Securing Email

Email is the most ubiquitous and interoperable form of online communication today. However, email was not conceived with strong security guarantees, and the ensuing security enhancements are, by contrast, lacking in both ubiquity and interoperability. This state of affairs motivates our work. Our contributions include: (1) a systematization of secure email approaches taken by industry, academia, and independent developers; (2) an evaluation framework for proposed or deployed email security enhancements and a measurement of their security, deployability, and usability; (3) a stakeholder analysis and informed discussion of the current state of secure email; and (4) a research agenda highlighting open problems judged to be useful in pursuing secure email.

[1]  Susan Young,et al.  Anatomy of an Attack , 2003 .

[2]  Jeremy Clark,et al.  2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .

[3]  Christopher Hadnagy,et al.  Social Engineering: The Art of Human Hacking , 2010 .

[4]  He Liu,et al.  Click Trajectories: End-to-End Analysis of the Spam Value Chain , 2011, 2011 IEEE Symposium on Security and Privacy.

[5]  Randall Gellens,et al.  Message Submission for Mail , 2006, RFC.

[6]  Seny Kamara Encrypted Search , 2015, XRDS.

[7]  Jim Fenton,et al.  Analysis of Threats Motivating DomainKeys Identified Mail (DKIM) , 2006, RFC.

[8]  Ramaswamy Chandramouli,et al.  NIST Special Publication 800-177: Trustworthy Email , 2016 .

[9]  Yevgeniy Vorobeychik,et al.  Optimal Personalized Filtering Against Spear-Phishing Attacks , 2015, AAAI.

[10]  Michael J. Freedman,et al.  CONIKS: Bringing Key Transparency to End Users , 2015, USENIX Security Symposium.

[11]  G. Loewenstein,et al.  Privacy and human behavior in the age of information , 2015, Science.

[12]  Steven M. Bellovin Easy Email Encryption , 2016, IEEE Secur. Priv..

[13]  Blake Ramsdell,et al.  S/MIME Version 3 Message Specification , 1999, RFC.

[14]  Mark Ryan,et al.  Enhanced Certificate Transparency and End-to-End Encrypted Mail , 2014, NDSS.

[15]  Stefan Savage,et al.  An inquiry into the nature and causes of the wealth of internet miscreants , 2007, CCS '07.

[16]  Sean Turner,et al.  Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification , 2019, RFC.

[17]  Mohammad Maifi Hasan Khan,et al.  Why Do They Do What They Do?: A Study of What Motivates Users to (Not) Follow Computer Security Advice , 2016, SOUPS.

[18]  Ada Lerner,et al.  Confidante: Usable Encrypted Email: A Case Study with Lawyers and Journalists , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[19]  Daiping Liu,et al.  All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records , 2016, CCS.

[20]  Peter G. Neumann,et al.  The risks of key recovery, key escrow, and trusted third-party encryption , 1997, World Wide Web J..

[21]  J. Alex Halderman,et al.  Neither Snow Nor Rain Nor MITM...: An Empirical Analysis of Email Delivery Security , 2015, Internet Measurement Conference.

[22]  Ian Goldberg,et al.  Privacy-Enhancing Technologies for the Internet, II: Five Years Later , 2002, Privacy Enhancing Technologies.

[23]  Ben Laurie,et al.  Certificate transparency , 2014, Commun. ACM.

[24]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[25]  Thomas A. Peters,et al.  Privacy on the line: The politics of wiretapping and encryption , 1998 .

[26]  Shari Lawrence Pfleeger,et al.  Going Spear Phishing: Exploring Embedded Training and Awareness , 2014, IEEE Security & Privacy.

[27]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[28]  Harry Halpin,et al.  LEAP: A Next-Generation Client VPN and Encrypted Email Provider , 2016, CANS.

[29]  Kurt Andersen,et al.  Recommended Usage of the Authenticated Received Chain (ARC) , 2016 .

[30]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[31]  Arvind Narayanan,et al.  I never signed up for this! Privacy implications of email tracking , 2018, Proc. Priv. Enhancing Technol..

[32]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[33]  David A. Wagner,et al.  Privacy-enhancing technologies for the Internet , 1997, Proceedings IEEE COMPCON 97. Digest of Papers.

[34]  Volker Roth,et al.  Security and usability engineering with particular attention to electronic mail , 2005, Int. J. Hum. Comput. Stud..

[35]  Daniel Zappala,et al.  Private Webmail 2.0: Simple and Easy-to-Use Secure Email , 2016, UIST.

