Publication Date

12-2014

Date of Final Oral Examination (Defense)

10-16-2014

Type of Culminating Activity

Thesis - Boise State University Access Only

Degree Title

Master of Science in Computer Science

Department

Computer Science

Major Advisor

Jyh-haw Yeh, Ph.D.

Advisor

Dianxiang Xu, Ph.D.

Advisor

Jim Buffenbarger, Ph.D.

Abstract

Email has evolved into one of the most important methods of communication for any individual and organization. However, current industry standards do not place emphasis on email security; most emails are currently transmitted in plain text over the Internet or other networks. Emails can be intercepted easily by others. Potentially, every non-encrypted email sent over a network or stored at an email server can be read, copied, or altered. There is a strong need for secure email delivery.

Some email service providers, such as Google, did take some actions to improve privacy protection based upon https protocol. The main motivation for https is to prevent wiretapping and man-in-the-middle attacks. It provides authentication of the gmail website and associated web server that one is communicating with, and it provides bidirectional encryption of communications between a client computer and the gmail server. In practice, this is a reasonable guarantee that one is communicating with precisely the gmail server that one is intended to communicate with, as well as ensuring that the contents of communications between the user and the gmail server cannot be read or forged by any third party. However, https only prevents emails from being sniffed during networking transmission. It does not prevent email server administrators, or anyone else who can gain access to various email servers to read the email messages because https is not an end-to-end encryption. There are end-to-end encryptions available such as Pretty Good Privacy (PGP); it relies on public-key cryptography, in which users can each publish a public key associated with a certificate that others can use to encrypt messages to them, while keeping a private key as secret that they can use to decrypt such messages. Setting up, maintaining, publishing one's own public key, and obtaining others' public key are essential for PGP to work properly. These tasks make PGP encryption not so easy to use for ordinary users who do not have a technical background.

This thesis represents an implementation of an end-to-end, identity-based encryption that can be used to encrypt email massages and attachments. It is end-to-end, which means the originating party encrypts data to be readable only by the intended recipient. It is identity based, which means the public key of a user is some unique information about the identity of the user, for instance, the user's email address. Because users' public keys are derived from identifiers, identity-based encryption eliminates the need for a public key distribution infrastructure.

Share

COinS