Masaryk University Faculty of Informatics PGP (GPG) encryption for small and medium enterprises Master’s Thesis Zuzana Melšová Brno, Fall 2016 Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Zuzana Melšová Advisor: prof. RNDr. Václav Matyáš, M.Sc., Ph.D. i Acknowledgement I would like to thank my supervisor, prof. RNDr. Václav Matyáš, M.Sc., Ph.D., for his valuable feedback on my writing. I would also like to thank Ing. Zbyněk Sopuch for his consultations on the practical part of this thesis. iii Abstract The aim of this thesis is to design and implement a prototype of end-to- end email encryption system for small and medium-sized enterprises which minimizes interaction with the end user, is easy to deploy, and is also able to connect with another enterprise. This thesis provides an overview of the current state of email encryption software area and an evaluation of its suitability for deployment in enterprises. After analyzing problems regarding usability, security, and deployment, an email encryption solution is presented, and a proof-of-concept implementation for Microsoft Outlook email client is provided. iv Keywords PGP, GPG, email encryption, usability, Microsoft Outlook, Active Di- rectory v Contents 1 Introduction ............................1 2 Email encryption overview ...................3 2.1 Email encryption standards ..................3 2.2 Email encryption software ..................6 3 Problem analysis and solution design ............. 13 3.1 Implementation goals ..................... 13 3.2 Solution design ........................ 14 4 Implementation .......................... 19 4.1 Outlook add-in ........................ 19 4.2 Active directory and key storage ............... 27 4.3 Administrator tool ...................... 29 4.4 Future work .......................... 29 5 Conclusion ............................. 37 Bibliography . 39 vii 1 Introduction Nowadays, when advanced security mechanisms exist to protect data, systems, and networks, emails are still surprisingly mostly sent un- encrypted. Since the email protocols that were designed many years ago without the security in mind are still in use, we have to use ad- ditional software to secure our emails. In spite of that a lot of email encryption software exists, it is not widely used because of its bad usability. The standards for email encryption employs a public-key cryptography, which needs the participants to exchange their public keys before they can communicate securely. These standards have not been designed with a focus on good usability for an average end user. Even though the software has a user-friendly interface for managing keys and encrypting messages, users still need to understand the con- cept of public-key cryptography to be able to exchange the right keys and verify whether the public key belongs to the person to which it is declared. This thesis focuses on bringing usable email encryption to small and medium-sized enterprises, where we can not count on large IT staff to be available to manage the system. Therefore the solution should be easily deployable and maintainable. We focus on mini- mizing user interaction with the system and automating as much as possible to take the responsibility to verify and use the correct keys from the user. On the other hand, we want the key management to be transparent for the enterprises. We aim to automatically encrypt all the internal communication and also make it possible to easily connect with another enterprise. This thesis provides an overview of the existing email encryption software. We have analyzed its usability, security, trust models and the suitability for the enterprise-wide deployment. Based on the analysis, we have designed a generic solution for automated key distribution and email encryption, and implemented a proof of concept as an add- in for Microsoft Outlook email client, using Active Directory to supply the internal infrastructure and to store the keys. The second chapter provides an overview of the current state of email encryption area. The third chapter consists of problem analy- sis with a focus on the deployment in enterprises and presents our 1 1. Introduction solution. It is followed by a chapter describing the proof-of-concept implementation for Outlook email client and proposing possible im- provements and extensions for the future. 2 2 Email encryption overview This chapter provides an overview of the present state of the area of end-to-end email encryption. First, a high-level description of two most widely used email encryption standards is provided, which is needed to understand limitations of the systems that employ these standards. Since these standards have many issues regarding usability and also security, a group of researchers recently designed an email protocol suite including end-to-end security which solves some of these problems. We briefly describe the idea behind this protocol asit could be the future of encrypted email. The second part of this chapter provides an overview of existing email encryption software with a focus on its usability, security, key management, and suitability for deployment in enterprises. 2.1 Email encryption standards Two main standards are currently used for the end-to-end email en- cryption and signing: S/MIME [1] and OpenPGP [2]. The encryption schemes are very similar, and both of them use a combination of symmetric-key cryptography, public-key cryptography and hashing. The messages are encrypted by a symmetric algorithm with a key which is newly generated for each message. This symmetric key is then encrypted with the public key of the recipient and enclosed to the encrypted message. To also provide an integrity of the email, the sender uses his private key to sign a hash of the message and encloses it to the email before the encryption. Therefore, to be able to perform an encrypted communication, the users must first exchange their public keys. The main difference between the two standards is in the way the public keys are distributed and verified. While the S/MIME uses a cen- tralized trust model based on Certification Authorities, theOpenPGP was designed to use a decentralized trust model known as Web Of Trust. 3 2. Email encryption overview OpenPGP: The OpenPGP standard [2] was derived from the PGP (Pretty Good Privacy) encryption software released by Philip Zimmer- mann in 1991 [3]. The standard is implemented in various projects including GnuPG (GNU Privacy Guard, also known as GPG) [4], the most widespread open source implementation. The notation PGP is often used with the meaning of the standard OpenPGP, and so we use it in the rest of this thesis as well. PGP was designed to use the decentralized trust model for public key distribution known as Web Of Trust in which each participant can certify the other participant’s public key by adding a signature to the key. The user decides whether the key is valid or not based on the signatures on the key. The validity of the key can also be verified by checking its fingerprint. For the key distribution, PGP has the concept of key servers. The user can upload his public key to the key server and others can then download it to be able to send him encrypted messages. S/MIME: The S/MIME (Secure/Multipurpose Internet Mail Exten- sions) [1] standard fundamentally provides users with the same func- tionality as PGP, just with different formats of encryption. The only significant difference is in the key management. The S/MIME uses the X.509 format of certificates and employs the centralized trust model based on Certification Authorities (CA) where the user has first to obtain a certificate from the CA which verifies and certifies his identity and then exchange the certificates with others. Both of the trust models described above have many issues. The Web Of Trust does not scale well and nonexperienced users do not know which public key can be trusted or not. It brings a big complexity to the system and thus makes it insecure. In the centralized model, the verification of public keys is done automatically. However, it requires to place trust in a third party and there were many cases of compromised CAs. Moreover, obtaining the certificates is a burdensome process which brings additional costs. While both of these technologies bring authentication, confiden- tiality, non-repudiation, and integrity for the emails, they still do not provide enough privacy for the email users. All the metadata including 4 2. Email encryption overview subject, recipient, and sender are not encrypted so an eavesdropper would still be able to trace who communicate with whom, when, and even guess at what they are talking about from the unencrypted sub- ject header. This could be only solved by introducing a whole new email system with a built-in security. However, a group of researchers including the author of PGP recently proposed new email protocols and architecture with end- to-end security which minimizes exposure of the metadata to the stations along the path between the sender and the recipient. The project named Dark Internet Mail Environment (DIME) [5] aims to make the email secure by default and also make it more secure than the existing approaches. It also focuses on a good usability which requires an automation of the key management including generation, distribution, and validation of the keys. The messages are encrypted on multiple levels so that the particular handling station has access only to the information it needs to see. Regarding the trust model, the service providers still have a trusted position in this system. However, the user can choose among three trust levels (Trustful, Cautious and Paranoid) determining the server’s access to the user’s private keys.