easy to use secure mail l.
Skip this Video
Download Presentation
Easy To Use Secure Mail

Loading in 2 Seconds...

play fullscreen
1 / 10

Easy To Use Secure Mail - PowerPoint PPT Presentation

  • Uploaded on

ISRL. Internet Security Research Lab. http://isrl.cs.byu.edu. Easy To Use Secure Mail. Tim van der Horst Kent Seamons seamons@cs.byu.edu. Email is a postcard. Almost all email is sent in the clear Email provider can access stored messages

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Easy To Use Secure Mail' - guthrie

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
easy to use secure mail


Internet Security Research Lab


Easy To Use Secure Mail

Tim van der Horst

Kent Seamons


email is a postcard
Email is a postcard
  • Almost all email is sentin the clear
  • Email provider can access stored messages
  • Users increasingly trust online service providers to store their email
    • Google, Yahoo, Hotmail, etc.
encrypted email
Encrypted email
  • Encrypted email solves the postcard problem
  • Current solutions
    • PGP
    • S/MIME
  • No widespread adoption
    • Hard to get keys for self and recipients
    • Many users don’t know what encryption is, or how to use it
  • Download and install an email plug-in
  • Prove her identity to the key server
    • Receive an email message from the key server
    • Happens once per email address
  • No more interaction required with key server to send secure messages to any recipient
  • Simply specify the email address of the recipient and send secure email messages
  • The email contents are encrypted and sent to the recipient as an attachment, along with plain-text instructions in the body of the message indicating where to obtain software to decrypt the message
  • First-time receipt of encrypted message
    • The sender and subject line of the message are in plain text
    • The plaintext body informs the recipient that the message attachment is encrypted and refers the user to a plug-in needed to decrypt the message
    • The recipient installs the plug-in
    • Recipient proves her identity to the key server
      • Receive an email message from the key server
      • Happens once per email address
  • Decrypt a secure email messages
    • Click on the message in the inbox to read the messages
    • Client software obtains decryption key from the key server based on sender’s and recipient’s email address. The key can be cached at the client.
    • Message is decrypted and displayed to the user.
security analysis
Security analysis
  • Trust model
    • Key escrow
      • Key server can derive all keys
    • Messages don’t pass through the key server
    • Business can host their own key server
  • Threats
    • Basic model thwarts passive observation
    • Vulnerable to some impersonation attacks
      • Due to how key server authenticates a user’s ability to receive an email message
      • Use of a stronger authentication mechanism eliminates this weakness
      • The design supports a dial for convenience/security
  • 3rd party key server
    • Crypto card to protect master key
  • Clients
    • Firefox extension for Gmail
      • Web mail
    • Thunderbird extension
      • Standard email client
    • Java applet
      • Loosely coupled with any email client
      • Available to a user for any client that does not have a plug-in available for secure email
future plans
Future plans
  • Host a key server for public use
  • Popular email clients
    • Web: Gmail, Yahoo, Hotmail, AOL
    • Traditional: Thunderbird, Outlook, Lotus Notes
  • User studies
    • Obtain feedback from users to guide design decisions