E - Mail Security Anybody can read your e-mail, if this has not happened to you; that is only because nobody wants to read your e-mail. As e-mail travels from one location to another, enroute to its final destination, it is stored temporarily at various stations. At each halt, there is a chance of someone reading the message. Someone can even intercept and cannibalise your message. There is no guarantee that the message you receive is what was written by the real sender. However, such intervention can be prevented to a large extent by e-mail encryption and digital signatures. Encryption is a way of effecting changes in the plain text to hide its substance. Excrypted plain text results in the generation of unreadable junk - like data, ciphertext. It ensures that only the person who knows the rule by which the data has been encrypted can understand the text. The process of reverting ciphertext to original plain text is decryption. Cryptography is the science of using mathematics to encrypt data and cryptanalysis is the science of analysing and breaking the encrypted text. There are two major types of cryptography: Single key and Public key cryptography. In single key cryptography - also known as conventional cryptography - the same key is used to encrypt aria decrypt the information. This means the sender and receiver must both know the key. But to make encryption effective you need a different key for every person you communicate with and you must trust each person holding your secret key. And this is possible only between those having some kind of relationship. Moreover, a secure exchange of secret keys become rather expensive. A new cryptography has been developed to put an end to this dilemma. It uses a pair of keys for encryption: a public key to encrypt the data and a corresponding private key for decryption. You advertise your public key to world and keep the private key secret. Anybody who knows your public key can send encrypted data to you that only you can read (not even the sender can read the data once it is encrypted). Conventional encryption is faster than public key encryption. However, there is a hybrid variety system that combines the advantages of both conventional and public key system - PGP (Pretty Good Privacy) is an example. E-mail encryption is enough to ensure, the privacy of messages. But how does one make sure that the e-mail you receive from your friend has been really sent by him. Moreover, you need to send the public key to the recipient if you want to use the, encryption technology. How can the recipient be sure that this public key is yours? Postal mail can be verified by the signature. The internet has introduced the concept of a Digital ID - a kind of digital passport to validate your identity in electronic transactions. It functions like a physical cerificate and uses public key encryption techniques. A digital ID consists of a public key, a private key and a digital signature. This should be added to your mail account. You send the mail digitally signed to transmit your public key to the recipient. Your addresse should be using mail clients with the necessary security features (like Outlook Express). The receiver can use the signature to verify your identity and use your public key to encrypt the messages he / she sends you if you want to send an encrypted e-mail, you should possess the public key of the recipient. E-mail Software The mail clients bundled with IE and Netscape have built-in encryption support. There are also a number of standalone e-mail encryption packages (like invisiMial - http://www.invisiMial.com, PGP - http://www.pgpt.com). One of the major handicaps of the encryption process is lack of standards in the protocols. If you encrypt a message with one protocol your recipient must use a package that supports the same protocol. The two most widely used protocols are S/MIME - Secure Multipurpose Internet Mail Extensions and Open PGP. If you have an independent encryption programme, you can use the software to create a digital signature. Otherwise, you can obtain a digital ID from certificate authorities (CA). You can visit their web site and follow the download instructions. VeriSign (http://www.verisign.com), Thawte (http://www.thawte.com) are two CAs. Since VeriSign uses the S/MIME protocol, you can send a message with a VeriSign signature to Outlook Express users. Here is an illustration with Outlook Express:
When you receive an encrypted or signed message, the client automatically decrypts the message and displays the encrypted and / or signed icons as the message is viewed. Apart fromthe e-mail security there are other risks out there in cyberspace, site collecting details about you, mailcious programme codes entering you system, etc. These will be discussed later. |
[ Back] Quiz| News| Teen Articles| Adult Articles| Fiction| Health| Jokes| Collegiates| Teasers| Games| Cartoons| Paintings| English Novels| English Poems| Hindi Novels| Hindi Poems| Products| About Us | Kids Club| Classifieds| Contribution| Greetings| Guest Book| Message Board| Feedback| Home |