What Is Transmission Security?

Transmission security is the capability to send a message electronically from one

computer system to another computer system so that only the intended recipient receives
and reads the message and the message received is identical to the message sent. The
message would not be identical if it was altered in anyway, whether transmitted over
faulty channels or intercepted by an eavesdropper. Transmission security translates into
secure networks. Although many people regard networks as computers connected by
wires, this definition of a network, while technically correct, misses the point. Rather,
networks are transmitted data, the data flowing over wires.

All transmissions can be intercepted. And the cautious user looks at all transmissions as if
they will be intercepted. You can minimize the risks of transmission interception, but you
can never, under any circumstances, completely rule it out. After all, it is people who
design and put wires in their place, and people can get to them. Accessing wires is
somewhat comparable, although much more difficult, to accessing a transmission sent
over airwaves, as on a CB radio. For example, as a ham, you may have a message
intended only for other hams. Although hams are the main communicators on these
frequencies, anyone with the right radio equipment can tune in and listen, so it's likely
your message will be received and heard by other listeners who pick up the frequency,
whether you want them to hear it or not.

Similar risks occur with cellular phones, even though most transmission takes place over
wire and not air. One risky transmission occurred between Prince Charles and his
mistress Camilla Parker Bowles when an eavesdropper intercepted a now infamous
cellular phone conversation between the two.

So, like it or not, networks are our transmissions. If you ascertain that security is too high
to risk over networks and you decide not to transmit over networks, throw your computer
systems away; you've wasted your money. Unfortunately, transmission interceptions are
inevitable; it's likely they will occur at times. Designing a 100 percent transmission-
secure network is akin to designing a car that can't be broken into; no matter how secure
the car is, someone can always break the windows. This doesn't mean you should sit back
and wait for the interception, however; instead, build your system to deter people from
attempting to break in, and make it costly for the hacker to enter.

How Information Is Transmitted

Most networking schemes involve data transmission over certain whole sections of the
network. Most network transmissions don't go directly from computer A to computer B.
Ethernet networks, for example, involve transmission to all directly connected computers
on the local network. Two computers are "directly connected" if there is no device
between them that filters the transmission based on its destination. So if computer A
sends a message to computer E, computers B, C, and D will receive the message but will
ignore it, because it is not intended for them, as shown in Figure 16.1. Many other types
of networks, including Token Ring, FDDI, and some switched ethernets operate on the
same idea: Transmitted packets go to many devices on the network and expect the
recipients to ignore messages destined for other computers. This is much like radio or
television transmission, in which signals are sent out in every direction, but radios and
TVs not on the correct station don't use the signal.

How Information Is Intercepted and Read

Any computer with access to the physical network wire or in the vicinity of over-air
transmissions, however, could be instructed not to ignore the signals intended for other
computers. This is the essence of electronic eavesdropping.

Information is considered intercepted when someone other than the intended recipient
receives the information. Data can be intercepted in many ways, such as electronic
eavesdropping or by using the recipient's password. It can occur anywhere, including in a
chat room or through an e-mail exchange.

The tools required to read the transmission depend on how the information is intercepted.
If an intruder is stealing transmissions at the most basic level (stealing the data packets
straight off the wire or out of the air), the interloper will need something that translates
electronic signals from voltage changes to the numbers and letters that those changes
represent. Computers for which the transmission is intended do this automatically,
because they are expecting the signal and already know its characteristics, how to decode
it, and what to do with it. A much simpler method would be intercepting a message by
just looking over someone's shoulder to read what they have written. Again, the
legitimate user already has a context in which to interpret the on-screen information. The
snooper, however, still has to interpret the message, and this isn't always so simple.

Sniffing Devices
There are troubleshooting programs and devices designed to analyze LAN traffic. These
are commonly referred to as packet sniffers, because they are created to "sniff" packets of
data for the network engineer. As mentioned in the preceding section, all transmissions
are broadcast over all the wires. When one computer wants to communicate with another,
it sends out an electrical signal through the network, which could be copper wire, fiber
optic cable, or air. The signal travels over this whole section of the network until it
reaches the end of its signal strength in the air, the end of the wire or cable, or a network
device that turns the packet back because the packet's destination is not on the other side
of the device. At each point along this journey that the signal encounters a network
interface, that interface examines the signal. If the interface sees the signal is for someone
else, it ignores it. If the interface recognizes a signal for it, it reads it and gives it to the
other parts of the computer for interpretation and use.

