Internationally Available Strong Crypto Products

Part II: Secure Email and VPNs

Go to Part I: Introduction, Secure Telnet and File Encryption

September 13, 1999. This is the second part in a series of three articles devoted to Persons needing strong crypto Internationally. Part two focuses on Secure Email and Virtual Private Networks.

If we missed out on one of your favourite international products below, or you like to submit corrections/feedback contact us.

Secure Email

PGP

PGP (Pretty Good Privacy) is an encryption system developed by Philip Zimmerman for ensuring data confidentiality and (partially) proof of origin. It is primarily used together with Internet email products for signing and/or encryption of information. Local files may also be signed/encrypted. It has been around for a long time.
PGP was originally developed in the U.S., but was exported internationally by distributing the source code in book (paper) form. This has caused friction with certain U.S. Government agencies.  PGP  works on almost every platform from mainframes to PCs.
PGP is being standardised by the IETF under the OpenPGP banner. See www.ietf.org/html.charters/openpgp-charter.html

There are two principal international versions:

1. The old "standard" version was stopped at 2.6.3 (released Feb.96). IDEA was the symmetric algorithm, RSA the public key algorithm supported.
2. Version 5 was released in late 1997. This improved version provides an easy-to-use GUI for PCs and Macintosh and directory services publishing/lookup out of the box.

It supports IDEA, CAST and 3DES algorithms for symmetric encryption.
Version 6 was released in early 1999. Seems to be backward compatible with V5, but offers quite a few new interesting features. Very professional looking. V6 is not available for UNIX (only MAC & Win32).
PGP can work as an Email plugin for Eudora, Exchange / Outlook, Outlook Express or as an external program (for other Email clients).

Products:

 
• PGP is freely available for non-commercial use., with two principal versions: one for the USA using the RSAREF encryption library and an international version using a non-USA equivalent of RSAREF.   www.pgp.net www.pgpi.com
• A commercial version is available from PGP International (Network Associates) in the Netherlands,  for International users www.pgpinternational.com.
• GNU Privacy Guard: is the GNU implementation of the OpenPGP standard, primarily developed on Linux and Hurd. V0.9.10 currently, V1.0 is planned for September'99.  www.gnupg.org .
• There are many Windows GUI's for the older PGP2, e.g. www.aegisrc.com

S/MIME

Secure MIME (Multi Purpose Mail Extensions)  is a proposed Internet standard for secure message exchange, developed by RSA, adopted by several vendors and now undergoing the IETF standards process.  S/MIME is based on existing standards - MIME bodies and PKCS objects. There are two versions, V2 was finalised in March 1998, V3 is not yet finalised.
S/MIME is based on RFC 2311 and RFC 2313, which specify how PKCS#7 is used for message encryption/signing, PKCS#1 for RSA encryption, X509 for certificate formats (v1 &v3) and PKCS#10 for certificate requests.

Algorithms: Symmetric key DES, 3DES and RC2 40-128bit, public key 512-2048 bit RSA and SHA-1 / MD5 hashing algorithms are used in S/MIME 2.

Products:

 
• MailSecure from Baltimore Technologies, is an Win32 S/MIME plugin for Eudora, Microsoft Exchange (V4/V5), Messaging, Outlook (97/98) and Lotus Notes 4.6. A standalone tool for mail encryption is also available. Private keys can be stored on smartcard or file. Public keys can be retrieved via email, file (PKCS#7) LDAP or X.500. Separate encryption and authentication keys may be used.

Baltimore have been active in crypto for 20 years and provide references which inspire confidence in their ability to securely implement encryption algorithms.
• TrustedMIME is a strong S/MIME solution from SSE (Secure Solutions Experts - a Siemens subsidiary). It is a Win32 plugin for Microsoft Exchange (V4/V5), Messaging, Outlook (97/98) and Lotus Notes 4.6. Private keys can be stored on smartcard or file. Public keys can be retrieved via email, file (PKCS#7) LDAP or X.500.

First on the market with a Notes solution. Offers a flexible certificate search path, allows clear signing in Outlook98 and integrates well with Exchange address book.
• The Email client supplied with Netscape Communicator 4 and later supports S/MIME. It is normally U.S. exported restricted, but with the fortify utility www.fortify.net/, full encryption strength can be switched back on in International versions. Runs on UNIX as well as windows. GUI could be better.
• Mozilla  (the version of Netscape Communicator 5 with free source code) is available with strong crypto, called cryptozilla that uses SSLeay. It hasn't yet reached release status. Is it still being actively developed?

SSL

Secure Sockets Layer (SSL - see below) can be used to protect Email during transport, but does not offer user authentication, nor digital signatures/non-repudiation. The use of SSL for protecting POP, IMAP, SMTP is discussed in the Secured Web Services section.

Non standard products

Ascom offer a secure email product for Exchange which is based on their patented IDEA algorithm. See http://www.ascom.ch/systec/mail/exchange/technica.htm .

Sapher Server Ltd., from England produce Secrets for Exchange for encrypting emails.

Ironware (Czech republic) produce the Ironware Mail tool . IDEA or Blowfish algorithms are used to encrypt "marked" folders on shutdown and decrypt them on startup (like F-Secure Desktop above). Several users with different passwords can use the same PC.

ABI-Software Development of Toronto, Canada offer free email encryption software.

VPN

The term "client" (or VPN client) refers to the initiating part presumably on an insecure
network and the "server"  is on the other side, waiting for
connections. A "gateway" is a special server that connects clients to "clear text" servers, providing secured traffic to the client, but clear text traffic to the destination server. Examples of VPN usage:

• Client to gateway: Teleworking or  mobile Internet VPN clients connecting to a gateway in the corporate firewall allowing controlled access to internal servers is a classical example.
• Client to server: Secure access to administration of servers via RAS (Dialup) and Internet.
• Gateway to gateway:

It may be desirable to be able to connect distant offices via public networks, to avoid the cost of leased or direct dial lines.
Certain vendors may require access to services on certain machines for service or collaboration purposes. Encrypting communications to vendors is desired to make the vendor connections more resistant to outside eavesdropping/attack.

Protocols

IPsec IPv6 is the up-and-coming replacement for the current V4 Internet Protocol. V6 is needed especially for it's much greater address range, but it also provides security features
for improved integrity, authentication and confidentiality not found in the current version.
IPsec is the V6 security protocols (covered in RPCs 1825 to 1829), but which can be
used with IPv4. Hopefully IPsec is the standard that will bring us VPNs that interoperate. See also www.ietf.org/html.charters/ipsec-charter.html ,
Architecture: http://search.ietf.org/internet-drafts/draft-ietf-ipsec-arch-sec-06.txt
ISAKMP: http://search.ietf.org/internet-drafts/draft-ietf-ipsec-isakmp-09.txt

IPsec is located on the network layer and can encrypt all data above this layer (including for example the transport headers). The are two basic encryption modes:

• Authentication Header (AH): The only the data to be transmitted (payload) is encrypted. The headers are not encrypted. Authentication of entity and data origin, integrity and replay protection is offered.
• Encapsulated Security Payload (ESP): The whole IP packet is encrypted and a new unencrypted header is attached to the packet. This is known as "tunnel mode" and provides both integrity, confidentiality, authentication and replay protection. It is cipher independent, but DES is proposed as the default cipher. Tunnel mode can allow unencrypted communications on the LAN and automatic encryption for WAN connections.

In their initial connection, each pair of entities negotiates the security policy that is to be used in their subsequent communications. This key exchange protocol is known as IKE (formerly ISAKMP/Oakley) and is based on DH.
Algorithms supported: MD5 and SHA-1 hashing, DSS and RSA signatures, DES / 3DES / Blowfish symmetric encryption, RSA PK encryption along with support for X509 v3 certificates.

PKI certs provide reliable authentication and secure key negotiation by allowing each party to protect their key by either signing it and verifying with digital signatures, or encrypting and decrypting it with their public-private key pairs. Lookup of revoked certificates is provided by directories, which are used to publish revoked certificates within the PKI.

