Why Joanie Can Encrypt: Easy Email Encryption with Easy Key Management
Title | Why Joanie Can Encrypt: Easy Email Encryption with Easy Key Management |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Koh, John S., Bellovin, Steven M., Nieh, Jason |
Conference Name | Proceedings of the Fourteenth EuroSys Conference 2019 |
Publisher | Association for Computing Machinery |
Conference Location | Dresden, Germany |
ISBN Number | 978-1-4503-6281-8 |
Keywords | Applied Cryptography, compositionality, Email, encryption audits, IMAP, Key Management, Metrics, PGP, pubcrawl, resilience, Resiliency, S/MIME |
Abstract | Email privacy is of crucial importance. Existing email encryption approaches are comprehensive but seldom used due to their complexity and inconvenience. We take a new approach to simplify email encryption and improve its usability by implementing receiver-controlled encryption: newly received messages are transparently downloaded and encrypted to a locally-generated key; the original message is then replaced. To avoid the problem of moving a single private key between devices, we implement per-device key pairs: only public keys need be synchronized via a simple verification step. Compromising an email account or server only provides access to encrypted emails. We implemented this scheme on several platforms, showing it works with PGP and S/MIME, is compatible with widely used mail clients and email services including Gmail, has acceptable overhead, and that users consider it intuitive and easy to use. |
URL | https://dl.acm.org/doi/10.1145/3302424.3303980 |
DOI | 10.1145/3302424.3303980 |
Citation Key | koh_why_2019 |