[36]  Nathaniel S. Borenstein,et al.  Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies , 1996, RFC.

[37]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[38]  Stephen T. Kent,et al.  Internet Privacy Enhanced Mail , 1993, CACM.

[39]  Scott Kitterman,et al.  Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1 , 2014, RFC.

[40]  Kurt Andersen,et al.  Authenticated Received Chain (ARC) , 2016 .

[41]  David Shaw,et al.  OpenPGP Message Format , 1998, RFC.

[42]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[43]  Paul C. van Oorschot,et al.  An Administrator's Guide to Internet Password Research , 2014, LISA.

[44]  Ian Brown,et al.  Security against compelled disclosure , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[45]  白石 善明,et al.  "Confused Johnny: When Automatic Encryption Leads to Confusion and Mistakes"の紹介 , 2013 .

[46]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[47]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[48]  D. H. Crocker,et al.  Standard for the format of arpa intemet text messages , 1982 .

[49]  Arnt Gulbrandsen,et al.  IMAP Extension for Simple Authentication and Security Layer (SASL) Initial Client Response , 2007, RFC.

[50]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[51]  Burton S. Kaliski Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services , 1993, RFC.

[52]  Mahdi N. Al-Ameen,et al.  When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers , 2017, USENIX Security Symposium.

[53]  Ian Goldberg,et al.  SoK: Secure Messaging , 2015, 2015 IEEE Symposium on Security and Privacy.

[54]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[55]  Gianluca Stringhini,et al.  The Tricks of the Trade: What Makes Spam Campaigns Successful? , 2014, 2014 IEEE Security and Privacy Workshops.

[56]  Matthew Smith,et al.  An Empirical Study of Textual Key-Fingerprint Representations , 2016, USENIX Security Symposium.

[57]  Benjamin Livshits,et al.  ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.

[58]  Doowon Kim,et al.  An Inconvenient Trust: User Attitudes toward Security and Usability Tradeoffs for Key-Directory Encryption Systems , 2016, SOUPS.

[59]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[60]  Daniel Zappala,et al.  "We're on the Same Page": A Usability Study of Secure Email Using Pairs of Novice Users , 2015, CHI.

[61]  Ben Laurie,et al.  “ Proof-of-Work ” Proves Not to Work version 0 . 2 , 2004 .

[62]  Alexey Melnikov,et al.  SMTP Service Extension for Authentication , 2007, RFC.

[63]  Ian Goldberg,et al.  Leading Johnny to Water: Designing for Usability and Trust , 2015, SOUPS.

[64]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[65]  Nikita Borisov,et al.  Off-the-record communication, or, why not to use PGP , 2004, WPES '04.

[66]  Rob Miller,et al.  Johnny 2: a user test of key continuity management with S/MIME and Outlook Express , 2005, SOUPS '05.

[67]  Wouter Joosen,et al.  WebJail: least-privilege integration of third-party components in web mashups , 2011, ACSAC '11.

[68]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[69]  Brent Waters,et al.  Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs , 2010, NDSS.

[70]  Simson L. Garfinkel,et al.  How to make secure email easier to use , 2005, CHI.

[71]  Stefan Savage,et al.  Security by Any Other Name: On the Effectiveness of Provider Based Email Security , 2015, CCS.

[72]  Gianluca Stringhini,et al.  B@bel: Leveraging Email Delivery for Spam Mitigation , 2012, USENIX Security Symposium.

[73]  Daniel Zappala,et al.  Weighing Context and Trade-offs: How Suburban Adults Selected Their Online Security Posture , 2017, SOUPS.

[74]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[75]  Paul E. Hoffman,et al.  SMTP Service Extension for Secure SMTP over Transport Layer Security , 2002, RFC.

[76]  Philip Zimmermann,et al.  PGP source code and internals , 1995 .

[77]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part II - certificate-based key management , 1987, Request for Comments.

[78]  Urs Gasser,et al.  Don't Panic: Making Progress on the "Going Dark" Debate , 2016 .

[79]  Raph Levien,et al.  MIME Security with OpenPGP , 2001, RFC.

[80]  M. Angela Sasse,et al.  Obstacles to the Adoption of Secure Communication Tools , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[81]  Apu Kapadia A Case (Study) For Usability in Secure Email Communication , 2007, IEEE Security & Privacy.

[82]  Mohamed Ali Kâafar,et al.  TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication , 2015, NDSS.

