- Software that aims to make encrypted email communications
simple enough for even computer novices to use was released on Tuesday.
-
- Encryption is the science of securing communications
against eavesdropping by converting the content of a message into a code,
or cipher, which can only be unlocked using a secret "key". But
modern cryptography often involves using complex mathematical algorithms
and convoluted key exchanges to protect messages against skilled code-crackers.
-
- Ciphire, developed by Ciphire Labs in Munich, Germany,
uses a technique called "public key cryptography" to sign and
encrypt email messages. Once loaded on to a computer hard drive the software
performs all of the complex tasks involved behind the scenes. Ciphire also
works with almost any email software client - like Microsoft Outlook, for
example - without requiring prior configuration.
-
- "The real benefit is the ease of use," says
Laird Brown, chief strategist at Ciphire. "Everything is automated,
so it's much like a virus scanner. It just sits quietly in the background."
-
- Brown told New Scientist the security of the system has
also undergone rigorous testing. "From a security perspective, we've
taken it as far as we can," he says. The program is being offered
free for non-commercial use and can be used by companies for a licence
fee. Virtual invisibility
-
- Once installed on a PC, Ciphire runs in the background
in conjunction with an email client program. It intercepts email after
the "send" button is pressed but before the email leaves the
computer, and intercepts incoming email before it is formally received
by the email program, making it virtually invisible to the user.
-
- The program automatically manages the creation of a set
of public and private cryptographic keys, simply prompting the user for
a password from which the keys are generated. The public key is sent to
Ciphire's servers and the private one is stored safely on the user's machine.
-
- The two keys are mathematically linked in such a way
that two independent parties can communicate securely without first exchanging
secret keys. A private key can be combined with another person's public
key to create an encrypted message that can be deciphered using the corresponding
public and private pair.
-
- Each time a message is sent Ciphire checks with its servers
to see if the recipient already has their own public key. If they do, the
program uses this to encrypt the message. At the other end of the exchange,
the recipient's version of the program should automatically retrieve the
sender's public key and perform the necessary decryption.
-
- If the recipient does not have a key pair the program
simply "signs" a message - this key allows the recipient to confirm
an email's authenticity but does not protect it from eavesdroppers. Unique
signatures
-
- The keys kept on Ciphire's servers are also utilised
to generate coded signatures unique to the content of each email message
sent using the system. If the content of a message is intercepted and altered
somewhere between being sent and received - this signature will not be
the same, alerting users to the tampering. Brown says this makes it virtually
impossible for anyone - including Ciphire itself - to change keys without
users becoming aware.
-
- Ciphire had several independent cryptography experts
audit the software and made modifications based on their recommendations.
Russ Housley, of US company Vigil Security, who performed a study of the
software, says that it stood up to scrutiny.
-
- "The security provided by Ciphire is very robust,"
he told New Scientist. "In every situation, the designers have chosen
the strongest possible cryptographic algorithms and the longest possible
key sizes."
-
- Housley notes that Ciphire combines several encryption
algorithms. This means messages should remain secure even if a fundamental
flaw should emerge in one of the algorithms.
-
- "This is like holding your pants up with both a
belt and suspenders," he says. "If one fails, your pants still
stay up."
-
- But Housley adds that the main advantage of the software
is its simplicity. "If it is difficult to use, then it will not be
used," he says. "Transparency is vital for acceptance by users."
-
- © Copyright Reed Business Information Ltd.
-
- http://www.newscientist.com/article.ns?id=dn6865
|
