Why Joanie Can Encrypt: Easy Email Encryption with Easy Key Management
| Title | Why Joanie Can Encrypt: Easy Email Encryption with Easy Key Management |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Koh, John S., Bellovin, Steven M., Nieh, Jason |
| Conference Name | Proceedings of the Fourteenth EuroSys Conference 2019 |
| Publisher | Association for Computing Machinery |
| Conference Location | Dresden, Germany |
| ISBN Number | 978-1-4503-6281-8 |
| Keywords | Applied Cryptography, compositionality, Email, encryption audits, IMAP, Key Management, Metrics, PGP, pubcrawl, resilience, Resiliency, S/MIME |
| Abstract | Email privacy is of crucial importance. Existing email encryption approaches are comprehensive but seldom used due to their complexity and inconvenience. We take a new approach to simplify email encryption and improve its usability by implementing receiver-controlled encryption: newly received messages are transparently downloaded and encrypted to a locally-generated key; the original message is then replaced. To avoid the problem of moving a single private key between devices, we implement per-device key pairs: only public keys need be synchronized via a simple verification step. Compromising an email account or server only provides access to encrypted emails. We implemented this scheme on several platforms, showing it works with PGP and S/MIME, is compatible with widely used mail clients and email services including Gmail, has acceptable overhead, and that users consider it intuitive and easy to use. |
| URL | https://dl.acm.org/doi/10.1145/3302424.3303980 |
| DOI | 10.1145/3302424.3303980 |
| Citation Key | koh_why_2019 |