Paper 2023/1294

PrivMail: A Privacy-Preserving Framework for Secure Emails

Gowri R Chandran, Technical University of Darmstadt
Raine Nieminen, Technical University of Darmstadt
Thomas Schneider, Technical University of Darmstadt
Ajith Suresh, Technology Innovation Institute
Abstract

Emails have improved our workplace efficiency and communication. However, they are often processed unencrypted by mail servers, leaving them open to data breaches on a single service provider. Public-key based solutions for end-to-end secured email, such as Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME), are available but are not widely adopted due to usability obstacles and also hinder processing of encrypted emails. We propose PrivMail, a novel approach to secure emails using secret sharing methods. Our framework utilizes Secure Multi-Party Computation techniques to relay emails through multiple service providers, thereby preventing any of them from accessing the content in plaintext. Additionally, PrivMail supports private server-side email processing similar to IMAP SEARCH, and eliminates the need for cryptographic certificates, resulting in better usability than public-key based solutions. An important aspect of our framework is its capability to enable third-party searches on user emails while maintaining the privacy of both the email and the query used to conduct the search. We integrate PrivMail into the current email infrastructure and provide a Thunderbird plugin to enhance user-friendliness. To evaluate our solution, we benchmarked transfer and search operations using the Enron Email Dataset and demonstrate that PrivMail is an effective solution for enhancing email security.

Note: This article is the full and extended version of an article published at ESORICS'23.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. 28th European Symposium on Research in Computer Security (ESORICS 2023)
Keywords
Emailsecret sharingoutsourcingprivate keyword searchsecure two-party computationprivate information retrieval
Contact author(s)
chandran @ encrypto cs tu-darmstadt de
nieminen @ encrypto cs tu-darmstadt de
schneider @ encrypto cs tu-darmstadt de
ajith suresh @ tii ae
History
2023-09-02: approved
2023-08-29: received
See all versions
Short URL
https://ia.cr/2023/1294
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX 

@misc{cryptoeprint:2023/1294,
      author = {Gowri R Chandran and Raine Nieminen and Thomas Schneider and Ajith Suresh},
      title = {PrivMail: A Privacy-Preserving Framework for Secure Emails},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1294},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1294}},
      url = {https://eprint.iacr.org/2023/1294}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.