Interview with Erik Kangas, President of Lux Scientiae

Erik Kangas has a Ph.D. in theoretical physics from the Massachusetts Institute of Technology and is currently President of Lux Scientiae, Incorporated, an Internet services and consulting company based in Boston, Massachusetts. In the interview, Mr. Kangas talks about his company, email security services and the state of secure messaging.

When and with what mission was Lux Scientiae started?

Lux Scientiae was founded in 1999 (then under the name InfiniteDimensions; the name changed to Lux Scientiae in March of 2002) with a two-fold mission. First, to provide Internet consulting services to companies developing database-driven, e-commerce, international, or secure web sites and web applications. Second, to deliver the unusual combination of very responsive and knowledgeable technical support, reminiscent of RackSpace’s “Fanatical” support, and a robust and featureful hosting service offering that any technically knowledgeable person would find very satisfying and the newbie very intuitive.

The emphasis of our hosting service offering has been refined somewhat over the years, now emphasizing email hosting in general, and SPAM filtering, IMAP connectivity, and security in particular.

What are the security services your company specializes in?

We specialize in secure email services: IMAP, POP3, SMTP, and WebMail over SSL to provide server authentication and protection from eavesdropping to our clients. We also offer a separate product called “Fort Lux” which is an easy-to-use web-based method of sending and receiving encrypted, signed, and trackable messages that works with any existing email solution that you may have.

On the web hosting front, Lux Scientiae provides secure web sites (over SSL), and managed dedicated servers (Linux or Windows) where we will manage the security and administration of the servers for you.

Furthermore, Lux Scientiae works with many of its clients to improve their web site security by improving and implementing authentication and encryption methods appropriate to the sensitivity of their applications and data.

Is there a market for secure messaging and how big is it?

There is definitely a burgeoning market for secure messaging; unfortunately (fortunately for us) there are not many providers out there that offer a wide range of services. To a large degree, this market currently consists of security professionals, people in professions that deal with sensitive information, and those who understand the inherent lack of security existent in email and don’t want to be caught short.

This market is growing. With the finalization of the HIPAA regulations expected late January, 2003, a large segment of the Internet community, all health care workers, will be required to start implementing secure messaging solutions or face fines when the regulations start being enforced. Other segments will follow suite: legal firms, government agencies, accounting and financial companies, etc. The need is there and people are and will be starting to see that and take action.

Should regular business e-mail be encrypted?

Regular business email that gets routed outside of a company’s firewall onto the general Internet should be encrypted. The reasons for this are very straightforward. Outside of their firewall, a company has no control over the information. It can be copied and backed up purposefully or automatically on any number of servers. Unencrypted, these messages can be read by anyone with sufficient access to these machines (or, indeed, by anyone sniffing the network traffic). If backups are made, this information may be read months or years later by unknown parties long after the original messages were deemed deleted.

Beyond these confidentiality issues, unencrypted email traversing the general Internet can be untraceably modified or deleted by people in the “right” place or with the “right” access. Emails can also be captured and resent later, possibly with modifications. This could have a devastating effect on a business!

The only way to prevent this is to use a combination of encryption and digital signatures in your business email to prevent eavesdropping, provide modification detection, and provide non-repudiation for messages traveling through the general Internet and through the corporate Intranets.

Even messages confined to a corporate Intranet are subject to all of the same kinds of attacks that messages traveling over the general Internet are vulnerable to, should a hacker break into the Intranet or should an employee or other insider wish to compromise the system. Especially if a company has a large Intranet, it should consider using secure email even for internal email messages as this threat is much greater than is usually perceived.

Are there problems with secure messaging interoperability?

First, let me point out that there are no interoperability problems involved in using IMAP, POP, and SMTP over SSL or TLS. All modern email clients support these types of secure connections and are generally very easy to configure.

The interoperability problems come in when try sending or receiving encrypted or digitally signed messages. The first problem is that there is not a single standard for encrypting and signing messages; the two most prominent methods are PGP and S/MIME. These are completely incompatible; if you are using PGP and your friend is using S/MIME, you will not be able to send each other secure messages.

That said, PGP has been an Internet standard (OpenPGP – RFC 2440) since 1997 and PGP-encrypted email accounts for well over 90% of the current encrypted email traffic on the Internet. So, using PGP will make you compatible with the majority. However, what really counts is the minority that you actually need to communicate with and their needs. Therefore you may find a need for the use of S/MIME if your correspondents like using its 3rd party issued certificates for email communications rather than PGP’s trust model. It is useful to know that some email clients, such as Microsoft Outlook, can be configured to use BOTH PGP and S/MIME so that you can correspond securely using whatever method is necessary at the moment.

The other interoperability issue involves “key exchange”. Both PGP and S/MIME are public key cryptography systems in which each user has a public and a private key. If you want to send your friend an encrypted message, you first need his/her public key; if your friend wants to prove that you signed a message or that the message that you sent him/her was unaltered, s/he first needs your public key. So there is the necessity of trading public keys before secure communication can ensue. There are various ways of doing this and PGP offers “key servers” from which your correspondents’ keys can be downloaded to make the process easier. However, not everyone has their PGP keys listed on a key server, let alone the same key server, and not everyone uses PGP, so the key exchange issue is still an impediment to sending secure messages — especially if you have to send them quickly.

