Abstract
This white paper offers an overview of how to achieve secure, private emailing over the internet. It provides examples of basic alternative solutions to secure your emails. This whitepaper reviews how Galaxkey meets these security requirements with the advanced Galaxkey email security solution that ensures the traversing of private emails and how Galaxkey enables individuals and corporates to benefit from Email security and privacy. This whitepaper reviews the necessary technical requirements and Galaxkey’s ease of use and its scalability within a corporate market.
Introduction
The Internet delivers individuals and corporates with one of the simplest communication tools ever available. It is fast, convenient, cheap but its downfall is that it is the least private that any form of communication could be.
How secure are emails?
Every email user has information they wish to keep private be it financial, personal, social, political or professional. Moreover, information that you may not deem as private may well be as additional information can be inferred. Corporates have trade secrets and confidential information that they want to keep private. Additionally it is a requirement to secure the endpoint and keep any customer detail confidential in Europe. The ability to have a method of access control going forward is key. Being able to define who can access what information is fundamental to operating in such a cloud environment. It should be your choice to choose who you would want to share your information with and not ‘free’ information for anyone to choose to view and use to their discretion. After all you would not send private information through the physical mail system on a postcard for all to see and handle, so why do this via email?
Why should we be securing our emails?
With the advances of networking and communications technologies, email has established itself as a formal communication medium. Email as a medium has gone past the mere communication tool and has garnered the status of official documents ranging from notices, invoices, confirmations and classified information.
These developments have raised the issue of Email security and Privacy. Email is highly susceptible to various forms of attack right from the source through to the final destination. The email is vulnerable at the source, on the corporate network, on the recipient’s server and at the destination point. A robust and effective solution is needed to address these vulnerabilities, a solution to secure email and allow the end user, the sender or receiver, ultimate control. A solution is needed whereby email can be secured and data can remain private so that email can be a secure form of communication.
Problems surrounding email communication
Email has numerous areas of vulnerability and can be tampered with in a number ways.
1. Email Sniffing and Eavesdropping: Email follows an ever-changing route over the internet before reaching the recipient. Anyone with access to the email path would easily gain access to the email content. This is a concern as many of us use a computer or a device on a public network or wirelessly where the connection is not encrypted.
2. Privacy Invasion: People could potentially gain access to you device or account and any email and its content could be compromised if not secured. Hackers and identity thieves frequently break into servers to steal large amounts of data in which they search for useful information.
3. Message Modification: System administrators of any SMTP server, have the ability to read as well as modify original messages in transit with the recipient unaware.
4. Archive Security: The SMTP servers are backed up periodically; because emails are not secured they are archived in readable format thus compromising the data.In some countries government surveillance initiatives have been set up to collect large amounts of data, including emails,from the internet for future analysis, without any prior authorization.
5. Repudiation: Insecure email communication is a serious concern for e-commerce and corporate communication. If the original email is not secured there is no way for the recipient to be sure that the email has not undergone any form of modification in transit and that the data has not been compromised. This becomes a serious liability for corporates.
6. Spamming, Virus and Malware threats are also a serious concern.
Email Hacking and Interception
Cases of email hacking or interception are more prevalent than we would like to admit, many people fall victim to such attacks from the ordinary person who believes that they ‘have nothing to hide’ to celebrities, politicians and corporates. Celebrities and people in the news have long been targets of privacy invasion but concerns have risen in the Internet age.
Email hacking is by no means a new occurrence it has been happening for many years we are just now more aware of it or should be more aware of its occurrences. As long as we have information that is beneficial to others, hackers are going to find a means of getting it.
The internet and the use of its easy and efficient email communication has made it easier for malicious people to get hold of our information, as we have chosen to communicate our most private details within a very public place- it is a ticking time bomb for many of us.
The Basic Solution
A number of solutions for securing email are available. The available solutions work to secure email at different levels of security however does not address all the vulnerabilities of email security effectively.
Current available solutions within the market are as follows:
1. Use of SSL: SSL ensure that email is secured between servers however mail is stored in the raw format at the final server. This is thus a partial solution.
2. Use of Symmetric Keys: Email is secure at all intervals however this solution has inherent flaws as both the sending and receiving party have to share the key. This solution is vulnerable to key compromise.
3. Message signing and digest: This solution ensures that the sender is known as well as ensuring that the mail is not tampered with during transit. This solution would need further security measures to render it a complete solution and make this feature beneficial.
4. Use of Asymmetric Keys: This solution is closest to being a complete solution. Setting up this solution and management of the Keys could be very complicated and in process may compromise the security. If the solution is not managed effectively it is vulnerable to attack.
