Publication Type: Journal Article
Source: Information & Security: An International Journal, Volume 15, Issue 2, p.135-150 (2004)
, Risk Analysis
, Secure E-Mail
Exchanging information using e-mail brings a good deal of vulnerability that can be exploited by an unauthorized third party for individual or organizational purposes. This is quite probable since e-mail systems are designed to provide a straightforward and fast way of information delivery without considering the security of information. Prior to applying any specific security solution, an organization has to consider system characteristics and the existing problems through evaluation of security needs and faced risks. An approach that can be used to determine the security needs of an organization is risk management. Risk analysis can aid the organization in identifying the risks, why there can be a risk, to determine priorities and create prevention strategy to reduce the risks. In this article, the authors discuss the development of secure e-mail software. E-mail protection is accomplished using Secure Socket Layer (SSL) to protect the communication between the web server and the local computer, encrypting e-mail messages with combination of public and symmetric key encryption, dynamic encryption key and adding a digital signature. The experimental results show that the software can be used to protect information exchange and can reduce such security threats as eavesdropping, identity theft, false message, message modification and repudiation. Using encryption expands the size of the e-mail message to 161.96% from the actual size and the time required for encryption process is increased with 3.68%.