Over the years, email has evolved into one of the most widely used communication channels for both individuals and organizations. However, despite near ubiquitous use in much of the world, current information technology standards do not place emphasis on email security. Not until recently, webmail services such as Yahoo's mail and Google's gmail started to encrypt emails for privacy protection. However, the encrypted emails will be decrypted and stored in the service provider's servers. If the servers are malicious or compromised, all the stored emails can be read, copied and altered. Thus, there is a strong need for end-to-end (E2E) email encryption to protect email user's privacy. In this paper, we present a certificateless one-way group key agreement protocol with the following features, which are suitable to implement E2E email encryption: (1) certificateless and thus there is no key escrow problem and no public key certificate infrastructure is required; (2) one-way group key agreement and thus no back-and-forth message exchange is required; and (3) n-party group key agreement (not just 2- or 3-party). This paper also provides a security proof for the proposed protocol using "proof by simulation". Finally, efficiency analysis of the protocol is presented at the end of the paper.
© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. https://doi.org/10.1109/PRDC.2018.00014
Yeh, Jyh-Haw; Sridhar, Srisarguru; Dagher, Gaby G.; Sun, Hung-Min; Shen, Ning; and White, Kathleen Dakota. (2018). "A Certificateless One-Way Group Key Agreement Protocol for End-to-End Email Encryption". 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC), 34-43. https://doi.org/10.1109/PRDC.2018.00014