A Case (Study) for Usability in Secure Email Communication

A Case (Study) for Usability in Secure Email Communication

Secure Systems Editor: S.W. Smith, [email protected] A Case (Study) For Usability in Secure Email Communication s a network security researcher, I find it very dis- hold Alice to her original contract by proving that the signature he pos- appointing that most users can’t, or simply don’t, sesses was created before Alice pub- lished her key—perhaps by using a secure their everyday Internet communications. time-stamping service2 or an online notary—Alice can still claim that she For good reason, usability in security has received didn’t know her key was stolen. A More sophisticated protocols for a fair deal of attention in the past few years (see the September nonrepudiation are needed, but as it now stands with standard S/MIME, APU KAPADIA 2004 special issue on this topic1). To realized that, currently, everyday nonrepudiation for casual email users Dartmouth push the issue further, I decided to users seldom need to do so, as we doesn’t work in practice. College initiate my own informal case study will see if we examine email signa- on the usability and practical rele- tures more closely. Integrity vance of standard security mecha- For any message, Alice can use Forging email messages on today’s In- nisms for email communication. her private key to generate a crypto- ternet is surprisingly easy, and forg- I focused my attention on avail- graphic package that a recipient can eries such as phishing emails are a able public-key cryptography tech- verify only by using her public key direct threat to everyday users. In the- niques for digitally signing and and the original message. This pack- ory, if messages are digitally signed, encrypting email. My first step was age is called a digital signature and recipients can reject those with to establish a public–private key pair provides two basic properties: non- spoofed “From” addresses because to use with email. I chose to use Se- repudiation and integrity. their signatures won’t be valid—that cure/Multipurpose Internet Mail is, only Paypal can sign messages that Extensions (S/MIME), a standard for Nonrepudiation appear to come from paypal.com. signing and encrypting email, be- Nonrepudiation is the idea that, in Digital signatures also provide protec- cause it’s already supported by popu- theory, a signer such as Alice can’t tion against adversaries who modify lar email clients such as Apple Mail, later deny that she signed the mes- parts of the message in transit, Outlook Express, and Mozilla’s sage. For example, occasionally I although I would argue that such Thunderbird. Unlike S/MIME, I submit reviews for conference papers email modifications present very lit- found that Pretty Good Privacy over email. I could digitally sign my tle threat to everyday users—for them, (PGP) and the GNU Privacy Guard messages to claim responsibility for digital signatures’ main utility is in (GPG) were unusable with nontech- my words. But as any security re- countering forged sender addresses. nical correspondents because it re- searcher would be quick to point In practice, however, digital signa- quired them to install additional out, digital signatures’ nonrepudia- tures are a weak line of defense. Phish- software. S/MIME, it seemed, was bility is just an illusion. Alice can al- ers can use cleverly crafted email the better solution for these “every- ways claim that someone stole her addresses such as customer-service@ day users,” for whom the concepts of private key and that the signature is a paypal-help.com to trick users into public-key infrastructure (PKI), PGP, forgery. And if that’s not enough, believing that they’re corresponding certificates, keys, and so on remain Alice can publish her key in The New with Paypal. Because phishers can le- elusive. Additionally, I decided to get York Times, letting potentially any- gitimately own a domain such as pay- my public key certified by Thawte body sign a message using it. In such pal-help.com, a phisher can obtain a (www.thawte.com), an online cer- situations, Alice can be penalized for certificate and generate emails from tificate authority (CA). negligence or irresponsible behavior, that domain that have valid signatures but she can’t be held responsible for (this is just a hypothetical example, but Digital signatures the contents of messages signed with at the time of writing, paypal- After months of signing email, I’ve her private key. Even if Bob tries to help.com was registered under a for- 80 PUBLISHED BY THE IEEE COMPUTER SOCIETY ■ 1540-7993/07/$25.00 © 2007 IEEE ■ IEEE SECURITY & PRIVACY Secure Systems eign mailing address). Any mecha- tion, although anecdotal, has made a “examine certificate,” and a stray nism that combats phishing must look lasting impact on my use of signatures click later, my certificate was pre- beyond the integrity protection that and highlights the