Management aspects of secure messaging between organizations

2
PKI Network Security April 2005 16 PKI Secure messaging employing end-to-end architectures and PKIs offer message confidentiality through encryption, and message authentication through digital signatures. However, there are a number of implementation and operational issues associated with them. One of the major criticisms is the overheads involved in certificate and key management. Typically, certificates and keys are assigned a lifetime of one to three years, after which they must be replaced (rekeyed). A current trend is to employ a rigorous semi-manual process to deploy initial certificates and keys and to automate the ongoing management processes. For the initial issuance, it is vital to confirm the identity of the key and certificate recipients; especially where messages between organizations are to be digitally signed. Business partners must have trust in each others’ PKIs to a level commensu- rate with the value of the information to be communicated. This may be deter- mined by the thoroughness of the processes operated by the Trust Centre that issued the certificates, as defined in the Certificate Policy and Certificate Practice Statement. The organisation’s corporate directory plays a critical role as the mechanism for publishing certificates. However, corpo- rate directories contain a significant amount of information which may create data-protection issues if published in full. Secondly, corporate directories usually allow wildcards in search criteria, but these are unwise for external connec- tion as they could be used to harvest e- mail addresses for virus and spam attacks. Furthermore, organizations may publish certificates in different locations. Dedicated line and routing The underlying idea for this alternative to a fully blown PKI is to transmit mes- sages on a path between the participating organizations that avoids the open Internet. There are two major options: A dedicated line between the involved companies With this option all messages are nor- mally transmitted without any protec- tion of content. The level of confiden- tiality for intracompany traffic thus becomes the same for the intercompany traffic and for many types of informa- tion that may be sufficient. Depending on bandwidth, network provider and end locations, however, this option may be expensive. A VPN connection between participating companies Such a connection normally employs the Internet, but an encrypted, secure tunnel on the network layer is established between the networks of participants. Thus all information is protected by encryption. An investment to purchase or upgrade the network routers at the endpoints of the secure tunnel might not be insignificant. Most of the work to implement such solutions lies in establishing the network connection, and a dedicated line may have a considerable lead time. The same applies for new network routers as end- points of a VPN. Gateway to gateway encryption using Transport Layer Security (TLS) Internet email messages are vulnerable to eavesdropping because the Internet Simple Message Transfer Protocol (SMTP) does not provide encryption. To protect these messages, servers can use TLS to encrypt the data packets as they pass between the servers. With TLS, each packet of data is encrypted by the send- ing server, and decrypted by the receiving server. TLS is already built into many messaging servers, including Microsoft Exchange and IBM Lotus Domino, so that implementation may simply involve the installation of an X.509 server certifi- cate and activation of the TLS protocol. The downside is that data is protected only in transit between servers that sup- port TLS. TLS does not protect a mes- sage at all stages during transport, unless TLS is implemented as a service in all the involved instances. Gateway to gateway encryption using S/MIME Gateways An obstacle to end-to-end PKI is the burden of managing certificates. Also, once encrypted, messages cannot be scanned for viruses, spam, or content. Gateways that use the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol to encrypt and decrypt messages at the organizational boundary can address these issues. S/MIME gateways use Management aspects of secure messaging between organizations Roger Dean, Head of Special Projects, eema Electronic messaging is vulnerable to eavesdropping and imperson- ation, and companies that do not protect sensitive information lay themselves open to significant risk. Here we take a short glimpse at some of the issues associated with Public Key Infrastructure (PKI), and some less expensive options. Roger Dean

Transcript of Management aspects of secure messaging between organizations

PKI

Network Security April 200516

PKISecure messaging employing end-to-endarchitectures and PKIs offer messageconfidentiality through encryption, andmessage authentication through digitalsignatures. However, there are a numberof implementation and operational issuesassociated with them.

One of the major criticisms is theoverheads involved in certificate and keymanagement. Typically, certificates andkeys are assigned a lifetime of one tothree years, after which they must bereplaced (rekeyed). A current trend is toemploy a rigorous semi-manual processto deploy initial certificates and keys andto automate the ongoing managementprocesses. For the initial issuance, it isvital to confirm the identity of the keyand certificate recipients; especiallywhere messages between organizationsare to be digitally signed.

Business partners must have trust ineach others’ PKIs to a level commensu-rate with the value of the information tobe communicated. This may be deter-mined by the thoroughness of theprocesses operated by the Trust Centrethat issued the certificates, as defined inthe Certificate Policy and CertificatePractice Statement.

The organisation’s corporate directoryplays a critical role as the mechanism forpublishing certificates. However, corpo-rate directories contain a significantamount of information which may

create data-protection issues if publishedin full. Secondly, corporate directoriesusually allow wildcards in search criteria,but these are unwise for external connec-tion as they could be used to harvest e-mail addresses for virus and spamattacks. Furthermore, organizations maypublish certificates in different locations.

Dedicated line and routingThe underlying idea for this alternativeto a fully blown PKI is to transmit mes-sages on a path between the participatingorganizations that avoids the openInternet. There are two major options:

A dedicated line between theinvolved companiesWith this option all messages are nor-mally transmitted without any protec-tion of content. The level of confiden-tiality for intracompany traffic thusbecomes the same for the intercompanytraffic and for many types of informa-tion that may be sufficient. Dependingon bandwidth, network provider andend locations, however, this option maybe expensive.

A VPN connection between participating companies Such a connection normally employs theInternet, but an encrypted, secure tunnelon the network layer is established

between the networks of participants.Thus all information is protected byencryption. An investment to purchaseor upgrade the network routers at theendpoints of the secure tunnel might notbe insignificant.

