From NCSA Security R&D - University of Illinois at Urbana-Champaign

Contents 1 NCSA makes secure group email services available 1.1 A simplified key management system 1.2 A wide variety of uses 1.3 Usability and support

NCSA makes secure group email services available

Secure Email List Services (SELS), open-source software developed at the National Center for Supercomputing Applications, at the University of Illinois, is now available for users wishing to conduct secure, encrypted email discussions among multiple participants.

Most email discussions take place on unencrypted, plain text email lists that can easily be intercepted and read by anyone with access to the servers or networks on which the lists are administered. This includes both authorized users, such as system administrators, and unauthorized intruders who may gain access to a system in search of confidential information.

"The need for secure messaging among groups is increasing along with the need for collaborations and team work," says Himanshu Khurana, project lead for SELS and a principal research scientist at the Information Trust Institute, University of Illinois. "For such messaging users are naturally drawn towards email, and we believe SELS provides a unique tool with the necessary security and usability properties."

A simplified key management system

By definition, when an email list is encrypted, no entity except for the list subscribers should be able to read the messages – not the list owner or its administrator. While individuals who need to encrypt their electronic communications have long been able to do so using the PGP (Pretty Good Privacy) standard, encrypted group discussion lists are much more challenging. They're also less user- and administrator-friendly, according to James Marsteller, Information Security Officer at Pittsburgh Supercomputing Center. "Encryption key management can be a challenge, especially as discussion participants, who share a common password, enter and leave the mailing list," he says. "Accessing old email messages often requires maintaining a list of old passwords."

SELS is innovative, says Khurana, in that it provides security via novel cryptographic techniques and usability via a greatly simplified key management system. Like individual PGP users, SELS-enabled email list subscribers are each assigned two digital private keys: one to open and read messages; the other, stored in the list server, to transform every encrypted and signed email the member sends to the list. "The cryptographic techniques enabling the transformation of encrypted messages have been designed specifically for SELS," says Khurana, "but they're based on well-proven cryptographic primitives that have been studied for over a decade."

A wide variety of uses

As part of NCSA’s Cybersecurity Directorate, the SELS team developed the software in response to a need expressed by system administrators and site security professionals for confidentiality of sensitive messages relating to critical infrastructure protection such as discussions about ferreting out attackers – who may attempt to evade discovery by eavesdropping on such email conversations. "I like the ability of SELS to verify that our messages are encrypted," says Jim Barlow, who leads NCSA Security Operations. He and his team have adopted SELS for routine email communication, which often includes confidential information.

"In order to function effectively as a team, we need to be confident that our discussions are kept private." SELS has also been adopted by security professionals for the NSF TeraGrid, a massive distributed computing infrastructure for open scientific research consisting of powerful machines at eleven supercomputing centers and national laboratories across the United States, linked by a dedicated high-speed network, and serving thousands of researchers. Marstellar, who, in addition to his role at PSC also chairs the TeraGrid Security Working Group (TG-SWG), has noted improvements in the security and efficiency of the group's TeraGrid email services since transitioning to SELS. "SELS has improved our response times by allowing us to access encrypted messages more quickly, while at the same time improving the integrity of those messages," he says, noting that, among secure email services developed for communities, SELS appears to be unique in that its server never has access to the clear text of the messages.

In addition to computing site security and incident response, Khurana sees a wide range of applications for the software, from academic research to industry and finance to healthcare and emergency response to the classroom. Other potential uses include safeguarding against the theft of intellectual property, encrypting email transactions involving sensitive financial information, communicating information quickly and securely during an emergency, and hands-on demonstrations of encryption and cryptography.

Usability and support

SELS can be used with several common email clients, such as Mozilla Thunderbird, MacMail, Microsoft Outlook, Mutt, and Emacs, through plugins provided by GNU Privacy Guard (GnuPG, an open source implementation of PGP). Along with the GnuPG plugins, other open-source components in SELS include GnuPG and BouncyCastle cryptographic libraries, Mailman email list manager and the Sendmail MTA. SELS is developed in C, Java and Python. "If you are already using PGP, joining a SELS list just requires adding the list keys to your PGP keyring. After that, sending and receiving encrypted messages on the list is automatic," says Jim Basney, senior research scientist at NCSA and SELS project co-lead. "We are working hard to provide high-quality, open source software, through design and code reviews and automated software testing."

NCSA is making SELS available in two ways: by downloading the software from http://sels.ncsa.uiuc.edu and installing it on local servers, or by using NCSA’s hosted SELS service. This service assigns each list a pair of dedicated virtual machines, which provide isolation, and locates the virtual machines on two separate physical rack servers for redundancy, backup and monitoring. Although NCSA hosts and administers these servers, SELS encryption capabilities assure that only the members of a given list will ever see the content of messages sent to that list.

Both the TeraGrid Security Working Group and NCSA Security Operations are currently using the NCSA-hosted SELS beta service, currently SELS 0.7. Users report that the service is easy to use and running smoothly, thanks to the SELS team's responsive help and troubleshooting support. "Any problems we've encountered with installation and administration have been addressed swiftly by the SELS team--our interactions with them always result in positive outcomes," says Tim Brooks, a security engineer at NCSA who is also a member of the TG-SWG.

"Community engagement is an important, often overlooked component of software development. Our approach is to work with our user communities as necessary to ensure that SELS provides what they need," says Meenal Pant (mpant@ncsa.uiuc.edu), the SELS development and user support team lead. Development is progressing rapidly, and she anticipates that SELS 1.0 will be available this winter.

To learn more, or to apply for a list, contact the SELS team (sels@ncsa.uiuc.edu) or visit sels.ncsa.uiuc.edu.

SELS was developed with support from the National Center for Advanced Secure Systems Research, a multi-institutional cybersecurity research team led by NCSA and funded by the Office of Naval Research (ONR).