research-article

Usable secure mailing lists with untrusted servers

Authors:

Himanshu KhuranaAuthors Info & Claims

IDtrust '09: Proceedings of the 8th Symposium on Identity and Trust on the Internet

Pages 103 - 116

https://doi.org/10.1145/1527017.1527032

Published: 14 April 2009 Publication History

Abstract

Mailing lists are a natural technology for supporting messaging in multi-party, cross-domain collaborative tasks. However, whenever sensitive information is exchanged on such lists, security becomes crucial. We have earlier developed a prototype secure mailing list solution called SELS (Secure Email List Services) based on proxy encryption techniques [20], which enables the transformation of cipher-text from one key to another without revealing the plain-text. Emails exchanged using SELS are ensured confidentiality, integrity, and authentication. This includes ensuring their confidentiality while in transit at the list server; a functionality that is uniquely supported by SELS through proxy re-encryption. In this work we describe our efforts in studying and enhancing the usability of the software system and our experiences in supporting a production environment that currently is used by more than 50 users in 11 organizations. As evidence of its deployability, SELS is compatible with common email clients including Outlook, Thunderbird, Mac Mail, Emacs, and Mutt. As evidence of its usability, the software is being used by several national and international incident response teams.

References

[1]

G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Transactions on Information and System Security, 9(1):1--30, 2006.

Digital Library

[2]

M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography. In EUROCRYPT, pages 127--144, 1998.

[3]

D. Boneh, C. Gentry, and B. Waters. Collusion resistant broadcast encryption with short ciphertexts and private keys. In Proceedings of International Cryptology Conference (CRYPTO), pages 258--275, 2005.

Digital Library

[4]

J. Brooke. SUS: a quick and dirty usability scale. In P. W. Jordan, B. Thomas, B. A. Weerdmeester and A. L. McClelland (eds.). Usability Evaluation in Industry. London: Taylor and Francis., 1996.

[5]

N. Brownlee and E. Guttman. Expectations for Computer Security Incident Response. IETF Network Working Group, Requests for Comments, RFC 2350, June 1998.

Digital Library

[6]

J. Callas, L. Donnerhacke, H. Finney, and R. Thayer. OpenPGP Message Format. IETF Network Working Group, Request for Comments, RFC 2440, November 1998.

Digital Library

[7]

R. Canetti and S. Hohenberger. Chosen-ciphertext secure proxy re-encryption. In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pages 185--194, New York, NY, USA, 2007. ACM.

Digital Library

[8]

Y.-P. Chiu, C.-L. Lei, and C.-Y. Huang. Secure multicast using proxy encryption. In International Conference on Information and Communications Security (ICICS), pages 280--290, 2005.

Digital Library

[9]

A. J. DeWitt and J. Kuljis. Aligning usability and security: a usability study of polaris. In SOUPS '06: Proceedings of the second symposium on Usable privacy and security, pages 1--7, New York, NY, USA, 2006. ACM Press.

Digital Library

[10]

L. Faulkner and D. Wick. Cross-user analysis: Benefits of skill level comparison in usability testing. Interacting with Computers, 17(6):773--786, 2005.

Digital Library

[11]

S. L. Garfinkel, D. Margrave, J. I. Schiller, E. Nordlander, and R. C. Miller. How to make secure email easier to use. In CHI: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 701--710, 2005.

Digital Library

[12]

S. L. Garfinkel and R. C. Miller. Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express. In Symposium on Usable Privacy and Security (SOUPS '05), 2005.

Digital Library

[13]

S. L. Garfinkel, J. I. Schiller, E. Nordlander, D. Margrave, and R. C. Miller. Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce. In Financial Cryptography, pages 188--202, 2005.

Digital Library

[14]

S. Gaw, E. W. Felten, and P. Fernandez-Kelly. Secrecy, flagging, and paranoia: adoption criteria in encrypted email. In CHI '06: Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 591--600, New York, NY, USA, 2006. ACM Press.

Digital Library

[15]

M. Green and G. Ateniese. Identity-based proxy re-encryption. In Applied Cryptography and Network Security (ACNS), pages 288--306, 2007.

Digital Library

[16]

P. Hoffman. Enhanced Security Services for S/MIME. IETF Network Working Group Request for Comments (RFC) Document 2634, June 1999.

Digital Library

[17]

A.-A. Ivan and Y. Dodis. Proxy cryptography revisited. In Proceedings of the Network and Distributed System Security (NDSS) Symposium, 2003.