The Galaxkey Solution
Galaxkey is a Global leader in cloud and Email security, which enables the sending, receiving and storage of secure email and documents through the Galaxkey security Platform.
The Galaxkey Email security solution compliments the Galaxkey platform with a client component enabling the sending and receiving of secure emails.
The security platform provides a user with an identity based security model, enabling users to use a singular unique identity for securing both emails and documents. The platform provides an excellent portal for user provisioning and deployment enabling easy identity management for corporate and consumers alike. The identities on the platform are completely secured with derivatives of user provided password; ensuring secure user access. The administrators of corporate users have full control of their corporate user’s identities and data, while users maintain complete knowledge of their identity usage through the platform.
The Galaxkey Add-in provides seamless integration of the Galaxkey solution into Microsoft Office 2007 and 2010 for both 32bit and 64bit versions. The identity details required by the Galaxkey Add-in, to secure email for the recipients, are automatically and securely transferred from the Galaxkey security platform to the Add-in. This transparent functionality allows the users to use the email security without the hassle of the identity management. The Add-in enables users to secure emails in transit, on the machine and also on the storage server (IMAP and Exchange).
Corporates can enforce Galaxkey secured emails to their business partners, which is automatically enabled by the Galaxkey Platform.
In the absence of the Galaxkey Add-in for email clients on other platforms, Galaxkey provides a Galaxkey secure Web Access module. The secure Web Access module provides the ability to read mail same way as the Add-in, with the exception that the security is delivered through a web client. Corporates can install the Galaxkey Web Access Module within their own secured and controlled environments, thereby enabling users to view secured email without compromising the security of the data.
The Galaxkey Web Access is a powerful solution to extend Galaxkey security to other platforms, including iOS, Blackberry and Android devices.
Galaxkey incorporates the necessary security solutions to achieve a robust email solution without compromising ease of use.
The Galaxkey Technology
Galaxkey incorporates the necessary security solutions to achieve a robust email solution without compromising ease of use.
The Galaxkey solution incorporates the following security features when managing user identities.
1. All communication between the client (outlook add-in) and the Galaxkey server is always over an encrypted SSL tunnel, ensuring that the transfer of information is always secure.
2. The User uses their registered email address and password; the derivatives of these credentials are used as the user’s identity. The identity is securely managed on the Galaxkey server and secured by the authorized user’s credentials. The identity downloaded onto the user’s device is always secured using derivatives of the user’s credentials ensuring complete security.
3. Email or file security is accomplished through the use of user’s identity. This high security mechanism is transparent to the user, thus enabling ease of use of the Galaxkey solution. The complexity of securing and transferring of identity is entirely managed by the Galaxkey server and Add-in. This functionality keeps the solution simple to use. The user writes and sends the email, in the knowledge that Galaxkey Security is working transparently in the background to secure the data.
Benefits of the Galaxkey Solution
Quick Deployment and Easy Operation
Galaxkey is a secured Identity based and cloud based model for quick and easy deployment both corporate and in consumer environments
Within minutes Galaxkey can be deployed within a corporate environment. Securing your email communication is as easy as installing a simple application on the client machine. Galaxkey is completely transparent, working in the background relieving the corporate and user of any identity management complexities.
Security Encryption
1. Galaxkey provides compliance to Government regulations and Industry mandates related to email encryption and security, audits and policy enforcements using FIPS140-2 encryption technologies.
2. FIPS 140 is a US Government standard that defines a minimum set of the security requirements for products that implement cryptography. This standard is designed for cryptographic modules that are used to secure sensitive information. The encryption modules can be safely run in FIPS only enabled environments. (Encryption strength and algorithms needs to be added here and clarified)
3. Secures the entire email content including the attachments 1.Galaxkey provides a complete end-to-end solution and not only security in transit. The email and attachments are immediately secured when sent and is only made readable at its destination through proper authentication and authorization. 2.Galaxkey protects and provides security for email content from point to point; in transit and on storage servers as well as both offline and online.
4. Galaxkey is able to secure emails in mail folders as well, allowing the user to secure previously received emails. 4.With the ability to secure emails on demand, even if your system is compromised your emails and content is secure as the user has complete control over these mails because they can only be opened/restored through user authentication and authorizations.
5. Since the mail is secured immediately at the source, the possibility of sniffing or eavesdropping is eliminated because the mail will not be in clear text.
6. Any attempted modification of the email will be noted by the recipient as the original message is ‘held within an envelope’, any modification will be applied to the envelope and the original message will remain secured.