The nice thing about LANs is that the systems administrator can use a sniffer to tap into
the wire to examine it. A systems administrator should occasionally examine these lines
to check on the raw material going over the LAN. This is where packet sniffers are
helpful. Packet sniffers will instruct your computer to look at every signal over the wire
or only signals that meet certain criteria. This allows the systems administrator to analyze
and actually read electrical signals. However, anyone with malicious intent also can use
packet sniffers for analyzing and reading network traffic.

Now, you might think there are users out there maliciously using packet sniffers to read
data worldwide, continuously. It's true that there may be many users with malicious intent
snooping around networks, but it is not as simple as just purchasing a packet sniffer.
There are devices-generally referred to as internetworking devices and more specifically
referred to as routers and bridges-that actually filter the electrical signals sent out as data
packets. These devices filter signals logically, which means that any data passing through
a bridge or router must be intended to go through that bridge or router; the destination of
the data must be on the other side of the internetworking device to get through the filter.
If the destination of the data is not on the other side of the filter, the internetworking
device won't pass the signal; and if it doesn't pass the signal, someone on the other side is
unable to sniff the information, as shown in Figure 16.2. Anytime you have a network
that requires any sort of logical divisions, you need an internetworking device. If you are
connected to the Internet, you have an internetworking device. If your local network
spans a large physical distance, you have some sort of internetworking device.

Devices for Spoofing

Spoofing is somewhat of an overrated threat. Spoofing means getting your computer to
pretend it is a different computer. The user forces the computer to present credentials to
the network that are false. To do so, the user doesn't need tools but rather information to
make those credentials realistic. The Internet identifies computers by numbers: Every
computer has a unique number on the Internet. Some computers will grant access to
systems they are charged with protecting or resources that they guard on the basis of the
identification number presented to them by another computer. In this way, if a computer
presents a fake identification number, the computer that requested the number could be
fooled.

These are generally difficult attacks to carry out because of how information is
transmitted from computer to computer. When information is transmitted, it must follow
a route based on your address. If you are using a fake address, the information returning
to you will look for your fake address and thus take a route that does not lead to you, as
shown in Figure 16.3. For example, if you send mail to someone but you want them to
think you are someone else, you put someone else's return address on the envelope. When
they write back to the person at the return address, the mail carrier delivers the message
to that address and not back to you. The Internet equivalent of the dutiful mail carrier is
termed "forbidding source routing" and is easy to enable. You can't get return messages,
so the attack is difficult to carry out. In addition, firewalls know the difference between
inside and outside, and a firewall will ignore messages from outside by computers
claiming to have an inside address. Similarly, the mailroom at IBM will view
suspiciously any internal company mail brought in by a mail carrier. These simple
safeguards make it difficult to carry out a spoof attack from the outside.

A drawback of a spoof attack from inside the company is that if a computer on the
Internet at any time detects any other computer on the Internet with the same Internet
address, both computers will complain. In this case, if someone is spoofing you by
pretending to be you and your computer is on or being monitored, the trick would be
detected easily because your computer will tell you that there is another computer on the
network with the same address.

Still another drawback of a spoofing attack is that every network interface on any
computer has a unique identifying number. Anyone trying to spoof your IP address on a
local network could disable the computer he or she is spoofing, avoiding the earlier
mentioned conflict. This would fail, however, if any other computer on the network were
using the address routing protocol (ARP). The address routing protocol matches Internet
addresses to the number given to a network card. Therefore, turning off your computer
would eliminate the IP conflict, but the interface card number mismatch would require
either stealing the network card, making a special one, or adjusting the ARP on the third
computer.

Attacks in which individuals pretend to be another user can occur on several levels. The
attacker can pretend that his or her network interface is one that it isn't by manufacturing
a network card with a fake address. The user then might pretend to have the Internet
address of another computer and thus steal that computer's transmission or create
transmissions under the guise of the impersonated computer. A user could also pretend to
be a different person by stealing that person's username and password in one of about a
billion ways. In addition, a user could steal information simply by gaining access to a
computer whose data was not protected against direct physical intrusion.

