Email Encryption Techniques
Ciaran Rooney
20 years: technology, cybersecurity & operations
Now you understand the basics of cryptography, you can learn how it is applied to email encryption. Join Ciarán Rooney in this video as he explains why it is needed, the different stages at which a mail can be intercepted and the standards used for email encryption today.
Now you understand the basics of cryptography, you can learn how it is applied to email encryption. Join Ciarán Rooney in this video as he explains why it is needed, the different stages at which a mail can be intercepted and the standards used for email encryption today.
Subscribe to watch
Access this and all of the content on our platform by signing up for a 7-day free trial.
Email Encryption Techniques
10 mins 45 secs
Key learning objectives:
Understand the need for cryptography needed in modern email communications
Comprehend the significance of key length in encryption
Understand the 2 types of models used in modern email encryption
Understand the main encryption standards used irrespective of model type
Overview:
An email is vulnerable at several different points along its journey. All organisations, irrespective of industry and size, use emails to exchange data and documents that may include financial information, customer contracts, employee information, and other forms of sensitive data. Cryptographic techniques can be used to ensure the safe transmission of an email. The longer a key is, the better security it provides for encrypting data and documents in various verticals such as banking, financial services, and healthcare. The length of a key must align with the algorithm that will use it, and most algorithms support a range of different key sizes.
Subscribe to watch
Access this and all of the content on our platform by signing up for a 7-day free trial.
Why is cryptography needed in email?
Encrypted email communications are not only an essential requirement for the security of data, but also mandatory as part of regulatory compliance for many organisations in verticals such as banking, financial services, payments, and healthcare where customer data cannot be allowed to fall into wrong hands.
What are the different stages during which an email is vulnerable?
- On the sender’s client or device before or after it is sent
- In the connection between the sender’s device and their email provider
- On the servers of the sender's email provider
- In the connection between the sender’s and the receiver’s email provider
- On the servers of the receiver’s email provider
- Finally, on the client or device of the receiver
These points can be grouped into 2 sections: When the email is on a server or client device (data at rest) ; sent between clients and servers (data in flight)
What is the importance of encryption key size in security?
An encryption key is one most fundamental part of the encryption process. The longer a key is, the better security it provides. Encryption key length is specified as a logarithm in the form of bits. Symmetric key systems typically use a key length of between 128 bits and 256 bits. Asymmetric key systems use much larger key bit sizes (1,024, 2048 or 4096 bits) so not only do they reduce risk of sharing keys but also offer improved encryption security.
Why is symmetric key still used despite better security in asymmetric key cryptography?
Main issues regarding the asymmetric method is encryption feasibility which depends on the key length and the computing power needed to encrypt and decrypt the information. There needs to be a trade off between computation power and key length. Symmetric is normally used for internal communications and asymmetric encryption for external.
What is the modern email encryption process?
Emails require end to end email encryption (covering both data at rest and data in flight). 2 types of models are commonly used:
- Gateway based model - A specific software operates on the company's network and is directly responsible for encrypting all emails. All mails undergo same screening process regardless of the type, content or length. This method encrypts the data at rest on the company’s servers and the data in flight between the servers and clients. However, this does not cover the data at rest on the sender’s or receiver’s devices.
- Client-based model - The encryption software runs directly in the email client on the sender’s and receiver's devices. Sender is responsible for encrypting emails and provides flexibility of being able selectively encrypt important mails. While providing true end - end encryption, it involves a human element, creating the potential for error.
What are the three main encryption standards irrespective of type of model?
- SSL and SMTP over TLS or STARTTLS - Server-to-server method of encryption that rely on SSL certificates. This is the standard method for email providers to secure messages passing between servers or data in flight so this method on its own does not offer end-end encryption.
- S/MIME or Secure/Multipurpose Internet Mail Extensions - Uses email certificates on the sender’s and receiver’s email clients. A security certificate from a Certificate Authority (CA) or a public CA is needed to use this method. It combines a digital signature with encryption to secure an organisation’s email traffic. This llows for true end to end email encryption.
- PGP or Pretty Good Privacy - This uses public keys like public-key encryption rather than certificates. It authenticates the sender of an email and encrypts the text inside the message body, allowing for end-to-end email encryption. However, both the sender and receiver require a software client or a plug-in to process PGP keys.
Subscribe to watch
Access this and all of the content on our platform by signing up for a 7-day free trial.
Ciaran Rooney
There are no available Videos from "Ciaran Rooney"