S3Email: A method for securing emails from service providers

We often send our confidential information such as passport, credit card, social security numbers over email without concern about the security of email services. Existing network security mechanisms provide adequate security from external malicious adversaries and eavesdroppers, but they don't guarantee that the email service providers (ESPs) wouldn't or can't access our email data themselves, which in some cases could be highly confidential. One of the ways to protect email data from ESPs is to use Pretty Good Privacy (PGP) that has many limitations including key storage problem and dependability on third party services, making it cumbersome to use in practice. In this paper, we present S3Email method that provides email security against ESPs. The proposed method uses a cryptographic secret sharing technique in a novel way and encrypts the email metadata, body and attachments before the email is sent. In the proposed solution, the email sender and receiver must have at least two email accounts on the existing ESPs, which is not unusual today. Experiments and analysis show that the S3Email method provides information theoretic security with minimal computational overhead.

[1]  Shin-Jia Hwang,et al.  Deniable Authentication Protocols with Confidentiality and Anonymous Fair Protections , 2013 .

[2]  Manoj Misra,et al.  A secure image sharing scheme based on SVD and Fractional Fourier Transform , 2017, Signal Process. Image Commun..

[3]  Lein Harn,et al.  Design of Fully Deniable Authentication Service for E-mail Applications , 2008, IEEE Communications Letters.

[4]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[5]  Dong Hoon Lee,et al.  Privacy-Enhanced Deniable Authentication E-Mail Service , 2011, DEIS.

[6]  Ying Luo,et al.  Efficient multi-party computation with collusion-deterred secret sharing , 2014, 2014 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[7]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[8]  Shin-Jia Hwang,et al.  Confidential deniable authentication using promised signcryption , 2011, J. Syst. Softw..

[9]  Sean Turner,et al.  Secure/Multipurpose Internet Mail Extensions , 2010, IEEE Internet Computing.

[10]  Lipika Dey,et al.  Email Analytics for Support Center Performance Analysis , 2014, 2014 IEEE International Conference on Data Mining Workshop.

[11]  Peng Xu,et al.  Conditional Identity-Based Broadcast Proxy Re-Encryption and Its Application to Cloud Email , 2016, IEEE Transactions on Computers.

[12]  Chin-Chen Chang,et al.  Fully Deniable Message Authentication Protocols Preserving Confidentiality , 2011, Comput. J..