[18]

M. Jakobsson. On quorum controlled asymmetric proxy re-encryption. In PKC '99: Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography, pages 112--121, London, UK, 1999. Springer-Verlag.

Digital Library

[19]

A. Kapadia, P. Tsang, and S. W. Smith. Attribute-Based Publishing with Hidden Credentials and Hidden Policies. In Proceedings of The 14th Annual Network and Distributed System Security Symposium (NDSS '07), February 2007.

[20]

H. Khurana, J. Heo, and M. Pant. From proxy encryption primitives to a deployable secure-mailing-list solution. In International Conference on Information and Communications Security (ICICS), pages 260--281, 2006.

Digital Library

[21]

Y. Kim, A. Perrig, and G. Tsudik. Tree-based group key agreement. ACM Transactions on Information and System Security, 7(1):60--96, 2004.

Digital Library

[22]

M. Mambo and E. Okamoto. Proxy cryptosystem: Delegation of the power to decrypt ciphertexts. IEICE Transaction on Fundamentals of Electronics, Communications and Computer Sciences, E80(A(1)):54--63, 1997.

[23]

J. Nielsen. Novice vs. Expert Users. http://www.useit.com/alertbox/20000206.html, Feb 2000.

[24]

J. Nielsen. Why You Only Need to Test With 5 Users. http://www.useit.com/alertbox/20000319.html, March 2000.

[25]

J. Nielsen. Quantitative Studies: How Many Users to Test. http://www.useit.com/alertbox/quantitativetesting.html, June 2006.

[26]

J. Nielsen and T. K. Landauer. A mathematical model of the finding of usability problems. In CHI '93: Proceedings of the INTERACT '93 and CHI '93 conference on Human factors in computing systems, pages 206--213, New York, NY, USA, 1993. ACM.

Digital Library

[27]

D. Pinelle and C. Gutwin. Groupware walkthrough: adding context to groupware usability evaluation. In CHI '02: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 455--462, New York, NY, 2002.

Digital Library

[28]

V. Roth, T. Straub, and K. Richter. Security and usability engineering with particular attention to electronic mail. International Journal on Human Computer Studies, 63(1--2):51--73, 2005.

Digital Library

[29]

T. S. Tulis and J. N. Stetson. A Comparison of Questionnaires for Assessing Website Usability. In Usability Professional Association Conference, 2004.

[30]

W. Wei, X. Ding, and K. Chen. Multiplex encryption: A practical approach to encrypting multi-recipient emails. In International Conference on Information and Communications Security (ICICS), pages 269--279, 2005.

Digital Library

[31]

M. J. West-Brown, D. Stikvoort, K.-P. Kossakowski, G. Killcrece, R. Ruefle, and M. Zajicek. Handbook for Computer Security Incident Response Teams (CSIRTs). CERT Handbook, CMU/SEI-2003-HB-002, April 2003.

[32]

A. Whitten and J. Tygar. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In 8th USENIX Security Symposium, 1999.

Digital Library

[33]

C. K. Wong, M. Gouda, and S. S. Lam. Secure group communications using key graphs. IEEE/ACM Transactions on Networking, 8(1):16--30, 2000.

Digital Library

[34]

J. Zhou. On the security of a multi-party certified email protocol. In International Conference on Information and Communications Security (ICICS), pages 40--52, 2004.

[35]

L. Zhou, M. A. Marsh, F. B. Schneider, and A. Redz. Distributed linding for distributed elgamal re-encryption. In ICDCS '05: Proceedings of the 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05), pages 824--824, Washington, DC, USA, 2005. IEEE Computer Society.

Digital Library

Cited By

Seo JYum DLee P(2019)Proxy-invisible CCA-secure type-based proxy re-encryption without random oraclesTheoretical Computer Science10.5555/2846453.2846468491:C(83-93)Online publication date: 6-Jan-2019
https://dl.acm.org/doi/10.5555/2846453.2846468
Buzzi MGennai FPetrucci CTrutnev D(2017)Interoperability challenge of certified communication systems via internetProceedings of the Internationsl Conference on Electronic Governance and Open Society: Challenges in Eurasia10.1145/3129757.3129785(166-171)Online publication date: 4-Sep-2017
https://dl.acm.org/doi/10.1145/3129757.3129785
Zhang JZhang Z(2015)Secure and efficient data-sharing in cloudsConcurrency and Computation: Practice & Experience10.1002/cpe.339527:8(2125-2143)Online publication date: 10-Jun-2015
https://dl.acm.org/doi/10.1002/cpe.3395
Show More Cited By

