Cybersecurity and Deterrence

Most Email Isn’t Secure. Here’s How to Fix It.

By Kurt Alaybeyoglu, Alan Wehler
Tuesday, March 23, 2021, 10:55 AM

Most of today’s digital messages are not secure. Only a small portion of email, the largest share of digital messages, is encrypted end-to-end—that is, configured so that only the user and the intended recipient can read the contents. Recent breaches, such as those perpetrated by Hafnium and the SolarWinds actors, show just how dangerous this can be. 

In the SolarWinds breaches, a sophisticated actor, believed to be linked to Russian intelligence, was able to access the update mechanism in a widely used network management platform called Orion. Using this access, the attackers were able to burrow into targeted networks, gaining access to administrator credentials that could, among other things, provide them access to an organization’s email servers. Weeks later, news broke that a flaw in Microsoft Exchange Server, a widely used corporate email platform, had allowed attackers from a group known to researchers as Hafnium—which is believed to have ties to China—to remotely execute code that could afford them full access to the contents of the server. The group leveraging this method of attack was then able to exfiltrate the emails of at least 30,000 organizations—potentially allowing them to access large amounts of sensitive data and undertake other attacks, such as ransoming a company’s data.

The impacts from such breaches can be devastating. Imagine how much sensitive information is in your personal or corporate email—or worse, a Department of Justice or Defense account. Email can contain personal health information, financial records, intellectual property and many other types of sensitive data. Even when emails are stored on an encrypted corporate server, they can still be accessed by someone possessing an administrator credential—exactly the sort of information attackers in the SolarWinds and Hafnium breaches were able to obtain.

But while Microsoft Exchange administrators—and, therefore, attackers—can read emails on an encrypted server, they cannot read an email that has been encrypted end-to-end between the sender and the recipient. So implementing end-to-end encryption would seem to solve this problem. The only challenge is that end-to-end encrypted email is generally cumbersome and unintuitive, both for users and for developers—and while alternatives exist, they haven’t been widely adopted and are only marginally easier to use. 

The Hafnium and SolarWinds breaches underline that these technologies deserve greater attention and investment. Device-based, distributed key, end-to-end encryption offers significant security benefits. While those benefits are no silver bullet, they offer substantive cybersecurity gains and make the attacker’s job more difficult and time consuming.

What exactly is this technology? It is device-based, meaning that access to messages requires physical access to your device, such as a phone or computer. It relies on a distributed key system, meaning that each user has an individual public-private pair of keys—in other words, your message to an intended recipient is locked with the recipient’s public key and can be read only by the intended recipient using their own device-based private key to unlock it. And it is end-to-end, meaning that the message is encrypted from when you hit send until the intended recipient reads it. Provider servers, such as Google’s Gmail service or a corporate Microsoft Exchange server, cannot read the message, which remains encrypted on your device and the server when you aren’t using it.

If this system were adopted widely, the security benefits could be dramatic. An attacker could no longer compromise a single administrator account and access an entire organization’s emails. Instead, this would require compromising the key-holding device—the phone or computer—of every intended target in the organization. This would safeguard vast amounts of sensitive messages and attachments and would dramatically increase the amount of work an attacker would need to undertake to compromise an organization’s email.

So why hasn’t this approach been implemented broadly? Even with today’s technology, it’s hard to do. 

The first problem is key sharing. How could normal users share their keys across their phones and computers in a way that is simple and secure? This is important because it allows users to access their email from any device. Without this ability users would, for example, be able to access their email on their desktop computers but not on their phones or laptops, making email both inconvenient and of limited utility.

Second, what happens if, say, users misplace their devices? How would users maintain access to their email or generate a new key after losing their phones? To put it another way, how can key backup and storage be made secure and simple? Individuals need to recover lost emails, regulations require banks to archive their emails, and government organizations still need to retain messages in order to respond to Freedom of Information Act requests. All of these require flexible backup solutions. 

Third, there is the question of how to securely distribute public keys at scale. In a public-private key system, the public key can be used by anyone to encrypt a message so that only the holder of the accompanying private key, the intended recipient, can read it. This is made possible through the use of one-way functions, which use large prime numbers to ensure that only the holder of the private key is able to decrypt a message encrypted using the accompanying private key. 

Devices must also know where to go to obtain the public key of an intended recipient, but there is no single, trusted “directory” for such keys at present. Different messaging services, such as iMessage or Signal, operate their own directories, but they are by definition limited to their platforms. Widespread use of encrypted email would require a similar ease of use, security, and trust but requires far greater coordination between major email service providers. Fortunately, initiatives such as DomainKeys Identified Mail (DKIM) offer an example for how new standards can be applied to existing email systems to make them more secure.

Finally, existing solutions have proved too difficult to use. S/MIME, today’s standard for encrypting email, is poorly suited to end users. User interfaces are awful, and current implementations require too much set up. Further, devices aren’t designed to easily support such encryption and there is a lack of standards that would allow broad implementation across varying device manufacturers. Some existing solutions are secure, but none has an ease of use that can help drive broad adoption.

These are nontrivial challenges—but they aren’t insurmountable, as other secure messaging services have demonstrated. For example, WhatsApp and Signal both offer key sharing between platforms through QR codes, allowing users to send and receive messages on multiple devices. Each app has its own unique solution for secure message backup.

Now is the time for action—ideally with the support of the U.S. government, which has much to gain by broadly adopting this technology. The security benefits would be immense. Attackers would find it significantly more difficult to obtain large amounts of sensitive data without a disproportionate amount of work. And even if attackers were to gain access to an administrator account, they would be unable to decrypt individual messages, making mass-collection efforts pointless. Obtaining organizational emails would instead require attackers to compromise the device or devices used by each individual to access their emails.

However, moving to such a model would require government leadership, investment, innovation and support. Existing market incentives have not, to this point, been enough. The National Institute of Standards and Technology would need to assist in the development of new standards that move beyond S/MIME and prioritize usability. Technology companies would need to build devices that support this model, including the sharing of keys between devices—and agencies like the Cybersecurity and Infrastructure Security Agency would have to help drive adoption of those devices, securing government data while creating demand for these solutions. Industry would need to continue to address recovery solutions, and the government would need to adopt them, demonstrating to industry that such solutions meet government regulatory requirements. 

Recent breaches make it clear that government, industry, and end users need to do more, prioritizing investments that have the greatest long-term impact. Message encryption, and in particular email encryption, offers some of the greatest potential impact. It is time for government to join with industry to lead on message encryption and help move beyond the message security of the past.