Easy-To-Use Secure Email Solutions for Enhanced Privacy and Trust
Email is often likened to a postcard, as most emails are sent in clear text, leaving them vulnerable. Users are becoming more reliant on email providers like Google and Yahoo for storage, but many remain unaware of the encryption options available. Our solution implements an email plug-in that facilitates easy secure messaging without extensive key management. Both sender and recipient can quickly prove their identity to a key server, allowing for seamless encrypted communication. This system ensures that messages are secure, encrypted, and only accessible to intended recipients.
Easy-To-Use Secure Email Solutions for Enhanced Privacy and Trust
E N D
Presentation Transcript
ISRL Internet Security Research Lab http://isrl.cs.byu.edu Easy To Use Secure Mail Tim van der Horst Kent Seamons seamons@cs.byu.edu
Email is a postcard • Almost all email is sentin the clear • Email provider can access stored messages • Users increasingly trust online service providers to store their email • Google, Yahoo, Hotmail, etc.
Encrypted email • Encrypted email solves the postcard problem • Current solutions • PGP • S/MIME • No widespread adoption • Hard to get keys for self and recipients • Many users don’t know what encryption is, or how to use it
Sender • Download and install an email plug-in • Prove her identity to the key server • Receive an email message from the key server • Happens once per email address • No more interaction required with key server to send secure messages to any recipient • Simply specify the email address of the recipient and send secure email messages • The email contents are encrypted and sent to the recipient as an attachment, along with plain-text instructions in the body of the message indicating where to obtain software to decrypt the message
Recipient • First-time receipt of encrypted message • The sender and subject line of the message are in plain text • The plaintext body informs the recipient that the message attachment is encrypted and refers the user to a plug-in needed to decrypt the message • The recipient installs the plug-in • Recipient proves her identity to the key server • Receive an email message from the key server • Happens once per email address • Decrypt a secure email messages • Click on the message in the inbox to read the messages • Client software obtains decryption key from the key server based on sender’s and recipient’s email address. The key can be cached at the client. • Message is decrypted and displayed to the user.
How our secure email works KDF(x)
Security analysis • Trust model • Key escrow • Key server can derive all keys • Messages don’t pass through the key server • Business can host their own key server • Threats • Basic model thwarts passive observation • Vulnerable to some impersonation attacks • Due to how key server authenticates a user’s ability to receive an email message • Use of a stronger authentication mechanism eliminates this weakness • The design supports a dial for convenience/security
Prototypes • 3rd party key server • Crypto card to protect master key • Clients • Firefox extension for Gmail • Web mail • Thunderbird extension • Standard email client • Java applet • Loosely coupled with any email client • Available to a user for any client that does not have a plug-in available for secure email
Future plans • Host a key server for public use • Popular email clients • Web: Gmail, Yahoo, Hotmail, AOL • Traditional: Thunderbird, Outlook, Lotus Notes • User studies • Obtain feedback from users to guide design decisions
