Crucially, one part of everyday life that is not routinely protected by cryptography is the internet itself. The majority of emails and web pages are sent in plain view and can be intercepted and read by a malicious third party.
In theory, the whole of the internet could be protected using cryptography, but this is unlikely to happen because it takes a certain amount of computer power to encrypt and decrypt information so there would be significant costs if it were to be used throughout. Also there are a range of web applications, such as reading news sites or browsing online shops, that do not involve any sensitive information and therefore do not need to use encryption.
Applications running over the internet selectively use cryptography for key tasks (such as processing payments for online shopping) and users may choose to use cryptography for additional purposes (such as securing email).
Some websites you visit are encrypted. This is sometimes shown by a padlock symbol in the address bar of the web browser.
Putting cryptography to use
The basic cryptographic techniques can be used to protect the confidentiality and integrity of your information. Now let’s examine how these techniques can be used in practice.
Many websites, such as those for internet banking and online shopping, routinely use encryption to ensure that the data sent to and from your computer is safe from eavesdroppers. However, configuring the same technologies to protect activities such as email communication can be quite difficult because the tools involved are complicated to install and configure.
Most tools depend on a collection of cryptographic techniques, commonly called ‘Pretty Good Privacy’, PGP for short. PGP includes algorithms for symmetric and asymmetric cryptography. In order to help software vendors develop systems that can easily exchange encrypted information, a standard called OpenPGP was developed and agreed on by the Internet Engineering Task Force (IETF).
Some examples of tools available for encrypting emails include:
- GPG4Win – provides a set of standalone tools that can be used to encrypt and digitally sign emails, documents and other files. It provides some plug-ins to integrate these features into standard email software, such as Microsoft Outlook and Mozilla Thunderbird.
- GPGMail – this tool is designed to integrate with the Mail software provided by Apple. It can be used to both encrypt and digitally sign your email. It is easier to configure and use than the Windows tools, but is only useful if you use a computer running OSX.
- Enigmail for Thunderbird – this is a plug-in for the Thunderbird email client software that works across all operating systems. However, it requires manual installation of the GNUPG software, an open source implementation of the OpenPGP standard.
- Mailvelope – this is a plug-in for Google’s Chrome browser that uses an implementation of the Open PGP standard. It works with a variety of web-based email systems, such as Gmail or Yahoo Mail.
The effort of installing and configuring these tools puts many people off the idea of encrypting and digitally signing their email. Recognising this, there are on-going efforts by companies to make encryption easier. For example, in 2014 Google announced that it would be adding PGP capabilities to its free email service, Gmail. The company have now released the software for its Chrome end-to-end encryption plugin for review by developers.
No comments:
Post a Comment