Chandran, Gowri R ; Nieminen, Raine ; Schneider, Thomas ; Suresh, Ajith (2023)
PrivMail: A Privacy-Preserving Framework for Secure Emails.
28th European Symposium on Research in Computer Security (ESORICS'23). The Hague, The Netherlands (25.09.2023 – 29.09.2023)
doi: 10.1007/978-3-031-51476-0
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Emails have improved our workplace efficiency and communication. However, they are often processed unencrypted by mail servers, leaving them open to data breaches on a single service provider. Public-key based solutions for end-to-end secured email, such as Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME), are available but are not widely adopted due to usability obstacles and also hinder processing of encrypted emails. We propose PrivMail, a novel approach to secure emails using secret sharing methods. Our framework utilizes Secure Multi-Party Computation techniques to relay emails through multiple service providers, thereby preventing any of them from accessing the content in plaintext. Additionally, PrivMail supports private server-side email processing similar to IMAP SEARCH, and eliminates the need for cryptographic certificates, resulting in better usability than public-key based solutions. An important aspect of our framework is its capability to enable third-party searches on user emails while maintaining the privacy of both the email and the query used to conduct the search. To evaluate our solution, we benchmarked transfer and search operations using the Enron Email Dataset and demonstrate that PrivMail is an effective solution for enhancing email security.

Frage zum Eintrag

Redaktionelle Details anzeigen