Nation states such as the UK have been intercepting communications within the reasoning to protect the citizen of the state from harm for example, intercepting the communications between terrorists will help prevent an attack from ever occurring. There are a number of guidelines each state follow to help highlight what is lawful and what is not. The public are concerned with the issue of privacy as cases such as GCHQ in 2013 had secretly collected a huge amount of metadata from the communication of ordinary people that they could search without restriction. This was before the Draft Communications Data Bill in April 2013 which suggested there was inadequate and ambiguous laws before this, which makes us question if the laws sanctioned today are adequate enough.
Specific authorities in the UK can request communication data under RIPA and with the authority of a warrant signed by the Secretary of State. They can obtain this data through a number of reasons:
For the sake of national security, the economic well-being of the country and public safety
To detect and prevent crime
To protect public health
To assess/ collect any impositions, contribution or charge that is payable to the government department such as tax
To prevent death or harm to an individuals physical/ mental health
By the order of the Secretary of State for any specified purpose
This context is quite ambiguous suggesting that any action to intercept communication can be underlined as simply for the interest of national security (meaning public officials will be exploiting obsolete statutory definitions) and could, in worse cases, lead to invalid detention as they could misunderstand a person’s curiosity for propaganda. The process of gaining a warrant is also not through a judge thus suggesting the case cannot be challenged in open court with a fair trail. GCHQ TEMPORA programme in 2013 was one of the greatest examples of the violation of privacy rights that RIPA didn’t stop. The failure to protect privacy emphasises the damage caused to the flow of freedom of speech which is the backbone of democratic countries like the UK. It also rises concern in the risk of criminals gaining access to private information.
Democracy’s main principle is that the people of the state understand and acknowledge the application of the law so appropriate actions can be taken when for instance, a public official makes a mistake. Democracy also helps the public make informed decisions such as whether the law needs to change. RIPA is one example of an ambiguous act that allows public officials to practice their power and influence secretly. The public therefore have no knowledge of what has been done and we can say our privacy is compromised each time we use a communication technology. What the public need is a more clear set of conditions that will standardise when this power and influence can lawfully be practiced when it comes to interfering with privacy.
Modern day email communication is one of the most collaborative and important tools used today within businesses and for personal use. With the lack of security in SMTP e-mail, the need for message security is very high therefore communicating through email does have its risk. Mary and her associates would want to use a system that…
Only allows the recipient of the email to read the message sent (confidentiality)
Unable others to alter the message (integrity)
Will be able to make the receiver feel confident that the message is definitely from the sender and make the sender feel confident that the message is only viewable to the recipient (verification)
Only the sender should have control over the message content
There are multiple protocols, services and solutions that add extra security to email without having to change whole exchange infrastructure. These use to include procedures such as MOSS, PEM or PGP. Nowadays core mechanisms are SPF, DKIM, DMARC and S/MIME.
Message security efficiency in providing digital signatures and message encryption ensures messages are more secure. These are the two main concepts of S/MIME-based message security. Mary and Babington would have used S/MIME as it is generally an approved protocol. It is an improved version of SMTP that does not compromise security with its’ widespread connectivity. S/MIME cryptographic security services ensures, for certain, that the right message is from the right sender. Digital signatures contributes towards authentication, nonrepudiation of origin and data integrity. And encryption contributes towards confidentiality and data integrity which improves privacy and data security. There are other concepts that support these two services.
Digital Signatures
Authentication: It is validating an individuals identity through the use of it’s differentiation to other identity validation entities.
Nonrepudiation: As a signature is unique to every individual and can only be recreated by the same individual giving a sense of authentication as a digital signature within some areas, is legally binding therefore the sender cannot refuse to acknowledge that they sent a certain message with his/ hers digital signature on it.
Data integrity: The recipient would be guaranteed that a message with a digital signature would not have been changed while in transit. This is because if it was changed after it was signed then the signature would be invalidated.
Digital signatures still lacks confidentiality as messages would be sent in cleartext form (comparable to SMTP messages) therefore can be read by others. In order to protect emails from being read by others, encryption is needed.
Public key cryptography allows the exclusive identification of the sender. As only one party (the sender) has the private key from the key pair, the use of this key will make it apparent that the sender used it. This is suggesting that the private key is a confirmation that the message was sent from the sender just like a digital signature as it can only be produced my the actual signature owner.
Correspondingly, in order for operations such as (asymmetric) encryption and decryption to be successfully completed, a key pair needs to have been used which suggest the private key must have been used as only a public key is bound to only one private key and can only identify its bound private key. This key relationship highlights that only the private key owner would have executed part of the encryption and decryption procedure. This shows the demonstration of the private key because only this key can encrypt plaintext to ciphertext. To ensure the successful procedure of encryption and decryption, we need a available control element for comparison and validation that the same absolute message was sent. This is the actual message as both the sender and recipient would have it. The message would be converted into a hash and if both messages are identical, both would yield the exact same hash values. Catching the hash value of the private key owner’s message when it is sent will identify that the sender perceived to sent the message did actually send it. The digital signature is created when private key encrypts the hash value.
This is how digital signatures maintain authentication, nonrepudiation and data integrity. If the hash values didn’t match, the recipient would acknowledge that the message was either changed through transit or the public key that was used didn’t match the private key used.
