Home » Security Technology and Practice » Message Security

The Five Approaches to Messaging Security-From SIGABA

Submitted by jli on Mon, 2007-09-24 12:25

The Five Approaches to Messaging Security

Q1 2007

Introduction
As businesses continue to rely more on digital communication channels, especially via the Internet, it becomes increasingly important to protect the privacy of communicators. Cryptography, used in securing data, is certainly not a new concept and neither is its application in digital communication. What is a recent phenomenon, however, is the sophisticated requirement criteria imposed on messaging security solutions. This white paper reviews the five most common current approaches to messaging security. While the five approaches discussed here are not the comprehensive list of available solutions, they are the basis for most variations of messaging security solutions available today.

Throughout this document, the term “sender” specifies the entity that initiates the transmission of secure data and it refers to a human user, an application, or both. Similarly, the term “recipient” specifies the entity that is on the other end of the transmission of secure data and it also refers to a human user, an application, or both.

Criteria
The main purpose of messaging security is privacy of data. Achieving this objective on a practical enterprise scale requires strong security, ease-of-use, and wide reach. The following is a list of seven criteria that are essential to realize these three requirements:

Data Encryption
Encryption of data provides protection from unwanted third-party access to the data. This is achieved through proper implementation of an encryption algorithm, such as AES, with strong authentication and access control.

Sender Control
Enterprises are sending internal data to external destinations. The data is owned by the sending organizations. As the owners of the data, the sending organizations reserve the right to determine who, when, and what can be accessed. In addition, the sending organizations must be able to audit the successful delivery and authorized access of the data. Many regulations require that an organization have a record of access to its confidential data.

Ease-of-Use
Ease-of-use up to this point has been the biggest obstacle to successful messaging security system deployment. A successful solution must be easy to use by all affected parties: easy to use by end users, easy to maintain by IT administrators, and easy to implement and deploy by IT developers and system integrators.

Efficiency
A successful messaging security solution must be efficient enough to scale as the needs for the usage grows. This means two things: predictable scalability and economy of scale. The usage statistic must be an accurate proxy to reliably predict the required system sizing. As the number of users grows, the average cost per user should decrease to achieve economy of scale.

Extensibility
A successful messaging security solution must be able to extend the security resource to multiple applications. Confidential data reside and travel through many different applications, including email, instant messaging, and file transfers. The organization must be able to leverage its investment in the messaging security solution for usage for multiple applications.

Expandability
Much of business communication of sensitive data takes place between an organization and its partners, vendors, and key customers. Because daily business requires dynamic changes in business relationships and each organization has its own information security policies, secure communication channels must be easily expandable to other organizations and also be easily modifiable to accommodate changes. This ability to let different authentication systems work together is known as Federated Authentication. A successful messaging security solution must offer this expandability.

Password-based Approach
Password-based approach relies on a shared password between the sender and recipient. In a typical exchange, the sender secures the intended data with a password. The sender then sends the secured data to the recipient. Through a separate means, or “out-of-band” channel, the sender separately sends and shares the password with the recipient. The recipient uses the shared password to open the secured data.

Advantages
Password-based solutions are relatively easy to use in that familiarity of passwords helps appease potential apprehension from end users in using encryption. Password-based solutions are also very simple to develop.

Limitations
For a messaging security solution, its absolute strength of security is measured by its weakest part of the solution. For password-based solutions, the shared password is the weakest link and this makes password-based solutions the least secure approach among the five approaches.

The out-of-band means of delivering the shared password also limits the reach and scalability. As the number of users and traffic of secure communication grow, a reliable and efficient method to deliver the shared passwords becomes a main challenge for an enterprise-caliber deployment.

An Example
The most visible use of the password-based approach is by some retail banks. When a retail bank customer opens a new checking account and requests an ATM card, a retail bank sends the ATM card through postal mail. It also sends the initial PIN for the ATM card under a separate cover. Upon receipt of both the card and PIN, the customer is able to use the ATM card for bank transactions at ATMs.

