SecureCMail: Securing emails from service providers using secret sharing

Have you ever sent any confidential information such as passport and SSN over email? Your data could be at risk. No worries, we have a solution…

We often send our confidential information such as passport, credit card, social security numbers over email without concern about the security of email services. Existing network security mechanisms provide adequate security from external malicious adversaries and eavesdroppers, but they don’t guarantee that the email service providers (ESPs) wouldn’t or can’t access our email data themselves, which in some cases could be highly confidential. One of the ways to protect email data from ESPs is to use Pretty Good Privacy (PGP) that has many limitations including key storage problem and dependability on third party services, making it cumbersome to use in practice. In this project, we investigate a SecureCMail method that provides email security against ESPs. The proposed method uses a cryptographic secret sharing technique in a novel way and encrypts the email metadata, body and attachments before the email is sent. In the proposed solution, the email sender and receiver must have at least two email accounts on the existing ESPs, which is not unusual today.

SecureCMail Method

People: Priyanka Singh, , Pradeep Atrey
Related Publication: