In the non-cyber world we verify contracts and cheques with a hand-written signatures; only the signatory can tell if he or she signed it or if anyone has tried tamper with or even forge the signature. Every day we send and/or receive emails and documents (Word, Excel, PowerPoint etc). How do we know the email has not been forged or a company contract worth millions has not been tampered with. The simple answer is that the average person would not know whether or not the email or document was authentic or had been edited in some way.
Imagine if someone emailed you a contract worth, say, £5 million and a few weeks later you opened up the email attachment and the figures had changed. It would be difficult to tell if it had been edited, still harder to prove. Fabricating emails to look like someone else’s is relatively simple and it can be hard to tell whether or not the source is genuine. Generally, emails are transmitted in clear text with no encryption. An email travels through thousands of miles of cables and across many networks before it reaches the server and their intended location ... and all within the space of a few seconds. Those with criminal intent can install a so-called ‘sniffer’ at any location – such as an ISP, an internet café or a company’s network – which makes it possible to intercept, alter or record emails and any other data passing through.
Digital signatures (certificates) are a simple and low-cost option to prove integrity and authenticate the sender. A digital signature can be applied to an email and some documents (mainly Microsoft Office). It is a virtual stamp to confirm that it was sent or generated by the user. If anyone tries to edit the document the signature will show as void and thus confirm that the document or email has been tampered with. Digital certificates can also be used to encrypt email messages (and attachments) with ease to anyone who has a digital certificate.