certificates

Although PGP and PKC solve the privacy problem, the authentication problem
still exists. How do we assure that the data indeed came from the person who
claims she sent it? Although digital signatures solve the problem to some
extent, the possibility that a person published a fake public key is still
there. One solution is to use a "Trusted Third Party," that verifies that the
person is indeed the person who she claims to be. One such trusted third party
is Verisign [5], that issues digital certificates. These certificates contain a
person's public information like name, address and his public key duly signed
by Verisign. This operation can be considered to be a proof of the person's
authentication. Details of the certificates are beyond the scope of this paper.
The interested reader is referred to the Verisign site and the X.509 standard
from ITU.

3.4. SSL

SSL stands for Secure Sockets Layer. It is a new Internet protocol [6] from
Netscape that is turning into a de facto standard for secure transmission. It
provides one way authentication (optionally two-way) between the communicating
parties. It also provides data integrity and privacy using encryption during
the transmission. However, it does not provide non-repudiation as it has no
knowledge of the persons using it. That is left up to the application level
protocols. SSL does cause a performance penalty, as the transmission is much
slower than the regular TCP/IP transmission.

4. Conclusions

This paper provides a primer on the issues related with messaging over the
Internet. Specific issues may or may not be important to individuals or
institutions depending upon their intended use of the Internet as a transport
for their information. Solutions to some of these problems are also discussed.
One freely available solution can be downloaded from the PGP web site [4].
Internet and Web security is still in its infancy and requires a lot of work in
standardization. Hence it provides good research and commercial opportunities.

References

1. Frederic J. Cooper et al., "Implementing Internet Security," New
Riders Publishing, 1995.

2. Bruce Schneier, "Applied Cryptography," John Wiley and Sons, 1996.

3. http://www.rsa.com

4. http://www.pgp.com

5. http://www.verisign.com

6. http://www.netscape.com< br>

Times viewed:5141 interact read comments 0