Email PGP Encryption and Security

This text explains the mission at CypherMessage WebMail, describes and highlites important differences to other comparable services.

Mission

Provide the best attainable security level

The primary mission of CypherMessage WebMail is to protect communication content. You are not required to provide any personal or identity information if you want to use this service, but CypherMessage WebMail does not aim to actively protect your identity nor is it trying to hide it. In real life, you will often not be disturbed when other people see that you speak to someone. But you will probably not like it if they come too close to you and listen to everything you say. CypherMessage WebMail offers you digitally applied and secured real life communication.

Threat model and practically attainable security level

The ideal encryption machine

The ideal encryption machine would allow arbitary computations on encrypted input and generate only encrypted output. In systems built on ideal encryption machines, only the end user would posses plain text information. The ideal encryption machine would immediately encrypt the user input at the hardware level and generate plain text output only upon end user request. Any program running on such a machine would operate only on encrypted input and generate only encrypted output. Currently such a machine is, at least commercially, not available. This means that all currently existing computing machines, systems and programs have their weak points and are vulnerable. But some systems are much less vulnerable than others and how vulnerable a system is, depends on how good its implemented security model is.

Threat exposure of current systems

At the time of this writing, almost all computing machines are interconnected. Data is transmitted across many machines. Without encryption, each machine can potentially misuse sensitive data. If some plain text data is sent from some computer, then it can be assumed that it will instantly become public information. Machines and systems which do not employ encryption at all, are from a security viewpoint, the worst ones. When data is properly encrypted, it still passes through many machines, but the intermediary machines are not able to decrypt the data. In end-to-end encryption systems data is encrypted on the source machine and can be decrypted only on the destination machine. End-to-end encryption systems are the safest ones. But even end-to-end encryption systems are vulnerable: at the end points. This means that attacks against end-to-end encryption systems will likely be carried out at the end points. The end point is the users machine, his personal computer, smartphone, TV-set, car or washing machine.

In end-to-end encryption, data encryption depends on a secret known to the user only, such as a password. Once the data is encrypted, it is computationaly very expensive or impossible to decrypt the data without knowing the secret. Attackers will concentrate on the processing stages preceding the encryption, such as password input. An attacker will try to infect an existing system, by injecting some program which intercepts the user input. One such example is a keylogger, a mechanism which intercepts and logs every keystroke a user makes on his keyboard. This means, that end-to-end encryption is effective only on clean and uninfected systems. End-to-end encryption can help you only if you ensure that your computer is clean. If an attacker gains access to and infects the users machine than nothing is safe any more. On infected systems everything is potentially compromised, the operating system and all installed programs, including the web browser and the apps on a smartphone.

CypherMessage WebMail Encryption and Security Model

PGP and the Web of Trust

The web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Users assume that their communication is authentic, secure and confidential just because it is PGP encrypted. The PGP encryption algorithms are indeed safe, when properly used. But what happens when you are the only one who keeps the private PGP key secret and everyone else does not? Blind trust can be very compromising.

CypherMessage PGP - Dual secret holders

When a user registers for an email account, a pair of private and public PGP keys are generated in his browser. The private PGP key is encrypted with a passphrase derived from the users login password. The private PGP key passphrase is generated by a one way hash function which ensures that even the weakest login password is mapped to a uniformly strong PGP key passphrase. Thus, the user is the only one who can decrypt the private PGP key, but is not able to compromise it since he does not know the internally generated passphrase. After registration, the PGP keys are stored centrally at a CypherMessage WebMail server. Upon succesfull user login, the stored PGP keys are retrieved on demand. Because all CypherMessage PGP keys are stored centrally, the user does not need to import public PGP keys of other CypherMessage users. When sending an email to another CypherMessage user, the system uses the recipients email address for searching and retrieving the recipients public PGP key. CypherMessage PGP is still PGP, but with dual secret holders. The user has the login password and without the login password the private PGP key can not be decrypted. CypherMessage provides the private PGP key passphrase mapping algorithm, which is unknown to the user. Decryption of the private PGP key is possible only when both the login password and the key passphrase mapping algorithm are known.

PGP Key Requirements on External Email Accounts

Only external PGP public keys with a user id matching the external email account address are accepted. While it is technically possible to encrypt emails with arbitrary PGP public keys, CypherMessage WebMail will not allow the import of such keys. Furthermore, CypherMessage WebMail will not allow the import of external private PGP keys, because they are not needed and besides that they could be compromised.

User Login and Authentication

The users email account login password is one of the most important security elements. The users email account login password must never, under no circumstances, be transmitted to the server. At CypherMessage WebMail, this requirement is achieved by employing SRP - the Secure Remote Password protocol. The Secure Remote Password protocol (SRP) is an augmented password-authenticated key agreement (PAKE) protocol. A man in the middle attacker cannot obtain enough information to be able to brute force guess the password. This means that strong security can be obtained using weak passwords and that the server does not need to store the password or password derived data. In other words, SRP is a way for one party (the "user") to demonstrate to another party (the "server") that they know the password, without sending the password itself.

Multi Layer Encryption and Server Security

All CypherMessage WebMail servers are housed in high security data centers, wholly owned and operated by the company only. All servers are fully encrypted at the disk level, including the operating system and all data. CypherMessage WebMail mail server employs a proprietary, non commercial and closed source mailbox encryption mechanism. This encryption mechanism fully encrypts all emails, plain text and pgp end-to-end encrypted.

Total email encryption layers

Plain text email is encrypted by two layers: disk and mail server layer. PGP end-to-end email is encrypted by three layers: disk, mail server and PGP.