Peace vs. Privacy
Proceedings of the New Security Paradigms Workshop on ZZZ - NSPW '15
We introduce the paradigm of security through hostility: cloud-based service providers in conflicting jurisdictions are assumed to be non-cooperating, and are used for transmitting encrypted content and corresponding keys through separate but accessible channels among end-users from both jurisdictions. Such separation between content and key can enable effortless user-to-user encrypted communication without any user-managed keys. As an example use-case of this paradigm, we consider encrypted
... il, which is complicated by the requirement of balancing security and ease-of-use needs. For example, users cannot be expected to manage long-term keys (e.g., PGP key-pair), or understand crypto primitives. We design CherAmi by leveraging existing relationships between a sender and a receiver on an online social networking (OSN) site, and assuming users can use OSN and email providers that are hosted from hostile/non-cooperating jurisdictions. CherAmi can provide integrity, authentication and confidentiality guarantees for selected messages among OSN friends. A confidentialityprotected email is encrypted by a randomly-generated key, and the key is privately shared with the receiver via the OSN site. Our implementation consists of a Thunderbird add-on and a Twitter app; the add-on is available at: https://madiba.encs.concordia.ca/software.html. CherAmi is a client-end solution and does not require changes to email or OSN servers. In this paper, the focus of our discussion includes: the paradigm of security through hostility, and the design, implementation and security analysis of the proposed encrypted email solution. We acknowledge that a user study will be required to validate usability-related features of CherAmi.