Visible to the public Why Joanie Can Encrypt: Easy Email Encryption with Easy Key Management

TitleWhy Joanie Can Encrypt: Easy Email Encryption with Easy Key Management
Publication TypeConference Paper
Year of Publication2019
AuthorsKoh, John S., Bellovin, Steven M., Nieh, Jason
Conference NameProceedings of the Fourteenth EuroSys Conference 2019
PublisherAssociation for Computing Machinery
Conference LocationDresden, Germany
ISBN Number978-1-4503-6281-8
KeywordsApplied Cryptography, compositionality, Email, encryption audits, IMAP, Key Management, Metrics, PGP, pubcrawl, resilience, Resiliency, S/MIME
Abstract

Email privacy is of crucial importance. Existing email encryption approaches are comprehensive but seldom used due to their complexity and inconvenience. We take a new approach to simplify email encryption and improve its usability by implementing receiver-controlled encryption: newly received messages are transparently downloaded and encrypted to a locally-generated key; the original message is then replaced. To avoid the problem of moving a single private key between devices, we implement per-device key pairs: only public keys need be synchronized via a simple verification step. Compromising an email account or server only provides access to encrypted emails. We implemented this scheme on several platforms, showing it works with PGP and S/MIME, is compatible with widely used mail clients and email services including Gmail, has acceptable overhead, and that users consider it intuitive and easy to use.

URLhttps://dl.acm.org/doi/10.1145/3302424.3303980
DOI10.1145/3302424.3303980
Citation Keykoh_why_2019