Paper 2023/1294
PrivMail: A Privacy-Preserving Framework for Secure Emails
Abstract
Emails have improved our workplace efficiency and communication. However, they are often processed unencrypted by mail servers, leaving them open to data breaches on a single service provider. Public-key based solutions for end-to-end secured email, such as Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME), are available but are not widely adopted due to usability obstacles and also hinder processing of encrypted emails. We propose PrivMail, a novel approach to secure emails using secret sharing methods. Our framework utilizes Secure Multi-Party Computation techniques to relay emails through multiple service providers, thereby preventing any of them from accessing the content in plaintext. Additionally, PrivMail supports private server-side email processing similar to IMAP SEARCH, and eliminates the need for cryptographic certificates, resulting in better usability than public-key based solutions. An important aspect of our framework is its capability to enable third-party searches on user emails while maintaining the privacy of both the email and the query used to conduct the search. We integrate PrivMail into the current email infrastructure and provide a Thunderbird plugin to enhance user-friendliness. To evaluate our solution, we benchmarked transfer and search operations using the Enron Email Dataset and demonstrate that PrivMail is an effective solution for enhancing email security.
Note: This article is the full and extended version of an article published at ESORICS'23.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. 28th European Symposium on Research in Computer Security (ESORICS 2023)
- Keywords
- Emailsecret sharingoutsourcingprivate keyword searchsecure two-party computationprivate information retrieval
- Contact author(s)
-
chandran @ encrypto cs tu-darmstadt de
nieminen @ encrypto cs tu-darmstadt de
schneider @ encrypto cs tu-darmstadt de
ajith suresh @ tii ae - History
- 2023-09-02: approved
- 2023-08-29: received
- See all versions
- Short URL
- https://ia.cr/2023/1294
- License
-
CC BY-SA
BibTeX
@misc{cryptoeprint:2023/1294, author = {Gowri R Chandran and Raine Nieminen and Thomas Schneider and Ajith Suresh}, title = {{PrivMail}: A Privacy-Preserving Framework for Secure Emails}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1294}, year = {2023}, url = {https://eprint.iacr.org/2023/1294} }