Methods of Transmissions and Their Levels of Security

At the most basic level transmission occurs over wires or in the air; every electrical signal
travels one way or the other. Transmission is more secure over wire because an
eavesdropper or hacker must be physically near the wire, whereas an interception of an
air transmission can occur anywhere in reach of the signal.

An attempt to intercept a transmission traveling via fiber by tapping into the cable would
be more easily detected than a tap into copper wire, because the tapper could easily
damage or impair a particular segment of the network, which should be easy to spot.
Detecting an interception that took place over the air would be nearly impossible.

Encryption
There are two aspects to consider when planning for transmission security. The first
aspect, discussed in the preceding paragraph, is how transmissions are physically sent
(that is, over wire or air). The impossibility of preventing physical interception should
now be clear. The second aspect of secure transmission relates to the content that is being
transmitted. Securing the content of the message is done through encryption.

Encryption involves transforming messages to make them legible only for the intended
recipients. Encryption is the process of translating plain text into ciphertext. Human-
readable information intended for transmission is plain text, whereas ciphertext is the text
that is actually transmitted. At the other end, decryption is the process of translating
ciphertext back into plain text. (Figure 16.4 demonstrates the process.)

Encryption algorithm
It refers to the steps that a personal computer takes to turn plain text into ciphertext. A
key is a piece of information, usually a number, that allows the sender to encode a
message only for the receiver. Another key also allows the receiver to decode messages
sent to him or her.

Now that you have the basic encryption jargon down, let's look at why and how
encryption is essential for secure transmissions.

Why Use Encryption?

As you've learned by now, your transmissions can have only so much physical security. It
is reasonable to assume that at some point someone may intercept your transmissions.
Whether you expect an interception or whether you just generally suspect that
interceptions may occur, you should transmit your information in a format that is useless
to any interceptors. At the simplest level, this means when transmitting a message to
someone, you use a coded message or slang (nicknames) that no one else understands.
When Ulysses S. Grant captured Vicksburg during the Civil War, he sent a coded but
predetermined message to Abraham Lincoln that read "The father of waters flows
unvexed to the sea," meaning that the Union now owned the whole Mississippi river.
Perhaps a good plan at the time, but still, Grant and Lincoln (or their
advisers/confidantes) had to communicate a predetermined message and the message's
meaning. A more recent example of a coded message might involve the use of
nicknames. For instance, you and your sister give nicknames to family members whom
you discuss unfavorably. Should a malicious family member decide to intercept a
transmission, you would hope he wouldn't understand which family members you and
your sister refer to in your messages. The obvious drawback of this coded message, like
the Grant-Lincoln message, is that you and the recipient must establish a system of code
before you begin transmitting messages.

A better system is one that allows you to send any message, even one you had not
anticipated, to anyone without fear of interception. This is why an encryption system is so
valuable; it allows any message to be transmitted that will be useless to anyone who
intercepts it.
Private Key Encryption

Another rather simple form of encryption is commonly known as private key or

symmetric encryption. It's called private key encryption because each party must know
before the message is sent how to interpret the message. For example, spies in the movies
always have a sequence of statements that they exchange to be sure of each other's
identity, like "the sun is shining" must be followed by "the ice is still slippery." This is an
example of encrypting so that only the person for whom a message is intended will
understand it.

Other systems have been developed so that information can be encrypted in a general
way. Again, using history as an example, one encryption method is commonly referred to
as Caesar's code. According to history, Caesar would send messages that were encoded
by replacing each letter in the message with the letter three places higher in the alphabet
(A was replaced by D, B by E, and so on). The recipient just had to change the letters
back to find out what the message said. An enemy who intercepted the message and did
not know the method of encoding it would be unable to decipher it. Clearly though, this
encoding method is not terribly difficult to break. This is called private key encryption
because the method of encryption must be kept quiet. Anyone who knows the method
could decode the message. It also is called symmetric because the same key is used to
both encrypt and decrypt the message. Other private key methods have been devised to
be more difficult to break.

Data Encrypt Standard (DES) is a private key system adopted by the U.S. government as
a standard very secure method of encryption. An even more secure private key method is
called a one-time pad. A one-time pad involves sheets of paper with random numbers on
them: These numbers are used to transform the message; each number or sequence of
numbers is used only once. The recipient of the message has an identical pad to use to
decrypt the message. One-time pads have been proven to be foolproof-without having a
copy of the pad. Supposedly, mathematicians can prove that a one-time pad is impossible
to break.

