PriviPK

Certificate-less and secure email communication

Mashael Alsabah, Alin Tomescu, Ilia Lebedev, Dimitrios Serpanos, Srini Devadas

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

We introduce PriviPK, an infrastructure that is based on a novel combination of certificateless (CL) cryptography and key transparency techniques to enable e2e email encryption. Our design avoids (1) key escrow and deployment problems of previous IBC systems, (2) certificate management, as in S/MIME, or participation in complicated Web of Trust, as in PGP, and (3) impersonation attacks because it relies on key transparency approaches where end users verify their identity and key bindings. PriviPK uses a new CL key agreement protocol that has the unique property that it allows users to update their public keys without the need to contact a third party (such as a CA) for the recertification process, which allows for cheap forward secrecy and key revocation operations. Furthermore, PriviPK uniquely combines important privacy properties such as forward secrecy, deniability (or non-deniability if desired), and user transparency while avoiding the administrative overhead of certificates for asynchronous communication. PriviPK enables quick bootstrapping of shared keys among participating users, allowing them to encrypt and authenticate each other transparently. We describe an implementation of PriviPK and provide performance measurements that show its minimal computational overhead. We also describe our PriviPK-enabled e2e secure email client, a modification of The Nylas Mail, 2015 email client.

Original languageEnglish
Pages (from-to)1-15
Number of pages15
JournalComputers and Security
Volume70
DOIs
Publication statusPublished - 1 Sep 2017

Fingerprint

Electronic mail
Transparency
certification
transparency
Cryptography
communication
Communication
secrecy
performance measurement
privacy
contact
infrastructure
participation
management

Keywords

  • Application of key transparency
  • Certificateless cryptography
  • Confidentiality
  • End-to-end secure email
  • Key agreement

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this

PriviPK : Certificate-less and secure email communication. / Alsabah, Mashael; Tomescu, Alin; Lebedev, Ilia; Serpanos, Dimitrios; Devadas, Srini.

In: Computers and Security, Vol. 70, 01.09.2017, p. 1-15.

Research output: Contribution to journalArticle

Alsabah, Mashael ; Tomescu, Alin ; Lebedev, Ilia ; Serpanos, Dimitrios ; Devadas, Srini. / PriviPK : Certificate-less and secure email communication. In: Computers and Security. 2017 ; Vol. 70. pp. 1-15.
@article{75edb773f60b458da0f053410193805d,
title = "PriviPK: Certificate-less and secure email communication",
abstract = "We introduce PriviPK, an infrastructure that is based on a novel combination of certificateless (CL) cryptography and key transparency techniques to enable e2e email encryption. Our design avoids (1) key escrow and deployment problems of previous IBC systems, (2) certificate management, as in S/MIME, or participation in complicated Web of Trust, as in PGP, and (3) impersonation attacks because it relies on key transparency approaches where end users verify their identity and key bindings. PriviPK uses a new CL key agreement protocol that has the unique property that it allows users to update their public keys without the need to contact a third party (such as a CA) for the recertification process, which allows for cheap forward secrecy and key revocation operations. Furthermore, PriviPK uniquely combines important privacy properties such as forward secrecy, deniability (or non-deniability if desired), and user transparency while avoiding the administrative overhead of certificates for asynchronous communication. PriviPK enables quick bootstrapping of shared keys among participating users, allowing them to encrypt and authenticate each other transparently. We describe an implementation of PriviPK and provide performance measurements that show its minimal computational overhead. We also describe our PriviPK-enabled e2e secure email client, a modification of The Nylas Mail, 2015 email client.",
keywords = "Application of key transparency, Certificateless cryptography, Confidentiality, End-to-end secure email, Key agreement",
author = "Mashael Alsabah and Alin Tomescu and Ilia Lebedev and Dimitrios Serpanos and Srini Devadas",
year = "2017",
month = "9",
day = "1",
doi = "10.1016/j.cose.2017.04.008",
language = "English",
volume = "70",
pages = "1--15",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",

}

TY - JOUR

T1 - PriviPK

T2 - Certificate-less and secure email communication

AU - Alsabah, Mashael

AU - Tomescu, Alin

AU - Lebedev, Ilia

AU - Serpanos, Dimitrios

AU - Devadas, Srini

PY - 2017/9/1

Y1 - 2017/9/1

N2 - We introduce PriviPK, an infrastructure that is based on a novel combination of certificateless (CL) cryptography and key transparency techniques to enable e2e email encryption. Our design avoids (1) key escrow and deployment problems of previous IBC systems, (2) certificate management, as in S/MIME, or participation in complicated Web of Trust, as in PGP, and (3) impersonation attacks because it relies on key transparency approaches where end users verify their identity and key bindings. PriviPK uses a new CL key agreement protocol that has the unique property that it allows users to update their public keys without the need to contact a third party (such as a CA) for the recertification process, which allows for cheap forward secrecy and key revocation operations. Furthermore, PriviPK uniquely combines important privacy properties such as forward secrecy, deniability (or non-deniability if desired), and user transparency while avoiding the administrative overhead of certificates for asynchronous communication. PriviPK enables quick bootstrapping of shared keys among participating users, allowing them to encrypt and authenticate each other transparently. We describe an implementation of PriviPK and provide performance measurements that show its minimal computational overhead. We also describe our PriviPK-enabled e2e secure email client, a modification of The Nylas Mail, 2015 email client.

AB - We introduce PriviPK, an infrastructure that is based on a novel combination of certificateless (CL) cryptography and key transparency techniques to enable e2e email encryption. Our design avoids (1) key escrow and deployment problems of previous IBC systems, (2) certificate management, as in S/MIME, or participation in complicated Web of Trust, as in PGP, and (3) impersonation attacks because it relies on key transparency approaches where end users verify their identity and key bindings. PriviPK uses a new CL key agreement protocol that has the unique property that it allows users to update their public keys without the need to contact a third party (such as a CA) for the recertification process, which allows for cheap forward secrecy and key revocation operations. Furthermore, PriviPK uniquely combines important privacy properties such as forward secrecy, deniability (or non-deniability if desired), and user transparency while avoiding the administrative overhead of certificates for asynchronous communication. PriviPK enables quick bootstrapping of shared keys among participating users, allowing them to encrypt and authenticate each other transparently. We describe an implementation of PriviPK and provide performance measurements that show its minimal computational overhead. We also describe our PriviPK-enabled e2e secure email client, a modification of The Nylas Mail, 2015 email client.

KW - Application of key transparency

KW - Certificateless cryptography

KW - Confidentiality

KW - End-to-end secure email

KW - Key agreement

UR - http://www.scopus.com/inward/record.url?scp=85019210165&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85019210165&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2017.04.008

DO - 10.1016/j.cose.2017.04.008

M3 - Article

VL - 70

SP - 1

EP - 15

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -