Is STARTTLS enough for email security?
- By Amanda Ziadeh
- Oct 05, 2015
With email supplying a major attack vector for breaching government networks, a recent article raised a few eyebrows when it reported that the Defense Department does not use STARTTLS technology to encrypt email messages in transport.
STARTTLS, however, is only part of the story.
First, some background: STARTTLS is an encryption protocol extension that upgrades plain text communications to encrypted connections using Transport Layer Security (TLS) or the Secure Sockets Layer (SSL) in order to protect an email’s content and path as it travels from server to server before reaching its destination. Motherboard reported that its tests showed the Air Force as the only branch of DOD using STARTTLS to encrypt emails. The Army, Navy, Defense Security Services and the Defense Advanced Research Projects Agency do not.
And DOD is not alone is skipping STARTTLS. Only a handful of the major agencies, in fact --
the Department of Education, the General Services Administration, the Department of Homeland Security, the Department of Interior and the Department of Agriculture, appear to fully support STARTTLS with no apparent deficiencies.
That assessment comes via an online testing tool that measures mail servers’ support of the protocol, using four criteria: certificate, protocol, key exchange and cipher. For the best grade, a server must have no certificate problems, support certain TLS and SSL protocols, have a accepted cipher between 128 and 256 and a key size of 2048 bits.
Other agencies that received an “A” grade but had a couple faults included the departments of Commerce, Health and Human Services, Labor, Transportation and Veterans Affairs; the U.S. Postal Service; the U.S. Agency for International Development; and the Office of Personnel Management. Some of those identified shortcomings included accepting a cipher of 0, a key exchange that is susceptible to “man-in-the-middle” attacks, and certificates that are self-signed, untrusted or invalid for the server’s hostname.
But what, exactly do all these STARTTLS scores mean for government agency email protection? According to Mark Cohn, chief technology officer for Unisys Federal Systems, use of STARTTLS is not necessarily a reliable indicator of an agency's email security posture.
“Every agency that I’m aware of uses encrypted transport for email,” Cohn said.
“All [STARTTLS] addresses is the idea that we don't want the message read by a bad person as it’s on its way to the recipient,” he said. “STARTTLS is almost like a small part of an email security challenge.” In fact, Cohn explained, STARTTLS alone doesn’t guarantee that the message is encrypted unless the certificates are authenticated.
Additionally, 18F developer Eric Mill explained that the “START” part of STARTTLS refers to the initial attempt to encrypt. According to Mill, if it can’t establish an encrypted connection, STARTTLS will fall back to plain text.
This means any attacker wanting to read an email will just have to get through the first attempt to be able to read the plain text afterwards.
Mill said that STARTTLS protects primarily against passive attackers who have the ability to listen to the network or view the traffic, but can’t actually interfere with its context. It doesn’t protect the servers from any viruses the message could be carrying, doesn’t differentiate for spam, and doesn’t protect against data leaks. Most importantly, STARTTLS doesn’t protect against phishing, which has become the main avenue of attack for the major breaches.
According to Cohn, DOD’s use of S/MIME, or Secure/Multipurpose Internet Mail Extension, along with its public key infrastructure with the use of common access cards (CAC), is an effective method of ensuring email security, STARTTLS notwithstanding.
S/MIME digitally signs every email sent out, he said. “It adds a certificate that says, ‘this is really the sender, and for proof you can check the certificate trade.’”
CAC or “smart” cards not only give DOD personnel access to DOD computer networks and systems, they also hold a digital certificate for email signing and for email encryption. Once the user logs into computer or laptop with the card and sends an email, the .mil mail system takes the certificate and uses it to digitally sign and encrypt the message. This use of CAC for desktop and email logins and email signatures has made the DOD computer network much more secure and much less susceptible to phishing attacks.
Additionally, Cohn said, the S/MIME protocol is doing things that simple TLS or SSL will not do to protect the email against tampering and exposure because it is encrypted end to end -- at rest, in storage and in transport.
And because phishing is such a serious concern, Cohn recommends doing it all -- phishing protection, encrypted communications and encrypted transport --- to ensure maximum safety.
Still, 18F's Mill said, every organization should turn on STARTTLS regardless, as it can only be a benefit, but he recommends not telling anybody the email is encrypted because there is no guarantee the encryption is matched on the receiving end.
Mill also suggested that in some situations -- like an inspector general who needed to receive sensitive information -- it would be better to avoid email altogether, and invest in a good secure web form for such messaging needs.
Amanda Ziadeh is a former reporter/producer for GCN.