Public Key-Based Approach
Public key-based approaches are implementation of public key cryptography. Public key cryptography uses a public-private key pair. One party of communication will hold the public key while the corresponding party holds the private key. In a typical exchange, a sender obtains the public key of the recipient. The sender secures the intended data using the recipient’s public key and then sends the secured data to the recipient. The recipient uses the corresponding private key to open the received data.

Public key-based approaches are subjected to the following prerequisites:

  • A sender must obtain a recipient’s public key prior to any data transmission. The management of public and private keys makes up the infrastructure aspect of Public Key Infrastructure (PKI).
  • The strength of the public key based-approach relies on the assumption that a private key is kept secure by the owner of the key.

Advantages
Public key-based approaches are very secure solutions. Under the assumption that private keys are maintained securely, public key cryptography offers a strong encryption option.

Limitations
Public key-based solutions are extremely difficult to use. The burden of managing public and private keys has proven too much to overcome. The cost of maintenance and requirement of end-user behavior change impose too many restrictions for public key-based solutions to gain critical mass for deployment.

A public key-based approach is not scalable. Because each transaction has to be encrypted using individual recipients’ public key, encryption has to happen as many times as the number of recipients. In a high-volume scenario, a one-user increase in the average number of recipients means exponential increase in system resources based on total number of users, making the system sizing difficult to predict.

Users of public key-based approaches can only communicate securely with other users using the same implementation of public-key cryptography. For example, a PGP (Pretty Good Privacy) user can communicate only with other PGP users and cannot communicate with an S/MIME user. In the case of S/MIME, an S/MIME user can communicate with other S/MIME users only if those users use the S/MIME products. This severely limits the solution’s ability to gain wide reach.

PGP-Based Approach
There are currently several available solutions based on public key cryptography. PGP, created in 1991, paved the direction for application of public-key cryptography. Based on PGP, two standards were created: OpenPGP and S/MIME. These two standards make up the two most common public key based approaches.

  • S/MIME – S/MIME is a standard set of specifications for implementation. S/MIME solutions use X.509 digital certificates as public and private key formats. Despite S/MIME being a standard, different implementations of S/MIME are not interoperable. S/MIME capability is readily available in email clients, such as Microsoft Outlook, and web browsers, such as Microsoft Internet Explorer. However, S/MIME has failed to garner enough user adoption to gain critical mass for enterprise-caliber deployment.
  • PGP – PGP is an overloaded term that has several references. PGP can refer to the original PGP methodology developed in 1991 by Phil Zimmermann and the original freeware implementation. PGP is often used to refer to implementations of an industry standard, Open PGP. Finally, it refers to PGP Corporation that offers PGP-based products. For the purpose of this white paper, unless otherwise specified, PGP refers to implementations of the OpenPGP standard.

    A PGP solution differs from S/MIME mainly in its format of keys. In a PGP implementation, the key uses certificates in the original PGP format. Different implementations of PGP are interoperable, meaning a PGP user can communicate with another PGP user regardless of the products they use, granted each product is fully compliant with the PGP standard. PGP also carries a small but loyal following. A handful of PGP users can be found at many organizations. Overall, PGP solutions are easier to use than S/MIME solutions.

Web-Based Approach
Web-based solutions take advantage of the HTTP and Web browsers. Instead of receiving the actual data, a recipient is sent a URL link. When the recipient follows the URL link, the recipient can retrieve the protected data through the Web browser application. Because of the URL link used and the fact that recipients must “pull” data from the server, these solutions are also known as “link-back” or “pull” solutions.

Advantages
Web-based solutions have a capability of wide reach. Because only a URL link needs to be transferred and does not impose on a recipient for additional steps, URL links can typically be communicated to almost any user on the Internet.

Web-based solutions are also easy to use for the end users. Many end-users are familiar with clicking on a URL link and following it through a web browser.
Because data is still stored on the sender’s system, the sender has some control over the data even after it has been accessed by a recipient.