As digital signatures are added as attachments to the message, it can be attached as either an clear signed message or an opaque signed one. If Mary and Babington had to choose between which signature to send, they would have chosen the opaque signed message. This is because a clear signed message can be read by other non-S/MIME clients (with the signature discarded thus there is no way of verifying the message sent). There is an alarming chance for intervening mail gateways to ultimately change the message content. Whereas opaque signed messages are regarded as a single binary attachment thus they have a lower risk of being changed in transit. But using an opaque signed message means that both Mary and Babington would need to be an S/MIME client and many cannot read opaque-signed e-mail messages. In that case a clear signed messages is suggested.This all suggest that digital signatures are a answer to problems such as impersonation and data altering. Digital signatures are also possible with standard SMTP-based Internet e-mail if Mary only had accessed to this, it can still be used.
Encryption
S/MIME addresses SMTP problem of how an Internet e-mail message can be read by anyone through transit and can view it where it is stored. It tackles this problems through the use of encryption. Encryption provides:
Confidentiality: As a form of protection, encryption makes a message content become unreadable whilst it is through transit and in storage. Only the intended recipient would be able to view the message content meaning the content is kept confidential even if the message is under surveillance.
Data integrity: Again, encryption will ensure this service is received due to the result of the specific operations that occurs in encryption.
Encryption only ensures a message is not altered and only the intended recipient can view the original message over a public network. It does not authenticate if the original sender did send the message and as a result it is susceptible to impersonations thus cannot provide nonrepudiation. To provide the identification of who sent the message, as previously mentioned, a digital signature is needed.
Public key cryptography focuses on encryption when using a key pair (although this is not the only time to ensure message encryption). The private key can only be used successfully by its owner thus he/ she is the only one that can read the message. Due to this ability, it gives confidentiality. With the public key being known to the public, there is a limitless amount of people that can send information to one private key owner. The key pair is not used to encrypt the whole message because it is not necessary and only needs to be part of the locking and unlocking of information mechanism. To use the key pair on a small proportion of information and use a quicker symmetric key on the maximum amount of information would be more economical and not as an expensive process. The message will therefore be unreadable until the private key is given. Symmetrical keys use a secret key that both parties know (key negotiation) and is encrypted using a public key from a key pair, which is then sent to the private key owner who is the only one that can decrypt the symmetrical key thus ensuring the message stays confidential. There are also session keys which are one time symmetrical keys that are activated for a specific activity.
To summaries, message encryption establishes that a message will be unreadable as far as the private key is provided. When it is, the private key can then allow the process of key negotiation to occur securely. With this successfully being transmitted to the recipient, the symmetrical key can encrypt a message. The symmetrical key is then encrypted using the public key. This means that the private key owner can only decrypt the symmetrical key thus allowing them to decrypt the message. Using the symmetrical key to encrypt the message allows this procedure to occur quicker than with just the key pair. The message stays unreadable and protected until the private key is shown. This ensure confidentiality remains. Decryption would fail if there was any changes made to the message after encryption thus providing data integrity.
One of the enhancements made to S/MIME is called triple-wrapping in which a message is is signed, encrypted and then signed again. It is an additional layer of security. Digital signatures and encryption are used in simultaneously with one another to address weaknesses within each other (digital signatures for authentication and repudiation issues and message encryption for confidentiality issues) and weaknesses inflicted by the SMTP-based Internet e-mail. Public key cryptography is very important when it comes to digital signatures and message encryption as it is the reason why they are possible in S/MIME.
S/MIME can also work with other technologies concurrently, without being reliant on them to provide an extra encryption. The first one is Transport Layer Security (TLS) which is an extra layer of security that encrypts the route between two email servers to lower the risk of someone viewing the messages sent. Secure Sockets Layer (SSL) is the second technology that can be used which is a process that encrypts connections between email clients and Office 365 servers. Another worthy mention is BitLocker which provides the encryption for hard drive data stored in a data centre to ensure the data is unreadable to unauthorised people.
SPF (Sender Policy Framework) controls and stops sender address forgery. SPF facilitates the identification of a senders domain’s appropriate mail sources and unable’s unauthorised sources from sending a numberless amount of improper emails from the sender’s domain. Thus it would help ensure a sender’s emails are actually coming from the sender. This would help Babington to not receive altered messages from Walsingham.
DKIM (DomainKeys Identified Mail) is a TXT record that is presented in your Domain Name System (DNS). DKIM approves the identity of a domain name that’s linked with a message over cryptographic authentication. It uses key pairs to ensure that an email sender is who they say they are to check if mail servers and communications are authenticated. Simple Mail Transfer Protocol (SMTP) servers need the correct private key to match a public DNS record. The receiving mail server then confirms that SMTP server.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) supports senders and receivers to collaborate and build an extra secure communication layer between emails. DMARC restricts email-based abuse by solving issues relevant to email authentication protocols. It allows senders to demonstrate their messages are secured with SPF and/or DKIM. Part of its policy is to give clear instructions for receivers of an email that fails SPF/ DKIM authentication. It then sends a report to the sender about their messages either passing/ failing.