Fiona Lee’s Thesis Defense
October 16th. 2014
Advisor: Dr. Jyh-haw Yeh
Committee: Dr. Dianxiang Xu Dr. Jim Buffenbarger
Email has evolved into one of the most important methods of communication for any individual and organization. It’s amazing how email has transformed our professional and social life. However,current industry standards do not place emphasis on email security;most emails are currently transmitted in plain text over the internet or other networks. Emails can be intercepted easily by others.Potentially, every non-encrypted email sent over a network or stored on a mail server can be read,copied or altered. There is a strong need for secure mail delivery.
Some email service provider such as Google’s Gmail did take
some actions to improve privacy protection based upon https protocol. The main motivation for https is to prevent wiretapping and man-in-the-middle attacks. It provides authentication of the gmail website and associated web server that one is communicating with, and it provides bidirectional encryption of communications between a client computer and the gmail server. In practice, this is a reasonable guarantee that one is communicating with precisely the gmail server that one is intended to communicate with, as well as ensuring that the contents of communications between the user and the gmail server cannot be read or forged by any third party. However, https only prevents emails from being sniffed during networking transmission. It does not prevent email server administrators, or anyone else who can gain access to various email servers to access the email messages because https is not an end-to-end encryption. There are end-to-end encryptions available such as PGP(pretty good privacy), it relies on public-key cryptography, in which users can each publish a public key associated with a certificate that others can use it to encrypt messages to them, while keeping a private key as secret that they can use to decrypt such messages. Set-up, maintaining, publishing own public key and obtaining others’ public key are essential for PGP to work properly. These tasks make PGP encryption not so easy to use for ordinary users who do not have a technical background.
This thesis represents an implementation of an end-to-end, identity-based encryption that can be used to encrypt email massages and attachments. It is end-to-end which means the originating party encrypting data to be readable only by the intended recipient. It is identity-based which means the public key of a user is some unique information about the identity of the user, for instance, the user’s email address. Because users’ public keys are derived from identifiers, identity-based encryption eliminates the need for a public key distribution infrastructure.