EndCryptor Crypto Station
Protects email at rest and in motion

An End to End email encryption program.

EndCryptor offers features that are new on the email encryption software market: backward security and recovery from an attack.

Backward security means that if a hacker steals the current security data (encryption keys) he cannot use this information to decrypt earlier encrypted messages. The recovery from attack means that after some time the intruder has no use of the obtained security data if he tries to decrypt new messages created after the intrusion. This restoration of security is important since the victim of intrusion may be totally unaware of the adversary's activities. Even in case of a successful hacker's attack certain kind of protection against identity hijacking (theft) can be offered. EndCryptor uses public key encryption technology, however, no public key infrastructure is required.

If you have email encryption needs then shouldn't you consider the possibility that someone really tries to get hold of the data?

For example the well known PGP -family do not offer backward security, they provide recovery when new public keys are taken into use.

The spying attack can e.g. be the utilization of dedicated spyware, worm, virus or the usage of a newly published security hole through which the computer can be accessed from the network and then the usage of a keylogger to capture the entry password to the encryption software's database (or whatever it is called) and the password's and the database's transmittal to the attacker ^1,2. This exposure of the security database can happen other ways also: the user turns from friend to foe and reveals the data to the adversary; or is forced (e.g. by a court order) or lured to reveal current security data; etc.

After the exposure old and new encrypted messages sent to the victim can be decrypted unless the software is prepared to face the exposure of its security database.

If recovery from attack is provided then after the recovery the attacker must be able to obtain  the security data again in order to be able to continue decrypting new messages - this may, however, now be impossible e.g. if the program containing the security hole has been updated and the bug fixed.

The features offered - backward security and restoration of security - are new on the offline communication market i.e. in email communication ³. 

Features:

o    Both the sender and the receiver must have EndCryptor installed. Also they need an email or another program that actually delivers the message from machine to machine. If this program is Microsoft Outlook then the sending and receiving is handled most conveniently by EndCryptor and Outlook – otherwise the user must perform some actions upon receiving a message. The encrypted message is a file that can be sent/received by any program that can send/receive files. To be specific EndCryptor uses the MAPI support like e.g. in Microsoft Outlook or Mozilla Thunderbird or Eudora. Microsoft Outlook Express does not have this kind of MAPI, read more.

o    Encrypts messages using 256-bit keysize AES.

o    The AES encryption keys are determined using elliptic curve public key technology, read more. According to the National Security Agency of USA ”The best assured group of new public key techniques is built on the arithmetic of elliptic curves. …as one scales security upwards over time to meet the evolving threat posed by eavesdroppers and hackers with access to greater computing resources, elliptic curves begin to offer dramatic savings over the old, first generation techniques.” (In: The Case for Elliptic Curve Cryptography: www.nsa.gov/ia/industry/crypto_elliptic_curve.cfm)

o    Each message is digitally signed. This ensures to the receiver that the message was created by the claimed sender and that the message was not altered during traversal, read more.

o    The sent and received messages are stored in encrypted form on a user’s computer – the user can view their decrypted contents when correct entry password to EndCryptor has been given. As an option the user can decide if the incoming attachments in messages are stored also in plaintext form or only in cryptotext form. The stored messages can be searched, moved between different user creatable mailboxes and exported in cleartext form. The export feature allows the user to have a complete cleartext archive of the communication. The search feature e.g. finds a sent/received file attachment based on its unique hash value (checksum).

o    Reports messages that have not been decrypted. The sender of a message can be sure that the receiver has decrypted the message. Important e.g. when the message contains some latest technical document that must be used by the receiver ⁴.

o    Possibility to delete the keys of a missing message - if a message is encrypted but not received  then the receiver can delete its decryption keys. This requires that the receiver has received a newer message from the sender.

o    Protection against replay attack where an adversary copies an encrypted message during its traversal in the net and later resends it: 1) a message can be decrypted only once  2) the decryption keys of missing messages can be deleted.

o    Compression of plaintext. Required amount of random bytes are added to hide the length of this compressed  plaintext - encrypted messages have different sizes even if their decrypted content is the same. File compression results for selected files from the Canterbury Corpus:

bpc = bits per character (byte). EndCryptor was used with the default setting: at most 1000 random bytes were added to compressed plaintext.

o    A message may have more than one receiver. Contacts can be grouped.

o    When a new contact is added both parties send to each other one special initialization file and then they may verify using a cryptographic checksum that they received the files unaltered. These files contain public keys that initialize the communication between these two parties. Later when the parties communicate every message EndCryptor encrypts contains new public keys of the sender created at the time of sending. This method of rapidly changing public keys means that there is no requirement to have a public key infrastructure (pki) for key revoking etc. read more.

o    File wiping, calculation of a cryptographic hash value (checksum) of a file.

o    If an Internet connection is considered to be too risky then EndCryptor can be run entirely disconnected from the network. When a message is encrypted a list of its receivers can be stored in a text format. The encrypted message and this list are moved to the actual sending machine using removable media. When decryption is needed the encrypted message is delivered to the receiving EndCryptor again using removable media.

o    Both parties that send and receive messages need that EndCryptor is installed in order to encrypt and decrypt. No third parties are used (e.g. to provide public keys, to provide online connection to a third party machine, etc. ) neither an online internet connection between the sender and the receiver is needed. When encrypting/decrypting the stored information on the EndCryptor's security database on the used computer is used together with the information that the message in question provides.

o    The security database and the stored sent and received messages can be moved to removable media and accessed from it. Thus it is possible to use EndCryptor both from office and laptop computers. The removable media must provide at least 520 MB of storage.

Notes:

1 ^. To see the techniques used search the Web for: keylogger, spyware, fedware, "Internet surveillance through a wiretap", computer espionage, badtrans.b, hacking.

2 ^. To see a virus attack designed against a specific encryption package, search the web for the caligula virus, this attack did not use a keylogger, but was a proof of concept attack.

3 ^. In interactive online direct communication between two computers these features (backward security, recovery from attack) are achieved by exchanging new public keys before a protected session is started - this is the behavior of many session protocols that e.g. protect an interactive visit to a bank account. In such protocols the identity of the client is proved usually via using one-time passwords stored outside of the computer and delivered each in its turn to the bank in a protected session. If one-time passwords are used then problems arise if an adversary takes the role of the bank and is able to mimic its website. The client may give the next one-time password to the impostor that uses it to connect to the bank. If one-time passwords are not used then some kind of protection against the  hijacking of client's identity should be asked from the protocol.

4 ^. Encrypted messages are numbered and they contain an encrypted list of earlier messages that are not decrypted. When you receive a message and decrypt it you know which messages sent by you were not decrypted when the received message was encrypted. The report of each contact's not decrypted messages is shown at request.