by Sven Gossel, charismathics GmbH
In today’s electronic world, people and businesses take for granted the ease-of-use, and speed at which emails are both sent and received. However, it is in these electronic messages, that personal and confidential company information is sent globally on a daily basis, and a place where people with malicious intent can target to send viruses and programs designed to invade privacy, destroy and/or steal data, or just wreak havoc on PC’s.
Prevent and protect
There is, however, a simple technology, which has been inherent in most email programs for a number of years, that can prevent and protect the above from happening. This technology is known as email signing, encryption or decryption and can be accessed through Microsoft’s Outlook, Outlook Express, LotusNotes and any others that support digital signatures and encryption. Today, this is a supported standard feature, meaning that, with a little research and reading, anyone can start sending and receiving emails on a secure basis; verify valid email addresses and, depending on the certificate issued, verify who sent the email. Unless the email is signed with a valid certificate, the source of the email could be deemed suspicious.
Making use of available technology
To make use of available technology, a person would need to apply for and download a certificate. There are several free certificate authorities available, such as http://www.trustcenter.de. Once the certificate is downloaded, it can be stored on a PC or more securely in a USB token, smart card, or TPM chip. The TPM chip is imbedded in the motherboard of a computer and designed to generate cryptographic keys to secure both hardware and data. There are software programs available on the market that take advantage of the TPM and allow it to be utilized just like a smart card or token to store digital identities or certificates. There are a few steps, which should be taken to initialize a TPM, as the PC manufacturer does not turn this on. Once initialized, a person can take ownership, download a certificate, and is then ready to start digitally signing, sending and receiving encrypted emails. It is interesting to note that all major PC manufacturers have been including a TPM chip in their platforms for the past few years and most business laptops already have one built in.
Certificates and encrypted emails
Most free certificates ask for some basic data such as name and email address. This basic certificate is classified as a ‘class one’ trust level, for the verification of an email address. The certificate authority then verifies the email address before issuing a certificate, which can then be used to validate outgoing emails by simply clicking a button in the email window itself.When the recipient receives a signed email, there is a badge on the icon of the email indicating that the email has been signed. The recipient can then open the email and see a little badge showing that the email is signed and the certificate authority has verified the address, giving the recipient peace of mind that the email is valid and safe before opening. One additional feature in Outlook is the ability to send encrypted emails. Once the recipient receives a signed email they then have the sender’s key to decrypt emails from that address. This way, the recipient knows that the sender actually sent the email, as the email could only be encrypted by using the sender’s certificate. An encrypted email cannot be read unless the recipient has the key to decrypt the email. Therefore, even if it is intercepted, it cannot be read because they would not have the key to decrypt the email.