The drawbacks to private key systems, however, are twofold. First, anyone who learns
the method of encryption and gets the key, or a number or sequence of numbers or the
sequences' equivalent of numbers that are used as a random input into the encrypted
system, can break the key. Second, keys must be exchanged before transmission with any
recipient or potential recipient of your message. So, to exchange keys you need a secure
method of transmission, but essentially what you've done is create a need for another
secure method of transmission.
Public Key Encryption

To overcome the drawbacks of private key systems, a number of mathematicians have

invented public key systems. Unknown until about 30 years ago, public key systems were
developed from some very subtle insights about the mathematics of large numbers and
how they relate to the power of computers. Public key means that anyone can publish his
or her method of encryption, publish a key for his or her messages, and only the recipient
can read the messages. This works because of what is known in math as a trapdoor
problem. A trapdoor is a mathematical formula that is easy to work forward but very hard
to work backward. In general it is easy to multiply two very large numbers together, but it
is very difficult to take a very large number and find its two prime factors. Public key
algorithms depend on a person publishing a large public key and others being unable to
factor this public key into its component parts. Because the creator of the key knows the
factors of his or her large number, he or she can use those factors to decode messages
created by others using his or her public key. Those who only know the public key will
be unable to discover the private key, because of the difficulty of factoring the large
number.

Public key methods vary, but one of the most common, and also free, is PGP (pretty good
privacy). This is a public key encryption method that allows you to exchange messages
with anyone that will send you his or her key. When you receive a key from someone,
your PGP software can use that key to encode a message that only that person can
interpret. The PGP method also allows you to encode a signature that only can be
decoded using your public key, ensuring that it was you who sent the message. There are
many free software packages that allow users to encode e-mail and other files they send.
These software packages also will generate a public key for you. The software, along
with the source codes, are available for almost all common operating systems.

Public key encryption works because users can send any message to any person without
first meeting them or exchanging secret keys or secret encryption schemes. This
obviously makes an extremely powerful tool in commerce for transmission of
confidential customer information between buyers and sellers. In addition, public key
encryption is extremely secure because decrypting public key encryption methods is a
matter of time. If someone had enough time, that person could decipher your message.
With commonly used methods, however, even an entire nation of hackers with the most
powerful computers would take many years to decipher encrypted messages.

Now that I've told you about what many in the world of computer security consider the
most secure method of transmission, I must tell you that there are times when public key
encryption doesn't work. When the method used for encryption isn't secure, the message
isn't secure. Because the methods of encryption are usually public, anyone who is
interested in finding a hole has all the information necessary to find any holes. Holes
often are discovered in methods previously thought to be secure. The fact that the
algorithm is public makes the method more secure over the long term but less secure over
the short term. In the long term all the flaws will be discovered and fixed, but over the
short term flaws will be discovered and perhaps exploited. A second insecurity of public
key methods in general is that public key encryption won't work when a recipient has no
method of authenticating the sender. If someone sends you his or her public key, you can
use that to encode a message for that person only-but it doesn't mean they are who they
say they are.

Services of certifying authorities, such as Verasign, Inc., are needed to ensure the
authenticity of correspondence. These certifying authorities use common identification
methods to authenticate the identity of their subscribers. When verified, the authority
issues a digital certificate to the subscriber. The subscriber then can use this certificate in
his or her Web server to carry on secure communications with those browsing the Web
site. Individuals who want to use public keys for their correspondence or companies that
wish to prove their identity in electronic correspondence also can get an identity service
from a certifying authority. Certifying authorities aim to overcome the aforementioned
weakness of public keys being only as authentic as the user who sends it. The service
only removes the dilemma one level, however, because the authority's services are only
as good as their methods of authenticating subscribers.

Public key also doesn't work if your private keys are compromised. Keeping your private
key secure is essential to the security of the system. Remember that the security of a
public key system depends on no one being able to get your private key by knowing your
public key. Your private key is what you use to decode messages sent to you and to prove
your identity to others to whom you send messages. If someone is able to gain possession
of your private key, that person could read your messages and forge messages from you.