[83]  Lorrie Faith Cranor,et al.  A Framework for Reasoning About the Human in the Loop , 2008, UPSEC.

[84]  Craig Partridge,et al.  The Technical Development of Internet Email , 2008, IEEE Annals of the History of Computing.

[85]  Mat Ford DANE: Taking TLS Authentication to the Next Level Using DNSSEC , 2011 .

[86]  Edward W. Felten,et al.  Secrecy, flagging, and paranoia: adoption criteria in encrypted email , 2006, CHI.

[87]  Melanie Volkamer,et al.  Why Doesn't Jane Protect Her Privacy? , 2014, Privacy Enhancing Technologies.

[88]  Daniel Zappala,et al.  Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client , 2015, ArXiv.

[89]  David Lacey,et al.  Death by a Thousand Facts: Criticising the Technocratic Approach to Information Security Awareness , 2012, Inf. Manag. Comput. Secur..

[90]  Youssef Iraqi,et al.  Phishing Detection: A Literature Survey , 2013, IEEE Communications Surveys & Tutorials.

[91]  Nick Mathewson,et al.  Anonymity Loves Company: Usability and the Network Effect , 2006, WEIS.

[92]  A. Narayanan What happened to the crypto dream?, Part 2 , 2013, IEEE Security & Privacy.

[93]  L. Jean Camp Mental models of privacy and security , 2009, IEEE Technology and Society Magazine.

[94]  Murray S. Kucherawy,et al.  Domain-based Message Authentication, Reporting, and Conformance (DMARC) , 2015, RFC.

[95]  John Linn,et al.  Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures , 1987, RFC.

[96]  Matt Blaze,et al.  Transparent Internet E-mail Security , 1996 .

[97]  Markus Huber,et al.  No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large , 2015, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[98]  Matthew Green,et al.  Keys under doormats , 2015, J. Cybersecur..

[99]  Russ Housley,et al.  Cryptographic Message Syntax (CMS) , 2002, RFC.

[100]  Gianluca Stringhini,et al.  The harvester, the botmaster, and the spammer: on the relations between the different actors in the spam landscape , 2014, AsiaCCS.

[101]  Stefan Savage,et al.  PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs , 2012, USENIX Security Symposium.

[102]  Chris Newman,et al.  Using TLS with IMAP, POP3 and ACAP , 1999, RFC.

[103]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[104]  Bruce Schneier,et al.  An improved e-mail security protocol , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[105]  Hung-Min Sun,et al.  A Study of User-Friendly Hash Comparison Schemes , 2009, 2009 Annual Computer Security Applications Conference.

[106]  Robert Siemborski,et al.  The Post Office Protocol (POP3) Simple Authentication and Security Layer (SASL) Authentication Mechanism , 2007, RFC.

[107]  Laura A. Dabbish,et al.  "My Data Just Goes Everywhere: " User Mental Models of the Internet and Implications for Privacy and Security , 2015, SOUPS.

[108]  Carlisle Adams,et al.  Understanding PKI: Concepts, Standards, and Deployment Considerations , 1999 .

[109]  Paul E. Hoffman,et al.  The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA , 2012, RFC.

[110]  David Chaum,et al.  Designated Confirmer Signatures , 1994, EUROCRYPT.

[111]  Hilarie Orman Encrypted Email: The History and Technology of Message Privacy , 2015 .

[112]  Sean W. Smith,et al.  ABUSE: PKI for Real-World Email Trust , 2009, EuroPKI.

[113]  Sebastian Günther Folk Models of Home Computer Security , 2012 .

[114]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part III - algorithms, modes, and identifiers , 1989, RFC.

[115]  Murray S. Kucherawy,et al.  DomainKeys Identified Mail (DKIM) Signatures , 2011, RFC.

[116]  Markus Huber,et al.  When SIGNAL hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging , 2016 .

[117]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[118]  Phillip M. Hallam-Baker,et al.  DomainKeys Identified Mail (DKIM) Service Overview , 2009, RFC.

[119]  Ian Goldberg,et al.  Privacy Enhancing Technologies for the Internet III : Ten Years Later ∗ , 1997 .

[120]  Ian Goldberg,et al.  A pseudonymous communications infrastructure for the internet , 2000 .

[121]  S. D. Wolthusen A distributed multipurpose mail guard , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[122]  Ralf Sasse,et al.  ARPKI: Attack Resilient Public-Key Infrastructure , 2014, CCS.

[123]  Stephen Farrell Why Don't We Encrypt Our Email? , 2009, IEEE Internet Computing.