Embed Size (px)
Citation preview
1
Mail Saurus
Reference:“Usable Encryption Enabled by AJAX”
J.F. Ryan; B.L. Reid;
Networking and Services, 2006. ICNS '06.
Digital Object Identifier 10.1109/ICNS.2006.114
Speaker: Yan-Shiang Wang
Date: 2007.05.28
2
Motivation
The sender must find a key server where the recipient’s key is stored, confirm with the recipient that it is indeed the recipient’s key.
The vast majority of emails are unencrypted.
The primary barrier to email encryption is usability.
3
Motivation (cont.)
Even if an unencrypted e-mail makes it safely to its destination, it is still vulnerable. malicious insiders external attackers surveillance
4
Flow chart
1. Find the key server
2. Obtain the recipient’s public key
3. Send the encrypted E-Mail to mail server
4. Recipient asks his E-Mail
5. Recipient gets his E-Mail
5
Web-Based Solution
Access from any computer in the world connected to the Internet.
Without rich, intuitive and responsive interfaces.
Web-page must reload the entire page every time the user takes an action.
6
Using AJAX
A marketing term used to describe various programming techniques.
JavaScript running on a Web browser to request data (from the server) and update the page (based on the response) without requiring a reload of the entire page.
7
Goal
Usability Achieved through offering desktop
features Security
Achieved through integrated, transparent encryption
8
Solution
The entire session (browse on web page) can be encrypted over SSL.
All email is encrypted as it arrives at the server using dynamically-generated user-based key pairs.
Outbound e-mail are encrypted and stored on the MailSaurus server.
9
Flow chart
1. Sender edit his E-Mail
2. MailSaurus acknowledges recipient’s mail server
3. Recipient asks his E-Mail
4. Recipient gets his E-Mail URL
5. Recipient goes to MailSaurus to read his E-Mail
10
Quick Response
Created a buffer which accepts server requests and queues them by FIFO In order to preserve the order of server
calls and prevent multiple actions take place simultaneously
A timeout mechanism guards against frozen processes
11
Screenshot
12
Secure Registered E-Mail
When a user wishes to send a secure registered email, MailSaurus encrypts the email message and stores it locally.
MailSaurus sends the recipient a notification email.
It is also a convenient method for senders to send large attachment files.
13
Screenshot
14
Conclusion
No data stored on client Vastly improving the overall security of
the Internet Reducing the opportunities for
attackers and intercept
15
Reference
Integrated Encryption http://en.wikipedia.org/wiki/Integrated_Encryption_Scheme
Transparent Encryption http://en.wikipedia.org/wiki/Transparent_encryption
