Using Untrusted and Unreliable Cloud Providers to Obtain Private Email

Nicolas Chiapputo, Yvo Desmedt, Kirill Morozov

2023

Abstract

A recent trend for organizations is to shift to cloud services which typically include email. As a result, the natural privacy concerns for users stem not only from outside attackers, but from insiders as well. Our solution does not rely on unproven assumptions and does not need a PKI. To achieve this, we partially rely on concepts from Private and Secure Message Transmission protocols, which are built on top of secret sharing. This technology allows us to distribute trust over email providers. Hence, the system remains secure as long as hackers are unable to penetrate a threshold number of providers, or this set of providers does not form a coalition to attack their users. The prototype of our proposed system has been implemented as an add-on for the Thunderbird email client, using Mozilla’s Web Crypto API and Rempe’s secret.js library. It currently supports the following secret sharing schemes: the 2-out-2 additive scheme (set as a default), the k-out-n threshold Shamir scheme, and the Rabin and Ben-Or robust scheme.

Download


Paper Citation


in Harvard Style

Chiapputo N., Desmedt Y. and Morozov K. (2023). Using Untrusted and Unreliable Cloud Providers to Obtain Private Email. In Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-666-8, SciTePress, pages 171-182. DOI: 10.5220/0012090700003555


in Bibtex Style

@conference{secrypt23,
author={Nicolas Chiapputo and Yvo Desmedt and Kirill Morozov},
title={Using Untrusted and Unreliable Cloud Providers to Obtain Private Email},
booktitle={Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2023},
pages={171-182},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012090700003555},
isbn={978-989-758-666-8},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Using Untrusted and Unreliable Cloud Providers to Obtain Private Email
SN - 978-989-758-666-8
AU - Chiapputo N.
AU - Desmedt Y.
AU - Morozov K.
PY - 2023
SP - 171
EP - 182
DO - 10.5220/0012090700003555
PB - SciTePress