Version 13
29th December 2020
We may be at risk from snoopers spying on our electronic data or communications, or fraudsters sending us fake messages under forged names.
Cryptography is a technology that provides two capabilities, encryption and digital signatures, which could help us to counter these threats. It may be worth adopting if we feel they pose a significant risk to us.
This paper summarises the main benefits, drawbacks and costs of cryptography. The companion paper Background to Modern Cryptography sets out the basic principles of Public Key Cryptography, with a brief account of how we got here and where we may be going; Implementing Cryptography deals with the practical details of choice of software and creation and management of cryptographic keys; and there is also a Glossary of Cryptographic Terms.
The main questions we need to answer are:
These questions are considered further in the Conclusions section of this document.
Computers are at risk from espionage. A snooper may intercept your electronic communications in transit, or gain access to your computer and read or falsify the data you have stored there; a common saying is, you should never put anything in an unencrypted message that you would not write on a postcard.
Encryption can protect stored data and outgoing messages against espionage, but do we need it? So far as I know, espionage has not been a problem for charities. Is there perhaps less call for secrecy in charities’ affairs than in those of a commercial operation? Is the information we send or receive really confidential or of interest to an attacker; for example:
Confidence tricksters may pose as contacts we trust, by sending us messages under false names, to obtain confidential information (known as phishing) or mislead us into ill-advised commitments. But, while some such messages may be plausible, most are given away by mistakes in grammar, spelling, facts, context or cultural references.
Digital signatures can prove who wrote incoming messages and guarantee that their contents have not been tampered with, but only if you check the signature verification reports; these are often overlooked in the flood of unsigned messages. Should we use signatures ourselves on communications that deal with subjects of critical importance or contain requests for money, and encourage our key contacts to do so too, for example:
Cryptography has some downsides. None are absolute stoppers: depending on what we want to do, they may not concern us; or we can take action to avoid them – though there may be a cost in doing so.
You cannot communicate with someone by using cryptography unless they have the capability too. It is no use encrypting a message to them unless they are able to decrypt it. You cannot check the authorship of a message unless it is signed.
Likelihood: high. The majority of IT users including – so far as we know – our present correspondents do not use cryptography or plan to do so.
Impact: medium. If our external contacts do not have cryptography, we can make only limited use of it, within our own group.
Avoidance: difficult. We would need to persuade our correspondents to adopt cryptography. They might want us to use the S/MIME standard, which is popular in the corporate world but would incur additional costs for us.
The 1990s implementations of public key cryptography are now becoming dated. They do not provide the ease of use that present-day users have come to expect, fit comfortably into modern styles of operation or take advantage of recent technical developments. Modern social media-based implementations solve some of these problems, but fragment the internet into separate ‘walled gardens’, so may add to the problem of communicating with external contacts.
Likelihood: inevitable, at least in the medium to longer term.
Impact: probably huge.
Avoidance: evaluate the new software; decide whether we want to adopt it or stick to the old for the time being.
A thief who steals your cryptographic identity can:
(1) send messages to your contacts, with fake digital signatures so as to look as if the messages came from you;
(2) decrypt your incoming mail (if they can intercept it); and
(3) decrypt your confidential stored documents (if they can access them).
To do this, they must gain access to your system by producing credentials:
A forger who passes off a counterfeit Public Key as yours can send fake messages in your name as in (1) above, but would find it hard to intercept your incoming mail as in (2) above without your noticing and cannot read your stored documents as in (3) above.
Likelihood: low.
Impact: severe.
Recovery: reset your cryptography account, generate a new key pair for yourself and distribute your new Public Key to all your contacts. Find out whether any confidential information may have been stolen, or fraudulent communications accepted and acted on.
Avoidance: use a strong passphrase to protect the Private Key in storage and, especially, in transmission. Do not store Private Key and passphrase together, whether on paper, a computer, a mobile device or portable media. Preferably, do not transmit them via an insecure method such as WiFi or unencrypted e‑mail. Check the authenticity of any new or replacement keys that you receive. Forward secrecy can limit the damage in the case of your Private Key being stolen.
If you lose your Private Key or passphrase, the contents of stored documents (including encrypted correspondence) protected using that key/passphrase combination will be lost for ever. Also, you will be unable to read encrypted messages sent to you, or to send messages signed in your own name.
Likelihood: medium to high.
Impact: severe if stored documents affected, minor to moderate if not.
Recovery: reset your cryptography account, generate a new key pair for yourself and distribute your new Public Key to all your contacts. But there is no way of retrieving your stored documents.
Avoidance: secure back-up of keys and passphrases. We could use an external Key Escrow service, or each of us could give a copy of their Private Key to one other Trustee and their passphrase to another.
An unattended computer or mobile device may be vulnerable to accidental leakage of information or deliberate espionage. Perhaps the owner went for a cup of coffee; perhaps it was left in a pub or on a train, or dropped in the street, or stolen. If a cryptographic application is still in an active session on the device, any casual passer-by or finder may be able to enjoy all the privileges of the rightful owner; even if the device was powered off, switching it on may take it straight back into the previous session, possibly displaying confidential exchanges from that conversation on the screen.
Likelihood: moderate for desktop machine, high for mobile device.
Impact: potentially severe.
Avoidance: One way to protect the device is by locking its screen. Either the device’s operating system or the application may be able to do this; the device cannot then be operated without first providing some form of authentication such as a password. Another way is to log out of the cryptographic application.
Ideally, the system or application should be set to apply one of these protections automatically after either a preset period of inactivity or device power-off, rather than relying on the user to remember to do this.
Some trusts have got into trouble through misgovernance by an over-powerful Trustee who has kept their fellow-Trustees in the dark. The Mirror Group Pension Fund under the late Robert Maxwell is an example and Charity Commission investigations reveal others from time to time. Such fraudsters could use cryptography to hide the traces of their activities.
Likelihood: low.
Impact: potentially severe.
Avoidance: good operational and auditing procedures.
Encrypting a message prevents any server that it passes through en route from sender to recipient, including the site’s own mail server, from virus-checking it.
Adding disclaimers or copyright statements within digitally signed message content invalidates the signature and will be reported as suspected tampering.
Likelihood: high for virus checking, low for notices.
Impact: moderate.
Avoidance: recipients should virus-check messages after receipt, even if they are supposed to have been virus-checked by their site’s mail server. If either sender or recipient’s site management feel it necessary to add notices to messages, this can be done on the server provided the notice is not placed within the signed content of a message.
The following are approximate measurements of time taken to set up cryptography using Gpg4win on a desktop computer running Microsoft Windows:
Operation | Time (mins) | |
---|---|---|
1. | Download cryptography software and check integrity of downloaded file | 3 |
2. | Install cryptography software | 11/4 |
3. | Reboot after installing | 23/4 |
4. | Generate key pair | 2 |
5. | Back-up key pair | 1/2 |
6. | Export public key | 1/2 |
TOTAL | 10 |
To these basic timings you should add time for:
Set-up time for each computer or mobile device will also vary depending on the type of system being set up, the hardware on which it is being installed and the operating system under which it is running.
In day-to-day operation, the main differences between plain text and encrypted communication are that:
Old computers may need to be upgraded or replaced in order to run cryptography. This is only likely to apply to Windows XP or earlier machines. Upgrading can take hours of work for little benefit, so replacement is recommended.
Updates to cryptography software tend to come out quite often but costs are not high, for example:
If we had to adopt the certificate-based S/MIME standard, we would incur extra financial and administrative costs plus certification fees. S/MIME would only be required if we had a correspondent who insisted on using it for communicating with us, but it is widely used in the corporate world. We might also have to incorporate so as to obtain a corporate identity for our certificate.
With reference to the three Critical Issues stated at the beginning of this paper:
If we think cryptography is worth pursuing, we will need to decide on the style of cryptography we wish to adopt. The companion document Implementing Cryptography provides guidance on standards, protocols and applications.
Richard Stonehouse