Exchanging information using e-mail brings a good deal of vulnerability that can be exploited by an unauthorized third party for individual or organizational purposes. This is quite probable since e-mail systems are designed to provide a straightforward and fast way of information delivery without considering the security of information. Prior to applying any specific security solution, an organization has to consider system characteristics and the existing problems through evaluation of security needs and faced risks. An approach that can be used to determine the security needs of an organization is risk management. Risk analysis can aid the organization in identifying the risks, why there can be a risk, to determine priorities and create prevention strategy to reduce the risks. In this article, the authors discuss the development of secure e-mail software. E-mail protection is accomplished using Secure Socket Layer (SSL) to protect the communication between the web server and the local computer, encrypting e-mail messages with combination of public and symmetric key encryption, dynamic encryption key and adding a digital signature. The experimental results show that the software can be used to protect information exchange and can reduce such security threats as eavesdropping, identity theft, false message, message modification and repudiation. Using encryption expands the size of the e-mail message to 161.96% from the actual size and the time required for encryption process is increased with 3.68%.
BT - Information & Security: An International Journal DA - 2004 DO - http://dx.doi.org/10.11610/isij.1509 IS - 2 LA - eng N2 -Exchanging information using e-mail brings a good deal of vulnerability that can be exploited by an unauthorized third party for individual or organizational purposes. This is quite probable since e-mail systems are designed to provide a straightforward and fast way of information delivery without considering the security of information. Prior to applying any specific security solution, an organization has to consider system characteristics and the existing problems through evaluation of security needs and faced risks. An approach that can be used to determine the security needs of an organization is risk management. Risk analysis can aid the organization in identifying the risks, why there can be a risk, to determine priorities and create prevention strategy to reduce the risks. In this article, the authors discuss the development of secure e-mail software. E-mail protection is accomplished using Secure Socket Layer (SSL) to protect the communication between the web server and the local computer, encrypting e-mail messages with combination of public and symmetric key encryption, dynamic encryption key and adding a digital signature. The experimental results show that the software can be used to protect information exchange and can reduce such security threats as eavesdropping, identity theft, false message, message modification and repudiation. Using encryption expands the size of the e-mail message to 161.96% from the actual size and the time required for encryption process is increased with 3.68%.
PY - 2004 SP - 135 EP - 150 T2 - Information & Security: An International Journal TI - Secure e-Mail Application Software for Government in Indonesia VL - 15 ER -