Most of the work to implement suchsolutions lies in establishing the networkconnection, and a dedicated line mayhave a considerable lead time. The sameapplies for new network routers as end-points of a VPN.

Gateway to gatewayencryption usingTransport Layer Security(TLS)Internet email messages are vulnerable toeavesdropping because the InternetSimple Message Transfer Protocol(SMTP) does not provide encryption. Toprotect these messages, servers can useTLS to encrypt the data packets as theypass between the servers. With TLS, eachpacket of data is encrypted by the send-ing server, and decrypted by the receivingserver. TLS is already built into manymessaging servers, including MicrosoftExchange and IBM Lotus Domino, sothat implementation may simply involvethe installation of an X.509 server certifi-cate and activation of the TLS protocol.

The downside is that data is protectedonly in transit between servers that sup-port TLS. TLS does not protect a mes-sage at all stages during transport, unlessTLS is implemented as a service in allthe involved instances.

Gateway to gatewayencryption using S/MIMEGatewaysAn obstacle to end-to-end PKI is theburden of managing certificates. Also,once encrypted, messages cannot bescanned for viruses, spam, or content.Gateways that use theSecure/Multipurpose Internet MailExtensions (S/MIME) protocol toencrypt and decrypt messages at theorganizational boundary can addressthese issues. S/MIME gateways use

Managementaspects of securemessaging betweenorganizationsRoger Dean, Head of Special Projects, eema

Electronic messaging is vulnerable to eavesdropping and imperson-ation, and companies that do not protect sensitive information laythemselves open to significant risk. Here we take a short glimpse atsome of the issues associated with Public Key Infrastructure (PKI),and some less expensive options.

Roger Dean

RFID

But of these three technologies, RFID is probably the least understood andmost feared by the public at large.Consumers are afraid of their buyinghabits being tracked. Travellers are concerned about the privacy issues of RFID in passports. And businesses

are worried that the current state of the technology is not sufficient to keep hackers at bay. Ultimately, RFIDhas the capability to change the face of supply chain management and inventory control and we need to beprepared for that.

RFID BasicsRFID (Radio Frequency IDentification)has been around for decades. Initiallyused for proximity access control, RFID has evolved over the years to beused in supply chain tracking, toll bar-rier control, and even protecting auto-mobiles. The cost of the chips used forRFID are now as low as 0.20USD withreaders costing as little as 30USD, making large scale deployments morecost effective.

There are several types of RFID tag.The most common and simple is a pas-sive tag. Passive RFID tags receive theirenergy from a remote RFID reader. Thetag is able to focus the radio frequencyenergy from the transmitting reader anduses the generated electrical impulse topower the onboard chip.

April 2005 Network Security17

RFID: misunderstood oruntrustworthy?Bruce Potter

It seems that everywhere you look, wireless security is in the news.WiFi networks are being deployed in homes and businesses at anastounding rate. Bluetooth is being in integrated into all manner ofdevice from cell phone to laptop to automobile. And now RFID tagsare starting to show up in some retail stores and gaining acceptancein for use in supply chain management.

public and private keys known asdomain certificates to encrypt and signmessages that pass between domains.They have the same format as those usedin desktop-to-desktop S/MIME messageencryption, except that the certificatesare issued to domains, not individualusers. Messages are signed and encryptedonly while in transit between theS/MIME gateways.

An S/MIME gateway can co-exist withunencrypted SMTP messages and withend-to-end S/MIME encryption; it cansend and receive unencrypted andunsigned messages to/from any e-maildomain; and it can receive messagessigned or encrypted with conventional,desktop-to-desktop S/MIME. It will notdecrypt the message or verify the signa-ture, and it will deliver the message tothe recipient's mailbox with the signature

and/or encryption intact. However, itcannot currently sign or encrypt mailthat is sent to a user in a domain thatdoes not have an S/MIME gateway.

Pretty Good Privacy (PGP)The OpenPGP and PGP/MIME proto-cols are based on PGP and rely onMIME for message structure. Today, aspecialised S/MIME client can’t normal-ly communicate with a PGP client,although that may change. PGP hasbeen described as a good example ofwhat PKI is; but it enables the user toscale the PKI implementation from indi-viduals up to several thousand users. Itcomprises a number of products thatcan be implemented incrementallyaccording to requirement. With PGPthere is no reason to hesitate to imple-ment and make use of secure messagingcapability because of cost or complexity:it’s perfectly possible for the small tomedium sized company ) to create anenvironment which is functional, inex-pensive and easy to manage.

Attachment, encryptionand compression A number of products for documentstorage and communication are supplied

with different types of confidentialitysuch as MS/Word, MS/Excel and theAdobe Family. Another collection is rep-resented by file compressing tools. Theseallocate the smallest possible storage areafor any number of files gathered, and areoften equipped with advanced encryp-tion capability. For example, the latestversion of WinZip is supplied with 256bit AES encryption.

There are some limitations with com-pression tools, in the area of secure mes-saging. Key handling is cumbersome andif used extensively it may cause trouble.Also, compression tools can’t normallyprotect the actual message, just theattached file(s); and the password mustbe delivered to the recipient separately –preferably by phone. File compression istherefore a temporary or special solu-tion, to be used with discernment.

More informationMore information can be found in thefull report available from EEMA, a largemulti-national user organization.EEMA is exhibiting at InfosecurityEurope 2005, which is held on the 26th– 28th April 2005 in the Grand Hall,Olympia in London.More details:www.infosec.co.uk

“A major criti-

cism of PKI is

the overheads