Login | Register

FriendlyMail: Confidential and Verified Emails among Friends


FriendlyMail: Confidential and Verified Emails among Friends

Saberi Pirouz, Atieh, Rabotka, Vladimir and Mannan, Mohammad (2014) FriendlyMail: Confidential and Verified Emails among Friends. Technical Report. UNSPECIFIED. (Unpublished)

[thumbnail of friendlymail-techreport.pdf]
Text (application/pdf)
friendlymail-techreport.pdf - Draft Version
Available under License Spectrum Terms of Access.


Despite being one of the most basic and popular Internet applications, email still largely lacks user-to-user cryptographic protections. From a research perspective, designing privacy-preserving techniques for email services is complicated by the requirement of balancing security and ease-of-use needs of everyday users. For example, users cannot be expected to manage long-term keys (e.g., PGP key-pair), or understand crypto primitives. To enable intuitive email protections for a large number of users, we design FriendlyMail by leveraging existing relationships between a sender and receiver on an online social networking (OSN) site. FriendlyMail can pro- vide integrity, authentication and confidentiality guarantees for user-selected messages among OSN friends. A confidentiality-protected email is encrypted by a randomly-generated key, and the key and hash of the encrypted content are privately shared with the receiver via the OSN site. Our implementation consists of a Firefox addon and a Facebook app, and can secure the web-based Gmail service using Facebook as the OSN site; the addon is available at: https://madiba.encs.concordia.ca/software/friendlymail/. However, the design can be implemented for preferred email/OSN services as long as the email and OSN providers are non-colluding parties. FriendlyMail is a client-end solution and does not require changes to email or OSN servers. In contrast to most other solutions, we limit our target user base to existing OSN users, to facilitate ease of adoption. In this paper, the focus of our discussion includes: the design, implementation and security analysis of the proposed solution. We acknowledge that a user study will be required to validate usability-related features of FriendlyMail. We are currently considering a comprehensive user study as separate future work; cf. past such studies of PGP (Whitten and Tygar, USENIX Security 1999), S/MIME (Garfinkel and Miller, SOUPS 2005).

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Monograph (Technical Report)
Authors:Saberi Pirouz, Atieh and Rabotka, Vladimir and Mannan, Mohammad
ID Code:978331
Deposited By: Mohammad Mannan
Deposited On:20 Mar 2014 21:33
Last Modified:22 Jan 2018 16:33
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top