7. Galaxkey, through GWA, Enables platform independent secure email access
8. Galaxkey allows a simple licensing model based on identities.
9. B2B and B2C Supported Galaxkey provides a secure architecture to support both Business-to-Business and Business-to-Customer. You can choose to ask your peers to receive secure emails, even if they are not registered Galaxkey users. Galaxkey manages the entire registration process to enable recipients to receive secure emails.
10. Security on mobile devices ◦Using Galaxkey Web Access, companies can easily enable users to read secured emails without compromising email security on the mobile devices.
How Does The Galaxkey Solution Work?
Galaxkey is a cloud based security platform that applies the best of modern available security features to achieve a robust transparent email and file security solution. Galaxkey Cloud servers are an identity management platform, advanced and streamlined security features have been adopted to achieve maximum usable security. The Galaxkey Email Security Solution combines an outlook add-in and file manager to make it simple to use without reducing security.
The Galaxkey server manages all identity details associated with an email address. Galaxkey is completely transparent to the user, securely working in the background, relieving the user or business of any associated identity management overheads.
Step one: Registering and installing the Add-in.
1. A user follows a quick and easy registration process and installs the Galaxkey Outlook Add-in. On registration, Galaxkey generates an identity associated with the users email address. The identity is stored in a secured format, secured by the registered users Galaxkey credentials, only known to the user.
2. In the background Galaxkey servers are crunching 2048 bits of random numbers that are being converted into a unique set of identity. The user access’s his/her identity through the use of his/her chosen credentials (Email address and password), thereby the user has complete control of the Galaxkey identity.
3. In the case of an enterprise or corporate account, a user requires the go ahead of the enterprise Administrator prior to being able to use Galaxkey Security. This is achieved by the Enterprise/Corporate Administrator activating the user account, the user’s identity is also secured using the administrators Galaxkey account password as the seed key
4. The Enterprise user will register and install the Add-in which enables the Enterprise user to send fully secured Enterprise email content. The user is also able to view his/her emails through the secure Galaxkey Web Access portal. Through registering as a Galaxkey user, the user has also acknowledged that he/she prefers to receive secure email. All the user needs to do is remember his/her credentials; Galaxkey takes care of everything else in the background, without overhead on the enterprise administrator.
Step Two: A Galaxkey user wants to send a Galaxkey secure email.
1. The user composes his/her email as they normally would. When the user chooses to send the email, User has option to send mail as a Galaxkey Secured mail by clicking “Secure and Send” button or send it as plain mail by clicking normal outlook “Send” button.
2. The Galaxkey Outlook Add-in checks the server to confirm whether the recipients of the email are registered Galaxkey users. This process is transparent to the user, and occurs at the time the user sends the email.
3. Galaxkey servers automatically manage the identities for all registered users. This all happens in the background without the user having to know all the technicalities of securing an email.
4. A secured email is sent to all the Galaxkey registered recipients using their unique identities. If a recipient is not a registered Galaxkey user they will still receive the email, however it will be sent in clear text/not secured until such time that they choose to register as a Galaxkey user.
5. Sender also has choice of inviting non-registered recipients to join Galaxkey Security while sending a secured mail. An invitation mail will be sent to recipient along with the secured mail. This allows sender to make sure that there is no unsecured copy of the e-mail.
6. The mail is also saved as a secured mail in the “Sent Items” folder.
Step Three: Receiving a Galaxkey secured email.
1. When the Galaxkey registered user receives a secured email from another Galaxkey registered user, the mail is received secured. The email remains in the secured format within the recipient’s inbox, until such time that the recipient decides to restore or show it, to view the original email and its content.
2. This process is transparent and occurs when the user opens the email or chooses to restore it. The Galaxkey Outlook Add-in uses registered user’s identity to restore the e-mail locally as well as in the mail store.
3. User can also view the original e-mail in web by clicking the link to view the email online through the Galaxkey Web Access (GWA), the secure online portal, or if the user has installed the Galaxkey Add-in into Outlook, the email can be restored using the user’s credentials.
Step Four: Securing previously received emails within your inbox.
1. A Galaxkey registered user with Outlook Add-in can choose to secure any existing emails already in his/her inbox or any other folder on demand and restore them at will to original unsecure form using their credentials. Thereby keeping his/her stored emails and content secure at all times.
Summary
Securing email at its source and maintaining its initial form while allowing the user complete control is the comprehensive email security solution that Galaxkey provides. The Galaxkey solution addresses all the potential security threats while in transit as well as while residing in the recipient’s inbox. Galaxkey is robust yet simple to implement and use, for both corporate and consumers alike.
The Galaxkey Email Security Solution is the first of many security services that will be made available via the Galaxkey security platform, enabling a unique hassle-free complete security solution the Galaxkey way.