State-of-the-Art Encryption and Its Future

Encryption has often involved making a choice between public and private key security
methods. Public key encryption involves a heavy computing load, meaning that
transmission with a public key takes more time and resources. Private key systems are
less cumbersome but also less secure and less versatile. To overcome the drawbacks of
both security methods, users have combined public and private key systems, such as an
exchange of DES keys using a public system and then using those keys for the private
DES system. Remember that private key systems can be stronger because it is possible to
make an unbreakable private key system. A public key system is not theoretically
unbreakable; it's just too difficult to do it in real life. The weak point in a private key
system is the exchange of keys, so the very secure public key method can be used to
exchange keys, and then the completely secure private key system can be used to do the
actual transmission. A second advantage is that public key systems require a big
commitment of computing power for every message. Private key, by comparison, is far
less computing intensive and therefore cheaper and more efficient overall for
transmission.

This combination likely will continue and become more common in the future, but it's
unlikely that most systems will become public key. As computing resources advance to
make public key encryption easier, the resources for cracking those keys also advance.
This means that keys will become longer while the calculations will become bigger.
Email security

E-mail traverses the internet in a series of hops from one server to another until it reaches
your ISP (Internet Service Provider) from whose server you download it. At any one of
the intermediate or end servers it can be read, diverted or stored. Sometimes this is the
inevitable consequence of normal practice. E-mail stays in your POP account until you
download and delete it. These are not the same thing. If you read your e-mail at various
locations, you might wish to leave it in your POP account for download to a single
archive before you delete it. While stored in your POP account, it can be read as plain
text by anyone with legitimate or abusive access to the server. Furthermore, these servers
are backed-up by any good ISP, and backup tapes, with your e-mail recorded, can remain
archived for years.

Every good ISP offers the option to have copies of incoming e-mail sent to a second or
third recipient. This is extremely useful for business purposes, but of course someone
with access to your ISP's server can just as well divert a copy of all your e-mail to an
address unknown to you. Here you depend on the soundness of your ISP, usually without
problems. ISPs are, after all, very concerned to protect the interests of their customers in
today's competitive environment.

E-mail completely incorrectly addressed might be delivered to an unintended recipient

but most likely ends up in a bounced e-mail buffer on your ISP's server. These are usually
deleted periodically but could of course be read. If the domain name is correct but the
specific recipient is incorrect (for example indo@ammonet.com instead of
info@ammonet.com), the message usually goes to the webmaster of the corresponding
web site if no other default maildrop is specified. From our own experience, we can
provide three anecdotal examples of persistently incorrectly addressed e-mail that does
go to unintended recipients. The first involves use of a country extension such as com.nz
rather than .com. The senders of the e-mail don't know or forget that the extension is
not .com. Since the .com address in this example belongs to ammonet, we receive an
unintended steam of e-mail with highly confidential attachments. As a goodwill service
to the intended recipient company, we have aliased all of the appropriate e-mail addresses
so that most of this e-mail is now automatically redirected to the correct recipient. A
second example involves an incorrect return address configuration which the individual
involved seems incapable of correcting, despite numerous requests from us to do so.
Again, the unintended domain name belongs to ammonet and we receive frequent e-
mails, with both personal and business attachments, sent by users who know the correct
e-mail address but who have clicked the return button on their e-mail software. The third
example is simply a matter of two hotel e-mail addresses that differ by a single hyphen.
The two hotels continually received one another's communications because of the
similarity of the domain names. Use of different reservation addresses doesn't help in this
case because default mail is inevitably misdirected.
Aside from the vulnerability of your e-mail to being read by individuals to whom it is not
addressed while it is stored on the server of your ISP or at some intermediate server on
the internet, there are other security flaws. These are characteristic of the increasingly
popular HTML mail format whereby e-mail messages look like web pages. A few lines
of javascript can be embedded in such a message in a manner which is not visible to you
as the recipient. This enables text to be secretly returned to its original sender every time
the message is forwarded to another recipient, as long as the recipient's e-mail software is
javascript-enabled. The most widely used e-mail programs that are vulnerable to this
exploit are Microsoft Outlook, Outlook Express and Netscape Messenger 6. Since many
users click "reply" during long e-mail exchanges, a javascript insert of this kind can
enable an individual to receive copies of all messages that form part of the exchange.
Such an exchange of messages could be, for example, a confidential discussion of the
original message.