SECURITY SYSTEM TALK :« PrivMail: a novel approach to secure emails"

Gowri R Chandran -
Digital Security

Date: -
Location: Eurecom

Abstract: Emails have improved our workplace efficiency and communication. However, they are often processed unencrypted by mail servers, leaving them open to data breaches on a single service provider. Public-key based solutions for end-to-end secured email, such as PGP and S/MIME, are available but are not widely adopted due to usability obstacles and also hinder processing of encrypted emails. We propose PrivMail, a novel approach to secure emails using secret sharing methods. Our framework utilizes MPC techniques to relay emails through multiple service providers, thereby preventing any of them from accessing the content in plaintext. Additionally, PrivMail supports private server-side email processing similar to IMAP SEARCH, and eliminates the need for cryptographic certificates, resulting in better usability than public-key based solutions. An important aspect of our framework is its capability to enable third-party searches on user emails while maintaining the privacy of both the email and the query used to conduct the search. We integrate PrivMail into the current email infrastructure and provide a Thunderbird plugin to enhance user-friendliness. To evaluate our solution, we benchmark transfer and search operations using the Enron Email Dataset and demonstrate that PrivMail is an effective solution for enhancing email security. Short bio: Gowri R Chandran is currently doing her PhD with Prof. Dr.-Ing. Thomas Schneider at Technical University of Darmstadt in Germany. Her main field of study is application of Secure Multi-party Computation (MPC). She works on applying MPC-based solutions to real world use-cases in an efficient manner. She also works on applying Differential Privacy to MPC protocols to offer additional privacy guarantees or to hide leakages.