Limitations
Web-based solutions require significant change in user behavior. Regardless of the mode of communication, a recipient must follow a link and access the data via HTTP or HTTPS. This limitation introduces a significant obstacle in user adoption. Web-based solutions rely on SSL for encryption. This provides a moderate level of protection for the data.

An Example
Web-based solutions are currently most used for delivering electronic statements. A credit card company uses a web-based application for its delivery of monthly statements to its customers. A customer receives an email from the credit company with a URL link. The customer clicks on the URL link. After entering his credentials, he is guided to his bill statement for that month in a web browser.

Key-Server Approach
The Sigaba® Advantage
Sigaba took an approach to create a practical messaging security solution. By starting with a holistic view of the problem, Sigaba was able to recognize that the key to a scalable, extensible, expandable, and consequently, a usable solution is to make a security infrastructure. This infrastructure will serve as the “operating system” for baseline authentication and data encryption resources. Just as operating systems enable applications to use system resources, the security “operating system” enables applications to use authentication and encryption resources.

Sigaba’s patented Key Server technology is the basis for this security “operating system.” The main differentiator of Sigaba Key Server from other approaches is that Sigaba Key Server decouples authentication and encryption. This simple distinction by Sigaba Key Server results in satisfaction of all requirements for a messaging security solution.

Data Encryption
Sigaba Key Server is encryption algorithm agnostic--not tied to a specific encryption algorithm. Encryption algorithms are substitutable. Currently, Sigaba offers a default of the AES algorithm.

In addition, Sigaba Key Server is authentication agnostic. This is possible because Sigaba Key Server decouples authentication and encryption resources. Organizations with an existing authentication solution can continue to leverage their investment in the solution. Organizations without a pre-existing authentication solution can choose the one that is appropriate for their business operations.

Sender Control
Sigaba Key Server creates encryption keys on request from the sending user or application. The ownership of the encryption keys is then assigned to the “sender.” The owner has the right to determine and modify when, what, and who has access to the key, and consequently to the data, even after the data leaves the owner’s hands.

Ease-of-Use
For end users, encryption happens behind the scenes. As the basis for security infrastructure, encryption and decryption of data and key management activities are completely transparent.

For IT administrators, Sigaba Key Server leverages existing systems, thus also leverages IT administrators’ familiarity with the existing systems. For IT developers and system integrators, the central source of authentication and encryption resources ensures that the main focus of the development is in the application logic, rather than security logic.

Efficiency
Unlike web-based solutions discussed earlier, Sigaba Key Server does not hold the actual data or message and only manages the encryption key. Because the encryption key size is constant, regardless of data or message size, Sigaba Key Server scales linearly, compared to PKI variation solutions, which scale exponentially. For Sigaba Key Server, the usage statistic, such as number of daily messages, is an accurate proxy for system sizing. This leads to predictable scalability and eventual economies of scale.

Extensibility
Sigaba Key Server is application agnostic. With simple access to its encryption resources, any application can incorporate the encryption mechanism. Sigaba has demonstrated this capability through its Secure Email, Secure Statements, Secure IM, and Secure Messaging for Mobile Devices applications built on a single infrastructure.

Expandability
Sigaba Key Server is authentication agnostic and its decoupling of authentication and encryption allows it to be shared by multiple authentication systems. This is the basis for Federated Authentication. By allowing distributed authentication systems to share one central encryption resource, Sigaba Key Server enables organizations to quickly turn on or off secure communication channels with other organizations.

Conclusion
The five approaches described in this white paper cover comprehensive solutions currently available for messaging security. Each approach has its pluses and minuses. One approach will prove more appropriate than others in a specific scenario. An organization can use the overview presented here to begin researching solutions that are scalable, easy to use, and easy to administer and before investing in a secure messaging solution for its current and future needs.

Post new comment

  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • You may post PHP code. You should include <?php ?> tags.

More information about formatting options