need for more re- sented for examination. The email digital signatures provide. Given that search on usability in security. client automatically obtained this most email that users receive is un- By default, some email clients at- certificate from earlier messages I signed, users routinely verify a mes- tempt to digitally sign replies to signed had signed. From my correspon- sage’s integrity based on its contents messages. While responding to my dent’s viewpoint, however, the and context. In fact, I find myself ver- signed email, a correspondent who problem with connecting to an un- ifying messages’ integrity based on works for the military was told to “in- trusted email server was somehow their overall content, even when they sert cryptocard.” Because the corre- linked to my name. Again, I found are digitally signed. For the lack of a spondent was not familiar with digital myself obliged to explain that I better term, I call this form of in- signatures, I received a reply with a wasn’t trying to do anything sneaky tegrity “semantic integrity,” in con- suspicious tone (whether intended or with my correspondent’s email trast to the standard notion of not, this is how I interpreted it). With client. These incidents have taught (syntactic) integrity that digital signa- the prospect of a potentially peeved me an important lesson: sign your tures provide. When corresponding military official, I found myself messages only to people who under- with familiar people, verifying the se- obliged to explain that I was not trying stand the concept. Until more usable mantic integrity of email messages is to do anything sneaky with govern- mechanisms are integrated into pop- surprisingly easy—digitally signed or ment computers, and that the email ular email clients, signatures using not, strange text from a friend that client was the culprit with its auto- S/MIME should remain in the do- contains an attached virus looks suspi- mated behavior. A couple of test main of “power users.” cious. I routinely ignore signatures emails, with and without signatures, from family, friends, and acquain- convinced the correspondent of my Encryption and the key tances simply because I’m confident theory—that the email client was in- distribution problem that I can sniff out forgeries. deed trying to automatically sign Now, more than ever, the privacy of At this point I will re-emphasize replies to my signed messages. our communications is at risk. The my focus on everyday users. Certainly, In a separate incident, another government is increasingly inter- defense contractors, network admin- correspondent, also unfamiliar with ested in our conversations, and in an istrators, and so on are well advised to PKI, was facing problems after en- open system such as the Internet, we digitally sign messages to correspon- countering a certificate signed by an must take added measures to ensure dents who expect them. You can in- untrusted CA. After clicking on our privacy rights. With the confi- struct employees to reject any message from the security officer without a valid signature—certain job functions rely on baseline security mechanisms for which you can provide training. For everyday users, however, using digital signatures to verify messages’ integrity is both overkill and prone to error, the former because using signa- tures for detecting alterations doesn’t address a tangible threat, and the latter because telling everyday users to “en- sure that the signature is valid” to de- tect forgeries is a misguided heuristic. Focusing on tools that will help them verify semantic integrity, instead, is more promising. Incrimination Given that the two most important properties of digital signatures don’t seem useful in practice, why might everyday users continue to sign email? The property of incrimina- www.computer.org/security/ ■ IEEE SECURITY & PRIVACY 81 Secure Systems dentiality of my electronic conversa- tally signed) by a CA that Bob trusts, deed create a bogus certificate for my tions in mind, I convinced some of then Bob will accept Alice’s certifi- identity, certified by a malicious CA my research colleagues to encrypt cate as being authentic. If Alice’s key that I don’t trust, but that is on the list their email conversations with me. is certified by a CA that’s not on of installed third-party CAs. Because the S/MIME email client would trust the certificate, were my col- By pre-installing third-party CA certificates leagues accepting a fake certificate signed by another CA or were they into email clients without rigorous auditing accepting my Thawte certificate? Clearly, users must first trust the procedures, vendors are breaking the trust CAs installed in their email clients. Second, if Alice and Bob are ex- model required for PKI to be successful. changing keys, they should use a CA that they both trust.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    5 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us