Index Terms

Usable secure mailing lists with untrusted servers

Recommendations

Security-enhanced mailing lists

The Computer Center at the Technical University of Berlin (PRZ) has developed a security-enhanced mail exploder. It uses the well-known technology of public key cryptography to improve confidentiality and authenticity of a mailing list. One of the ...
Electronic mailing list
SIGCSE mailing lists

For me, one of the best SIGCSE membership benefits is having access to the organization's mailing lists. We first began using an electronic listserv or mailing list in 1994 to be able to communicate with each other more easily and discuss issues and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

IDtrust '09: Proceedings of the 8th Symposium on Identity and Trust on the Internet

April 2009

131 pages

ISBN:9781605584744

DOI:10.1145/1527017

Editors:
Kent Seamons
Brigham Young University
,
Neal McBurnett
Internet2
,
Tim Polk
National Institute of Standards and Technology

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Internet2
The National Institute of Standards and Technology
OASIS IDtrust Member Section
FPKIPA: Federal Public Key Infrastructure Policy Authority

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Office of Naval Research

Conference

IDtrust '09

Sponsor:

FPKIPA

IDtrust '09: 8th Symposium on Identity and Trust on the Internet

April 14 - 16, 2009

Maryland, Gaithersburg, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
406
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Seo JYum DLee P(2019)Proxy-invisible CCA-secure type-based proxy re-encryption without random oraclesTheoretical Computer Science10.5555/2846453.2846468491:C(83-93)Online publication date: 6-Jan-2019
https://dl.acm.org/doi/10.5555/2846453.2846468
Buzzi MGennai FPetrucci CTrutnev D(2017)Interoperability challenge of certified communication systems via internetProceedings of the Internationsl Conference on Electronic Governance and Open Society: Challenges in Eurasia10.1145/3129757.3129785(166-171)Online publication date: 4-Sep-2017
https://dl.acm.org/doi/10.1145/3129757.3129785
Zhang JZhang Z(2015)Secure and efficient data-sharing in cloudsConcurrency and Computation: Practice & Experience10.1002/cpe.339527:8(2125-2143)Online publication date: 10-Jun-2015
https://dl.acm.org/doi/10.1002/cpe.3395
Garfinkel SLipford H(2014)Usable Security: History, Themes, and ChallengesSynthesis Lectures on Information Security, Privacy, and Trust10.2200/S00594ED1V01Y201408SPT0115:2(1-124)Online publication date: 20-Sep-2014
https://doi.org/10.2200/S00594ED1V01Y201408SPT011
EMURA KMIYAJI AOMOTE K(2011)A Timed-Release Proxy Re-Encryption SchemeIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences10.1587/transfun.E94.A.1682E94-A:8(1682-1695)Online publication date: 2011
https://doi.org/10.1587/transfun.E94.A.1682
Emura KMiyaji AOmote K(2011)An Identity-Based Proxy Re-Encryption Scheme with Source Hiding Property, and its Application to a Mailing-List SystemPublic Key Infrastructures, Services and Applications10.1007/978-3-642-22633-5_6(77-92)Online publication date: 2011
https://doi.org/10.1007/978-3-642-22633-5_6
Emura KMiyaji AOmote K(2010)An identity-based proxy re-encryption scheme with source hiding property, and its application to a mailing-list systemProceedings of the 7th European conference on Public key infrastructures, services and applications10.5555/2035155.2035164(77-92)Online publication date: 23-Sep-2010
https://dl.acm.org/doi/10.5555/2035155.2035164
Emura KMiyaji AOmote K(2010)A timed-release proxy re-encryption scheme and its application to fairly-opened multicast communicationProceedings of the 4th international conference on Provable security10.5555/1927915.1927937(200-213)Online publication date: 13-Oct-2010
https://dl.acm.org/doi/10.5555/1927915.1927937
Emura KMiyaji AOmote K(2010)A Timed-Release Proxy Re-encryption Scheme and Its Application to Fairly-Opened Multicast CommunicationProvable Security10.1007/978-3-642-16280-0_14(200-213)Online publication date: 2010
https://doi.org/10.1007/978-3-642-16280-0_14
Khurana HBasney JBakht MFreemon MWelch VButler R(2009)PalantirProceedings of the 8th Symposium on Identity and Trust on the Internet10.1145/1527017.1527023(38-51)Online publication date: 14-Apr-2009
https://dl.acm.org/doi/10.1145/1527017.1527023

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten