The ongoing Hillary Clinton email controversy has thrust email security into the spotlight. I’m not here to debate whether she should have been using a private email server for official communications (I’ll leave that to the pros), but rather I’d like to dive into one of the details that’s emerged – the discovery that her email server lacked a Digital Certificate for 3 months back in 2009.
In the few months since that detail was released, it has been a major sticking point and for good reason. Lacking this basic security standard was very bad; there’s no denying that. However, I can’t help but wonder if all this attention on the mail server is a bit misplaced or perhaps short-sighted. What about the emails themselves? Protecting the server only does so much; is it time for everyone to start encrypting emails too?
Is Encrypting a Mail Server Enough?
Given the high profile nature of the Clinton story, securing mail servers with Digital Certificates has been covered quite in depth at this point. To sum it up, certificates on mail servers are a pretty big deal because without one:
- There’s no way to identify that the mail server you’re connecting to is actually the correct mail server.
- Any emails sent between your browser or email client and the server are not encrypted and could be intercepted.
Without a certificate, you leave yourself open to a man-in-the-middle (MITM) attack, whereby malicious parties could insert themselves between you and your mail server to intercept and access your emails. This would obviously not be a good situation and it’s clear that using a certificate on your mail server is essential.
However, while an SSL Certificate will protect your emails in transit to and from your server, it does nothing to protect your emails as they pass through other servers, which may not be have SSL. Additionally, securing your mail server doesn’t protect the emails at rest. For example, a hack where attackers gain access to email systems, like the famously large one at Sony in late 2014, would not be prevented by a server certificate.
Is Email Encryption the Answer?
For starters, I’m talking about S/MIME (Secure/Multipurpose Internet Mail Extensions) encryption here, though I’ll cover some other options in a future post. Similar to the server encryption discussed above, S/MIME is based on public key, or asymmetric, cryptography and uses pairs of keys to encrypt and decrypt content (unlike symmetric cryptography which uses the same key for both). The key pair consists of a public key, which is meant to be shared and is used to encrypt and a private key, which is kept secret and used to decrypt.
How does S/MIME encryption protect your emails?
The cryptography technology underlying S/MIME means that only the intended recipient of your email can actually read it. How? Well, it comes back to that key pair – your public key is used to encrypt the email and ONLY the corresponding private key can decrypt it. This means, assuming your private key hasn’t been compromised, you are the only who can decrypt and read the email.
So going back to that company hack scenario I mentioned earlier, hackers wouldn’t be able to read your emails even if they got access to your corporate email systems because they wouldn’t have your private key to decrypt them. Or if you didn’t have a certificate on your mail server, although we’ve established you really should and your emails were intercepted in transit, they’d still be safe. The same applies for any other unprotected servers they may pass through – because you’re encrypting the emails themselves, they’d stay safe from prying eyes.
But wait, there’s more - authentication & data integrity
In addition to encryption, S/MIME enables you to add digital signatures to your emails too. This means not only can you protect your emails from falling into the wrong hands, but also:
- Prove that your email actually came from you (i.e. is not a spoof or phishing email) – the digital signature is applied with your private key and verified with your public key, which are unique to you. Your identifying information is included in the signature, which most email clients display prominently.
Sample email digital signature in Microsoft Outlook
- Prevent changes to your email after it has been sent – when a digital signature is verified (in this case, when a recipient opens your email), a process takes place behind the scenes that compares the email contents at that moment to when the signature was applied. If the content doesn’t match, an error will display so your recipient knows something is wrong and not to trust the contents of the email. For more details on this process, often called the “hash check”, check out our related post.
So where does this leave us in the server vs. email encryption debate? I think most would agree that SSL on your mail server is a best practice – why leave yourself vulnerable to MITM when there’s an easy solution - but if you’re really concerned about your emails being intercepted, both at rest and as they bounce around the wild Internet, you should consider encrypting them as well.
What do you think? Email encryption has been around for a while, but have we finally come to a point where everyone should seriously consider using it?
Want to learn more about Digital Signatures? Watch our on-demand webinar.