Filters








1,957 Hits in 3.8 sec

A Case (Study) For Usability in Secure Email Communication

Apu Kapadia
2007 IEEE Security and Privacy  
Acknowledgments The author thanks Scott Rea for his insightful comments and willingness to read multiple drafts of this article.  ...  Encryption and the key distribution problem Now, more than ever, the privacy of our communications is at risk.  ...  www.computer.org/security/ ■ IEEE SECURITY & PRIVACY dentiality of my electronic conversations in mind, I convinced some of my research colleagues to encrypt their email conversations with me.  ... 
doi:10.1109/msp.2007.25 fatcat:knjkcxq5rjcshpopp2lpkhoyhy

SoK: Securing Email – A Stakeholder-Based Analysis (Extended Version) [article]

Jeremy Clark, P.C. van Oorschot, Scott Ruoti, Kent Seamons, Daniel Zappala
2021 arXiv   pre-print
We begin by identifying a variety of stakeholders who have an interest in the current email system and in efforts to provide secure solutions.  ...  While email is the most ubiquitous and interoperable form of online communication today, it was not conceived with strong security guarantees, and the ensuing security enhancements are, by contrast, lacking  ...  It is not clear how email can follow the same path. Getting users to adopt secure email services may require gains in user understanding of risks and trust in solutions that mitigate those risks.  ... 
arXiv:1804.07706v3 fatcat:wbocbmeetve6vfkt3fzayjcelq

User-centric PKI

Radia Perlman, Charlie Kaufman
2008 Proceedings of the 7th symposium on Identity and trust on the Internet - IDtrust '08  
We contrast the usability/privacy/security properties of our design with other identity management/authentication schemes deployed or being proposed today.  ...  A number of solutions have been proposed -and some have even been deployed -but the capability remains unavailable to most users and the solutions deployed raise concerns for both convenience and security  ...  When forgotten password recovery is to be based on the (dubious) security of email, there are two possibilities: • A site keeps the user's actual password, and emails the password to the email address  ... 
doi:10.1145/1373290.1373300 dblp:conf/idtrust/PerlmanK08 fatcat:lgkoof7danb3jjtnx2fvojjhm4

User-visible cryptography in email and web scenarios

Phil Brooke, Richard Paige
2015 Information and Computer Security  
Risks Common risks with these scenarios involve the traditional security properties.  ...  Risk management The risks identified in these user stories are generally low as the impact of a breach is low, for example in social websites and social email.  ... 
doi:10.1108/ics-07-2013-0054 fatcat:wtnxkreq3fcnlbmznig7rii5im

Secure Email Transmission Protocols – A New Architecture Design [article]

Gabriel Chen, Rick Wanner
2022 arXiv   pre-print
On top of the basic layer of SMTP, POP3, and IMAP protocols to send and retrieve emails, there are several other major security protocols used in current days to secure email transmission such as TLS/SSL  ...  However, email transmission protocols were not designed with security in mind, and this has always been a challenge while trying to make email transmission more secure.  ...  Instead of relying on the algorithmic complexity in Public Key Infrastructure (PKI), quantum teleportation achieves authentication and encryption based on non-locality of entanglement correlation space  ... 
arXiv:2208.00388v1 fatcat:gvt752un2vgu3gqm7vmcbqj2na

Email feedback

Saket Kaushik, William Winsborough, Duminda Wijesekera, Paul Ammann
2005 Proceedings of the 2005 ACM workshop on Formal methods in security engineering - FMSE '05  
This in turn allows downstream principals to express and enforce precise requirements as the risk of losing desirable messages is minimized.  ...  Current email-control mechanisms, though highly effective, are prone to dropping desirable messages.  ...  Reputation and trust based solutions are dependent on establishing identity of the sender, which is a significant problem in email.  ... 
doi:10.1145/1103576.1103586 dblp:conf/ccs/KaushikWWA05 fatcat:5lztlpqkpbhs5dcizig7vgd33e

Evaluating Web PKIs [chapter]

Jiangshan Yu, Mark Ryan
2017 Software Architecture for Big Data and the Cloud  
Certificate authorities serve as trusted parties to help secure web communications. They are a vital component for ensuring the security of cloud infrastructures and big data repositories.  ...  However, none of it has been widely adopted yet, and it is hard to judge which one is the winner.  ...  To give an intuition of potential security and privacy applications of PKI in big data, we present some example scenarios.  ... 
doi:10.1016/b978-0-12-805467-3.00007-7 fatcat:icorbbj4wfb5plvjyrdqbhmifa

Vulnerabilities of PKI based Smartcards

Partha Dasgupta, Karmvir Chatha, Sandeep K. S. Gupta
2007 MILCOM 2007 - IEEE Military Communications Conference  
PKI-enabled smartcards hold the future of personal identity management and resilience against identity theft.  ...  Bluetooth of course introduces its own set of security risks. SSL Connections The card could use a SSL channel to a particular I/O device that is trusted. This is a difficult to deploy solution.  ...  Implementation and use of Secure I/O The challenge of a secure PKI card design is to incorporate not only PKI but also secure I/O subsystem in a manner that does not compromise the form factor, connectivity  ... 
doi:10.1109/milcom.2007.4455333 fatcat:p65xatj4xzhwvcnzwmpfhcdtcm

PKI Seeks a Trusting Relationship [chapter]

Audun Jøsang, Ingar Glenn Pedersen, Dean Povey
2000 Lecture Notes in Computer Science  
This paper describes public-key infrastructures in general and discusses issues related to trust management of public-key infrastructures.  ...  Digital certificates and public-key infrastructures represent an attempt to mimic real-world human assessment of identity and trustworthiness in an automated and mechanical fashion, but present implementations  ...  Another popular application is email encryption based on the S/MIME [8, 9] standard which consists of digitally encrypting the body (and not the head) of email messages.  ... 
doi:10.1007/10718964_16 fatcat:wyp7ljfrqrhhfmutfs3sr6qcj4

Privacy PreservingWeb-Based Email [chapter]

Kevin R. B. Butler, William Enck, Patrick Traynor, Jennifer Plasterr, Patrick D. McDaniel
2008 Algorithms, Architectures and Information Systems Security  
Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging.  ...  In this paper, we show that it is possible to protect a user's privacy from these risks by exploiting mutually oblivious, competing communication channels.  ...  Methods of securing non-web-based email have been extensively studied.  ... 
doi:10.1142/9789812836243_0016 fatcat:4u2peyqlurc4dgzrgdv6dappee

ABUSE: PKI for Real-World Email Trust [chapter]

Chris Masone, Sean W. Smith
2010 Lecture Notes in Computer Science  
We then built Attribute-Based, Usefully Secure Email (ABUSE), a PKI-based system to solve this problem.  ...  6, 7], a secure email standard that leverages an X.509 PKI [8] to provide message integrity and nonrepudiation via digital signatures [9, 10] .  ...  The problem of human trust requires large amounts of human context to decide, and computers are ill-suited for these kinds of tasks.  ... 
doi:10.1007/978-3-642-16441-5_10 fatcat:abbfmmajhvhmbabogyuyixs2sa

Personal PKI for the Smart Device Era [chapter]

John Lyle, Andrew Paverd, Justin King-Lacroix, Andrea Atzeni, Habib Virji, Ivan Flechais, Shamal Faily
2013 Lecture Notes in Computer Science  
However, increased connectivity raises a number of security and privacy issues, and in this paper we introduce a public key infrastructure designed to be suitable for personal computing across multiple  ...  We recognize the need for our PKI to work on both mobile and home networks, use existing online user identities and take into consideration the different interaction styles found on smart devices in different  ...  This motivates the need for a suitable PKI for personal networks capable of protecting user security and privacy.  ... 
doi:10.1007/978-3-642-40012-4_5 fatcat:kwy6qnsgwjcf7em262ti4vj5di

Beyond PKI: The Biocryptographic Key Infrastructure [chapter]

Walter J. Scheirer, William Bishop, Terrance E. Boult
2013 Security and Privacy in Biometrics  
Ellison and Schneier [14] specifically highlight a series of identity related PKI risks by asking the following questions: 1. Who do we trust, and what for? 2. Who is using my key?  ...  More importantly, we analyze the problem of applying unprotected biometric features directly into PKI, and propose the integration of a secure, revocable biometric template protection technology that supports  ...  Even at a FAR of 1 in 1,000,000, the attacker still gets four choices, on average, to compromise the matching system. network authentication, the risk of spoofing is greatly reduced by secure templates  ... 
doi:10.1007/978-1-4471-5230-9_3 fatcat:yuthwurbrnd3nefhdptujvc22y

Simulation of PKI-enabled communication for identity management using CyberCIEGE

C. E. Irvine, M. F. Thompson
2010 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE  
The CyberCIEGE game engine modifications include modeling of chains of trust and risks of cross certification schemes.  ...  CyberCIEGE Virtual Private Network (VPN) gateways, VPN clients and email clients were then extended to incorporate the new PKI features.  ...  Players also learn about potential risks associated with the use of PKI by experimenting and observing cause and effects.  ... 
doi:10.1109/milcom.2010.5679591 fatcat:ksvixqbfobdbvopvjdvgkyf7du

Beyond PKI: The Biocryptographic Key Infrastructure

W. Scheirer, B. Bishop, T. Boult
2010 2010 IEEE International Workshop on Information Forensics and Security  
Ellison and Schneier [14] specifically highlight a series of identity related PKI risks by asking the following questions: 1. Who do we trust, and what for? 2. Who is using my key?  ...  More importantly, we analyze the problem of applying unprotected biometric features directly into PKI, and propose the integration of a secure, revocable biometric template protection technology that supports  ...  Even at a FAR of 1 in 1,000,000, the attacker still gets four choices, on average, to compromise the matching system. network authentication, the risk of spoofing is greatly reduced by secure templates  ... 
doi:10.1109/wifs.2010.5711435 dblp:conf/wifs/ScheirerBB10 fatcat:avh4vs2eobbi3nnobubs7w5bmu
« Previous Showing results 1 — 15 out of 1,957 results