Button Up

News

22.04.2013

Introduction

Everyone who uses e-mail sometimes thinks about how well the transmitted information is protected from prying eyes. Indeed, a message to be transferred travels a long way between different computers and mobile devices before it reaches a recipient; the intentions of the owners of these devices are unknown. Besides, each device in the chain can run malware that stores transmitted messages. Another problem is the fact that you can not always rely on a mail recipient who may not use the information received in the way it is meant to be used.

Directors of information services recently faced an urgent problem: the staff of companies uses their own or corporate mobile devices for the working purposes. This phenomenon is called BYOD (bring your own device). If such device is lost or stolen, it can seriously injure the reputation of the company and its partners.

E-mail security systems that may be used on ordinary computers and mobile devices are designed to solve the problems described above.

 

E-mail Protection Methods

E-mail protection is mainly aimed at:

  • Protecting e-mails from interception, reading, and counterfeiting on their way to a mail recipient.
  • Protecting e-mails from further distribution by a malicious mail recipient.

 

Protecting E-mails from Interception

Classical cryptographic techniques are used to achieve this goal. Encryption technologies are applied to secure messages from interception, and digital signature technologies provide protection against counterfeiting.

A mail client plug-in that provides automatic encrypting and digital signing is usually used to implement the protection. If a web-interface is used to access a mailbox, encryption and digital signing is provided by a mail server or a script on the user side which is more reliable. A dedicated web-site may be used to provide an initial key exchange.

Since cryptographic technologies are well developed, the level of protection against interception or counterfeiting can potentially be very high and sufficient to solve almost any problem. However, there may be the following vulnerabilities:

  • Using knowingly weak cryptographic algorithms. This limitation may be imposed by law to make it possible for secret services to crack a cryptographic algorithm when necessary.
  • Mistakes in implementation of cryptographic algorithms and protocols.
  • Embeddings in cryptographic algorithms implemented by a malicious developer of an e-mail security system that enable overcoming a protection.
  • Malware enabling intercepting a decrypted message or keys installed directly on a sender's or receiver's computer.

It is obvious that the vulnerabilities are of external nature or determined by an implementation and may be potentially debugged.

 

Protecting E-mails from Distribution by a Malicious Mail Recipient

The following condition should be fulfilled in order to achieve this goal: "A mail recipient can read a message but can do nothing else with it". A proprietary message viewer (special viewer, special browser, etc.) is used for it.

This approach makes it impossible to use external standard features to display content of e-mail messages and, as a result, causes problems with the support of a large number of hardware and software platforms and a large number of document formats sent by e-mail.

The ideal level of protection can not be achieved unlike the previous case; a recipient can always at least make a screenshot of information shown on a computer monitor and generate a document of the photos. However, while complete security of information is not provided, systems for the e-mail protection from undesired distribution cope with the task of limiting the information leakage well enough. Effectiveness of information leakage control depends on the resistance of a protection system to automatic methods of reading information from a message such as:

  • Cracking a secure message viewer to take an unprotected document from it automatically.
  • Making screenshots of a document and automatically regenerating the document on their basis.

 

Comparison Table of Security Systems

The following table includes some of the existing e-mail security systems and their main features. All systems protect messages from interception by means of encryption, and a part of systems provides protection from an unauthorized distribution. As a rule, the protection of messages from unauthorized distribution is inversely related to the support of mobile devices. The reason is that client applications are to be developed for the protection from the unauthorized distribution, and it is difficult to create them for a great number of different mobile platforms.


#

Name (in alphabetic order) and developer's web-site

Is it suitable for mobile devices

Protection from distribution

Description

1

CopySafeMail
www.copysafe.net

No

Available

A user works with e-mail via a web-interface. A special web-browser with additional security features (screenshot saving warfare, optional disabling of copy & paste feature, printing, etc.). At present only a browser for Windows is available. One may send messages or check for new ones using a common browser. The system also enables users to notify that a message has been read, delete a message after first reading, link a secure browser to a certain computer, set an expiration date for a message.

2

EgressSwitch
www.egress.com

Suitable for сiOS,
Blackberry,
Android is planned

Partial

Encrypted email service. It enables automatic setting of limitations depending on the content of the message.

3

Email Encryption
www.appriver.com

Yes (operates via Web)

No

Its features are almost the same as those of SecuredE-mail.

4

Evizone
www.evizone.com

No

Available

The system is similar to CopySafeMail. Messages are sent and read via a special client application. Windows and MacOS are supported.

5

JumbleMe
jumbleme.com

Yes (operates via Web)

Partial

The service that enables encrypting a part of a message by embedding special tags in a message body. Encryption is done automatically on the server. The web-site of the system or an Outlook plug-in is used to decrypt an encrypted fragment. A limited number of previews, lifetime, disabled printing, and disabled forwarding may be set for a message.

6

PDFPostman
www.encryptomatic.com

Yes (operates via programs for PDF and ZIP)

None

A set of plug-ins for Outlook which enable converting a message to a PDF file or ZIP archive with a password before sending. Then a file is sent as an attachment, and may be unpacked using any PDF viewer or ZIP archive program. Embedded features of PDF and ZIP are applied for encryption.

7

SecuredE-mail
www.cryptzone.com

Yes (operates via Web)

None

The system for exchanging with secured messages. It consists of a plug-in for an e-mail client or a specialized viewer. When a message is sent, it is encrypted and transmitted as an attachment for an ordinary message with instructions on how to read it. If a receiver has the plug-in, a secured message is transparently decrypted.

8

S-Mail
s-mail.com

Partially (it needs java support)

None

The system that enables exchanging with encrypted e-mail messages. Messages are encrypted and decrypted directly in a browser by means of the Java applet. Standard e-mail clients may also be used (at that encryption is done by a local proxy server).

9

StarForce E-mail
www.star-force.com

No (At present the development for Android is carried out)

Available

The system for an e-mail protection from unauthorized distribution that uses a special viewer for secure messages. After opening, a message is linked to a computer on which it was opened and can not be read on some other computer. There are features to collect and analyse information on secure message usage (first opening).

 

Conclusions

A key point for effective application of a e-mail protection system is clear understanding of what, from what threats, for which reasons, and how reliably should e-mails be protected. If one has such understanding, selecting a system becomes a usual task of selecting from a set of product offered and is easily done.

About StarForce Technologies

StarForce Technologies (www.star-force.com) is a leading vendor of information protection, copy protection and code obfuscation solutions for software, electronic content and audio/video files. Since 2000, StarForce has been successfully developing and implementing its state-of-the-art security solutions, providing copyright and intellectual property protection worldwide. Two of these solutions were transformed into StarForce cloud services: sfcontent.com protects e-Documents against illegal copying and distribution and sfletter.com secures emails.

StarForce is a reliable and responsible Technological Partner for enterprises potentially incurring losses due to cyber-gangs, hackers, software piracy, unauthorized data access and information leaks. StarForce’s customers are Russian Railways, Corel, 1C, Mail.ru, Aeroflot, SUN InBev Russia, AMD Labs, ATC International, MediaHouse, Russobit M, New Disc, Buka, Snowball, 2Play, GFI, CENEGA, Akella, etc.

Press contacts:
pr@star-force.com

Back to the list

News

16.02.2023
We have released a new version of StarForce Reader for Android
19.01.2023
We have released a new version of StarForce Reader for iOS
13.01.2023
We have released a new version of StarForce Reader for macOS
26.12.2022
We have released a new version of StarForce Reader for Windows
Copy protection of audios and videos for Apple macOS
Data protection on USB