A Comparison of Fortress Mail Encryption and X.509 based Public Key Encryption for Secure Email Exchange.

(c) 2003 Dr David J Reynolds

Whilst every effort has been made to ensure the accuracy of content no liability can be accepted by the author or Silicon Village for errors which may have occurred.

Introduction

The following is a brief analysis of the Fortress Mail symmetric key based encryption protocol in comparison with standard X.509 based public key encryption. 

It is worth noting that the issuing process for X.509 certificates may discourage intended recipients from acquiring a certificate. This may be particularly applicable to government or public sector organizations wishing to exchange confidential information with members of the public.

The various points raised are summarised in table form at the end of the document. Note that the use of third party encryption services is not discussed.

Key Generation

X.509    Public/Private key sets for the X.509 model can be generated in 2 ways. 

First and most commonly, for commercial purposes, an X.509 certificate is issued by a Certificate Authority (CA) which undertakes to ensure that the person or organisation (requesting body) is who they say they are. 

  1. To do this, the CA requires a significant amount of information from the requesting body which may include details the latter may not wish to disclose (eg passport number).  
  2. This process may involve a background check.
  3. It also requires that you trust the CA not to disclose this information to a third party.
  4. Certificate issue can involve a significant cost, $100 a year or more.
  5. Whilst the issuing process can be, and normally is,  done without the CA ever having access to the requesting body's private key, it should be noted that in the current climate a number of governments are moving toward key escrow policies which could make private key retention by the CA mandatory and may even require that a copy be forwarded to a government agency. Key escrow is opposed by most CAs.

Secondly software exists that allows users to generate their own X.509 certificates. However this raises the following issues:

  1. There is no guarantee that the holder of the certificate is who they say they are.
  2. Technical expertise is required on the part of the user.

Fortress Mail    Key generation for Fortress Mail is simple as all you need to do is choose a password or pass-phrase that is used for both encryption and decryption. 

Key Storage

X.509    Normal RSA keys  for X.509 are at least 1024 bits or 128 characters long and are thus normally stored on the users computer. This could represent a security concern in case of unauthorized access or theft.

Fortress Mail    Passwords or pass-phrases for Fortress Mail need, at most, be 32 characters long and can be as little as 12 characters (given current technology) and still give a good level of security. This means that important passwords could be easily memorized.

Exchanging Keys

X.509    Public keys are freely available since the public key cannot be used to decrypt any messages as this requires the private key.

Fortress Mail    Passwords need to be exchanged securely. However, whilst this could be done by email or other electronic means, if you are worried about security they could be exchanged by letter, courier, phone, or verbally, in the board room for example. 

Authentication

X.509    Certificates from an CA authenticate the sender as being who they claim to be. 

Fortress Mail    The Sender Authentication ID is fixed and locked to the senders computer. 

Unauthorized Access

X.509    If the holders computer were accessible or stolen a third party could masquerade as the holder and read the holders email (depending on the computers security features). Disk cloning may even allow this to occur without the holders knowledge.

Fortress Mail    If the computer were accessible or stolen a third party could still not read the holders email unless the password were known nor masquerade as the user unless the recipient's password were known.

Requirements for Email Exchange

X.509    Both parties must have certificates installed. 

Fortress Mail    Both parties must have Fortress Mail installed but only the sender needs a full version.

Changing Keys

X.509    Changing an X.509 certificate requires a new certificate to be generated and the previous certificate to be revoked. This can involve going through a revoking procedure which normally involves a cost

Fortress Mail     Change the password and let your correspondents know the new password. Note that this allows policies such as password of the day, or even single transaction passwords for extra security, to be easily implemented.

Encryption

X.509    The most common X.509 encryption is 1024 bit RSA (although other algorithms and key sizes are also available). This roughly equates (exact comparisons are very difficult) to about 112 bit Rijndael.

Fortress Mail    Fortress Mail provides various encryption algorithms and key sizes up to 256 bit Rijndael, the strongest encryption specified by the Advanced Encryption Standard (AES).

Summary

  X.509 Fortress Mail
Key Generation Normally issued by CA and raises a number of issues including:
  1. Possibly give personal or confidential information to CA.
  2. Possible cost implication.
  3. Must trust issuer not to divulge information.
  4. May involve a background check.
  5. Danger of future key escrow.
 Choose a password
Key Storage Key size is such that they are normally stored on the users computer. Can be stored on or off the computer and could even be memorized for extra security.
Key Exchange Public key freely available. Exchange must be secure.
Authentication CA vouchsafes identity. Sender Authentication ID fixed. Users build their own trust relationships.
Unauthorized Access Holders identity may be compromised and encrypted emails may be read, depending on the computers security features.
  1. Emails are secure provided that the password(s) are not known.
  2. Users identity is secure provided that the password(s) are not known.
Email Exchange Requirements Both parties need certificates installed. Both parties need Fortress Mail installed but only the sender needs a full version.
Changing Keys Certificate must be formally revoked and a new certificate issued. Usually costs time and money. Change password and inform recipients.
Password of the Day and Similar Time Limited Policies. Not supported. Supported.
Single Transaction Passwords. Not supported. Supported.
Encryption Various but normally 1024 bit RSA. Various algorithms including all Advanced Encryption Standard (AES) modes (128,192,256 bit Rijndael).
 

Fortress Mail and Fortress SMS are trademarks of Silicon Village. Other products or names may be registered trademarks or trademarks of their respective companies.

Questions or problems regarding this web site should be sent via email to Silicon Village
Copyright © 2002 Silicon Village. All rights reserved. Please read our Disclaimer.
Last modified: Tuesday March 23, 2004.