ICSA run an IPsec certification process to ensure interoperability between products. See
www.icsa.net  and www.anxo.com/whatis.htm#csp

SKIP  www.skip.org  offers link level encryption, the encryption taking place below the transport layer. It also includes a scheme for authentication, key management and certification authority. Many different encryption algorithms may be used (3DES, DES, RC4, the public key exchange is based on Diffie-Hellman). SKIP could be used for encrypted VPNs (end-to-end, firewall-firewall or end-to-firewall) or encrypted client to server communication. SKIP was developed by Sun Microsystems, who put the source code into the public domain.
SKIP was proposed as an Internet Standard at the December 1995 IETF meeting by Sun. The IETF allowed SKIP to proceed as a proposed and elective/optional standard. Version 0.5 was released in November 1995. The current version is V2.
SKIP was not adopted by IPsec, probably because of political reasons, technically it was years ahead of IPsec, which came on stream in 1999.

L2TP(layer 2 tunnelling protocol) is based on PPTP and Cisco's L2F and addresses many of the problems found in both. It will use IPsec for authentication & encryption, with a fallback to CHAP/PAP. It is quicker that PPTP, using UDP rather than TCP.
The IETF is considering L2TP, see http://search.ietf.org/internet-drafts/draft-ietf-pppext-12tp-11.txt and  http://search.ietf.org/internet-drafts/draft-ietf-pppext-12tp-security-02.txt
No strong international L2TP (or PPTP) products are known.

Products

• Linux: FreeS/WAN is the only Free IPsec VPN available: Version 1.00 basically works for gateway to gateway (on Redhat Linux 5.2), but does not yet support mobile IP, or X509 certificates.
• Datafellows are well known for other F-Secure strong crypto products such as FileCrypto, F-Desktop and SSH.
• VPN: is an SSH based gateway VPN, which is like and encrypting router.

A small two site VPN can be set-up for $5,000 + the price of the two dedicated UNIX PCs.
• VPN+ v4.1: Their IPsec/IKE VPN is a software solution, and includes a Win32 client, gateway and server.

Platforms: Win95/NT, Solaris planned.
For a 100-user license, the price is $59 per user. A Server license costs $495, a Gateway license costs $2495, and an Enterprise Gateway license costs $4990.
• TrustWorks (a Dutch/Russian company) are migrating their SKIP based VPN to IPsec in the upcoming Version3. Apart from working with Firewall-1 and Sunscreen SKIP implementations, it also offers a "crypto plugin" API, where customers can insert their own implemented algorithms (useful for adhering to certain export restrictions and fulfilling government requirements). TrustWorks is a software only solution, running on UNIX (Solaris), NT and Win95 (client only).

Currently "tunnel mode" is not supported, meaning that the Gateway must be on the route from client to server and must be in series with any firewalls.
• Timestep (a Canadian company) offer an IPsec solution with software on the client side and a hardware box as the gateway. SecurID/Radius authentication is also supported apparently.

Timestep have just been taken over by another Canadian company, Newbridge.
• Radguard (an Israeli company) has the CryptoSystem and clPro family of  products, offers an IPsec solution with software on the client side and a hardware box as the gateway.
• The MultiCom LAN Access Center (from Lightning Lausanne, Switzerland) is a multiprotocol router & bridge that offers strong encryption at the link layer (IP, IPX headers encrypted - remote access via ISDN or leased lines) or IP layer (for encryption over TCP/IP networks such as the Internet). The IDEA algorithm is used.

www.lightning.ch/products/software/encryption/details.htmlwww.lightning.ch/products/lan_access/index.html
• SSH1 can easily forward single sockets (POP3, SMTP, etc..) out of the box, with either a Windows or UNIX client. The problem is tunnelling an entire TCP/IP session, or with applications using dynamic ports.
• If PPP is redirected over an SSH socket, SSH can be used as a general purpose VPN. A practical example using Linux as a gateway on both sides is described in the O'Reilly book "Virtual Private networks, 2nd Edition", chapter7  and more information is at http://sunsite.unc.edu/LDP/HOWTO/mini/VPN.html. You'll need Linux on both sides and it's a bit tricky (dated 1997).

Sean Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.