World Library  
Flag as Inappropriate
Email this Article

Email encryption

Article Id: WHEBN0011008139
Reproduction Date:

Title: Email encryption  
Author: World Heritage Encyclopedia
Language: English
Subject: Email, IMail, Operations security, Dark Mail Alliance, AppRiver
Collection:
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Email encryption

Email encryption is encryption and often authentication of email messages to protect the content from being read by any but the intended recipients. Email encryption has been used by journalists and regular users to protect privacy.[1]

Email encryption can rely on public-key cryptography, in which users can each publish a public key that others can use to encrypt messages to them, while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send.

Encryption protocols

Protocols for email encryption include:

Mail sessions encryption

The STARTTLS SMTP extension is a TLS (SSL) layer on top of the SMTP connection. While it protects traffic from being sniffed during transmission, it is technically not encryption of emails because the content of messages is revealed to, and can therefore be altered by, intermediate email relays. In other words, the encryption takes place between individual SMTP relays, not between the sender and the recipient. When both relays support STARTTLS, it may be used regardless of whether the email's contents are encrypted using another protocol.

STARTTLS is also an extension of IMAP4 and POP3, see RFC 4616.

Demonstrations

The public key infrastructure (PKI) and the use of network security guards checking encrypted content passing in and out of corporate network boundaries to avoid encryption being used to hide malware introduction and information leakage.

Setting up and Using Email Encryption

Email clients such as Mozilla thunderbird provide native support for S/MIME secure email (digital signing and message encryption using certificates). Other encryption options include PGP and GNU Privacy Guard (GnuPG). Free and commercial software and add-ons are available as well, such as Gpg4win or PGP Desktop Email that support the OpenPGP type of encryption.[2][3]

While PGP can protect messages, it can also be hard to use in the correct way. Researchers at Carnegie Mellon University published a paper in 1999 showing that most people couldn’t figure out how to sign and encrypt messages using the current version of PGP.[4] Eight years later, another group of Carnegie Mellon researchers published a follow-up paper saying that, although a newer version of PGP made it easy to decrypt messages, most people still struggled with encrypting and signing messages, finding and verifying other people’s public encryption keys, and sharing their own keys.[5]

Because encryption can be difficult for users, security and compliance managers at companies and government agencies automate the process for employees and executives by using encryption appliances and services that automate encryption. Instead of relying on voluntary cooperation, automated encryption, based on defined policies, takes the decision and the process out of the users' hands. Emails are routed through a gateway appliance that has been configured to ensure compliance with regulatory and security policies. Emails that require it are automatically encrypted and sent.[6]

If the recipient works at an organization that uses the same encryption gateway appliance, emails are automatically decrypted, making the process transparent to the user. Recipients who are not behind an encryption gateway then need to take an extra step, either procuring the public key, or logging into an online portal to retrieve the message.[7][8]

See also

References

  1. ^ Lee, Micah (July 2, 2013). "Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance". Freedom of the Press Foundation. Retrieved 1 May 2014. 
  2. ^ Eric Geier, PCWorld. "How to Encrypt Your Email." Apr 25, 2012. Retrieved May 28, 2014.
  3. ^ Alan Henry, Lifehacker. "How to Encrypt Your Email and Keep Your Conversations Private." Aug 14, 2013. Retrieved May 28, 2014.
  4. ^ Klint Finley, WIRED. "Google’s Revamped Gmail Could Take Encryption Mainstream." Apr 23, 2014. Retrieved June 04, 2014.
  5. ^ In Security and Usability: Designing Secure Systems that People Can Use, eds. L. Cranor and G. Simson. O'Reilly, 2005, pp. 679-702. "Why Johnny Can’t Encrypt."
  6. ^ By Luis Rivera, SC Magazine. "Protecting customer privacy through email encryption." March 11, 2014. July 18, 2014.
  7. ^ By Luis Rivera, SC Magazine. “[1].” March 11, 2014. July 22, 2014.
  8. ^ By Stan Gibson, SearchHealthIT.com. "[2]." April 2010. July 22, 2014.
  • Gaw, Shirley; Felten, Edward W.; Fernandez-Kelly, Patricia. "Secrecy, Flagging, and Paranoia: Adoption Criteria in Encrypted E-Mail | CHI 2006 (Proceedings of ACM SigChi)" (PDF). Cs.princeton.edu. 
  • Kindervag, Stephanie; Balaouras; McKee, Jessica (January 30, 2012). "Killing Data (this report costs 499 dollars)". Forrester.com. 

External Links

Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance


This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 



Copyright © World Library Foundation. All rights reserved. eBooks from World Library are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.