Internet Archive Scholar

Easy Encryption for Email, Photo, and Other Cloud Services

John Seunghyun Koh
2021

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (6.1 MB)
https://web.archive.org/web/20210602101108/https://academiccommons.columbia.edu/doi/10.7916/d8-vngh-dq70/download

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Modern users carry mobile devices with them at nearly all times, and this likely has contributed to the rapid growth of private user data—such as emails, photos, and more—stored online in the cloud. Unfortunately, the security of many cloud services for user data is lacking, and the vast amount of user data stored in the cloud is an attractive target for adversaries. Even a single compromise of a user's account yields all its data to attackers. A breach of an unencrypted email account gives the
more » ... attacker full access to years, even decades, of emails. Ideally, users would encrypt their data to prevent this. However, encrypting data at rest has long been considered too difficult for users, even technical ones, mainly due to the confusing nature of managing cryptographic keys. My thesis is that strong security can be made easy to use through client-side encryption using self-generated per-device cryptographic keys, such that user data in cloud services is well protected, encryption is transparent and largely unnoticeable to users even on multiple devices, and encryption can be used with existing services without any server-side modifications. This dissertation introduces a new paradigm for usable cryptographic key management, Per-Device Keys (PDK), and explores how self-generated keys unique to every device can enable new client-side encryption schemes that are compatible with existing online services yet are transparent to users. PDK's design based on self-generated keys allows them to stay on each device and never leave them. Management of these self-generated keys can be shown to users as a device management abstraction which looks like pairing devices with each other, and not any form of cryptographic key management. I design, implement, and evaluate three client-side encryption schemes supported by PDK, with a focus on designing around usability to bring transparent encryption to users. First, I introduce Easy Email Encryption (E3), a secure email solution that is easy to use. Usersstruggle with using end-to-end [...]
doi:10.7916/d8-40ce-qn14 fatcat:mryc5fruojgttot57unwakr2dq
Citation

John Seunghyun Koh. "Easy Encryption for Email, Photo, and Other Cloud Services." (2021)