From your experience, is secure messaging being a part of security policies deployed within companies?

In my experience, more and more companies are using SSL to encrypt communications with their email servers, but few are using PGP or S/MIME for encryption. I see the impediment being that the effort needed to setup, to enforce usage, and to train employees is seen as much larger (or costlier) than the benefit of use. Clearly, the cost savings gained by using secure messaging is in having less information leakage or modification which is very difficult to quantify, especially as most companies assume that they don’t (or won’t) have significant problems in this arena anyway. These assumptions will be changing.

Fort Lux is your company web based messaging solution. What are its functions and for what type of users it is intended for?

Actually, Fort Lux is a separate web-based secure messaging product offered by Lux Scientiae. We offer a normal WebMail application for our email hosting users; this is completely separate from Fort Lux, but compatible with, Fort Lux.

Fort Lux is designed for people who already have email services and who need to communicate securely with others. It is geared for usability:

  • No new email address required; use your existing email services
  • No software to download or install; Fort Lux is web based
  • Simple; If you can use WebMail, you can use Fort Lux
  • It’s free to receive messages
Fort Lux is in many ways like an online secure messaging center. A typical user will log into the Fort Lux web site and compose a message (to anyone, even recipients that are as yet unknown to the Fort Lux system). The message is digitally signed and encrypted and stored on the Fort Lux servers and a notice is sent to the recipient(s) that they can come and pick up their message at Fort Lux. When the recipient authenticates himself/herself at Fort Lux, s/he will be able to view the message and verify the digital signatures on all of the attachments. Furthermore, all actions requiring cryptography are tracked by the system so that the sender and recipient can both see when a message was created, read, replied to, deleted, etc.

If you already use PGP or S/MIME for secure email, this can be integrated into your Fort Lux account so that all notifications that Fort Lux sends to you are encrypted and so that you can have the secure messages you receive at Fort Lux automatically encrypted and forwarded to your secure email address so that you do not have to log into Fort Lux to retrieve them.

The basic idea is that Fort Lux is a quick and easy way to communicate with anyone securely. There are no interoperability or key exchange problems, it is compatible with anything you may currently be using for email, there is no effort spent in setting up software, and there is no commitment.

What is the difference between your services and HushMail?

While our service offerings are similar, there are several important
differences between our services and HushMail:

1. HushMail gives you a new email address; our service uses your existing email address.

2. HushMail allows you to send and receive messages from non-HushMail users:

– Messages to and from HushMail users are sent or received as normal unencrypted email.
– HushMail users can easily receive SPAM and other unwanted email in their HushMail accounts.

Fort Lux allows you to send messages to non-Fort Lux users, but it only accepts messages from existing users:

– Messages sent to non-Fort Lux users are not sent via normal unencrypted email, instead, they are securely saved on our servers and only a notification is sent to the recipient. We have additional security features to help you authenticate non-users when they come to pick up their message, such as the ability to add security questions to your messages per-recipient basis.
– Since the pricing of Fort Lux is based on the number and size of the messages you send; it is free to receive messages but costs a little to send a message. This, coupled with the fact that only paid Fort Lux users can send messages, means that it is very unlikely that you will ever get any SPAM or unwanted email via Fort Lux.

3. Fort Lux does not use JAVA so your web browser does not have to be JAVA-enabled.

4. You can receive and store any quantity of secure messages in your Fort Lux account. Even with their premium accounts, HushMail places strict upper limits on the amount of email and document storage you can have.

5. Fort Lux integrates with your existing email and supports unencrypted, S/MIME-, or PGP-encrypted communication with your existing email account.

6. There is no commitment with Fort Lux. You can pre-pay once for the ability to send messages and come back anytime days or months later to use the account. There are no monthly fees unless you wish to pay a discounted monthly rate. There is no cost for having an account used for merely receiving messages.

Secure messaging in 2003 – what should we expect?

Awareness of the necessity for secure messaging should be on the rise in 2003 as the HIPAA regulations are finalized and information security comes more into the limelight due to international hostilities. We will probably start seeing more DNS spoofing attacks which affect insecure email and probably not just one scandal involving sensitive information leakage or modification affecting large companies.

All of this will heighten the awareness of the need for secure messaging and increase the perceived return on investment. As a result, more and more companies will start offering secure messaging services and email protocols over SSL will become the norm rather than the exception. This will definitely be the trend over the next several years. We already see this happening with corporations trying to secure their employee’s use of instant messaging programs. A tougher stance on email is coming.

In 2003, Lux Scientiae hopes to extend its security offerings in several fronts:

  • Adding native PGP and S/MIME messaging support to its standard secure WebMail offering
  • Providing our email hosting clients with an alternative WebMail client that doesn’t require cookies or JavaScript and which uses minimal bandwidth
  • Offering secure DNS services to companies worried about DNS spoofing