IBM seeks to upgrade e-mail security

IBM Corp. said it intends to raise the bar on e-mail security across the Internet by reworking the basics of how messages are sent and received.

Secure Mailer is IBM’s new e-mail messaging system released for free to the Internet community at large.

“We’re trying to step up and…in general, raise the security of the Internet by making sure that if somebody tries to break in, they’re not going to come in through the e-mail system, which they’ve done many, many times in the past,” said Charles Palmer, manager of network security and cryptography with IBM Research in Hawthorne, N.Y.

Palmer said the only way to raise security is to make sure anyone on any platform and operating system can use the software.

“We decided to make this generally available in source code form with a licence that says…port it, incorporate it, distribute it, all we ask is you keep our name on it because we started it,” Palmer said.

The current dominant messaging system on the Internet is Sendmail, which Palmer said is handling about 70 per cent of the Internet’s e-mail.

“The problem is,” Palmer said, “it was written nearly 20 years ago when everybody was friends and security was not a big issue, performance wasn’t a big issue, absolute 24-by-7-by-365 availability was not an issue. It was a good program, but it’s been challenged over the years with little fixes here and there, bugs, security issues and so on.”

But Paul Hoffman, director of the Internet Mail Consortium (IMC) in Santa Clara, Calif., said Sendmail is currently a secure and reliable product.

“It’s just impossible to figure out how to use. Once you have it up and it’s accepting mail, it pretty much runs without dying. (In comparison,) Secure Mailer…is really easy to set up,” Hoffman said.

“The user interface [of Sendmail] was designed 15 years ago and it hasn’t changed…It’s just really amazingly bad. Of course, Sendmail Inc. is doing something about that for their commercial version. It’s going to be easier to set up.”

In fact, Greg Olson, CEO of Sendmail in Emeryville, Calif., said the first commercial version of Sendmail was released late in 1998 and does include an improved user interface.

“We have built a comprehensive suite of GUI tools and on-line documentation that allows your average system administrator to successfully point and click their way to a mail server configuration,” Olson said.

Where the IMC’s Hoffman and IBM’s Palmer agree on Secure Mailer’s superior technology is in the fact that it’s modularized.

“The way Sendmail is designed, it’s like one big program,” Palmer said. “It’s kind of like basing the security of your home on your front door. If you want to accept mail, you have to open the front door and let somebody hand you the mail.

“The idea with Secure Mailer is we’re reducing that door to one that’s always locked but with a little mail slot.”

Any messaging system, Palmer explained, has to be granted a password-related privilege to access a user’s inbox, or else mail could not be delivered. He said while Sendmail, as one big program, has all of those privileges all of the time, only one of the 12 small programs that comprise Secure Mailer is granted the privilege to write to a user’s inbox. Furthermore, Palmer said the program that has that privilege knows only how to write to the inboxes and not send mail out, so it cannot be tricked into sending out the password file.

“You have to break through many, many doors and convince each of those little programs along the way to play your game before you get to the one at the end with the privilege,” Palmer said. “With Sendmail, if you confuse it anywhere, you now have a confused program doing your bidding with privilege. There’s only one door to break through.”

Hoffman said the modular design of Secure Mailer has other benefits, such as speeding up mail list deliveries. When the IMC receives a message to be sent to one of its mailing lists, Sendmail puts the list in order and sends out the mail one by one in sequence.

“Which means if you’re the last person on the mailing list, it might take half an hour or longer for you to get the message that the first person did,” Hoffman said.

“When you send something with Secure Mailer, it sees there are a thousand addresses and because it’s modular, it spawns…maybe 100 copies of itself, because they’re very tiny, and sends those message out 100 at a time in parallel, which means that the last person on the mailing list is going to get their message much, much faster,” Hoffman said.

He said another benefit of Secure Mailer is that its developer, IBM researcher Wietse Venema, is widely known for his solid code and strict attention to security. Hoffman said Venema has written parts of the Unix operating system that have never been shown to have a security problem.

While Sendmail’s Olson pointed out that Secure Mailer’s theoretical security still must withstand the test of usage and real-world hacking in order to claim demonstrated security, he said he’s pleased IBM has released the program and its source code.

“Wietse Venema’s new research here is shared with the Internet community and will contribute to its improvement,” Olson said.