Secure and Privacy Enhanced Email System as a Cloud Service

Abstract

Email system is very important source for organizations and individuals to exchange information between employees, colleagues and friends. Currently available email standards provide protection of email letters using standard cryptographic techniques and formats like PGP, S/MIME. All these standards focus on the protection of email contents rather than the header of email. Clear transmission of headers is the source of privacy leakage and most of social security engineers have very serious concerns about this. They argue that the intruders can easily establish the link between the sender and receiver after intercepting their emails. Furthermore, if someone can extract our email addresses then he/she can send spam messages which are the main cause of information flooding and garbage in the inboxes. Considering the current problems, we have analyzed the existing email systems and found that the current systems do not provide the feature to exchange anonymous emails between users belonging to two different domains (inter-domains).In addition to that, these systems do not enforce source and destination authentication policies which are main cause of spamming. With the shifting of deployment infrastructural paradigm from conventional arrangements to cloud computing environment, email users and organizations have more concerns about their privacy and personal data. To solve these problems, a completely different approach has been taken in this research activity to design a complete privacy enhanced secure email system. The system is based on proxy architecture to provide standard email services along with extended and innovative features. Some of the extended features are: (a) protection of email headers using standard cryptographic format, (b) transparent handling of anonymous identities belonging to different domains, (c) protection of inboxes from unauthorized emails. The designed system is implemented in the form of a service using standard techniques so it can be deployed easily in the cloud environment as a service. The system also supports cross domain exchange of email letters. It transparently and securely exchanges user’s private information across the domain after developing infrastructure level trust between them. After designing and implementing, we have verified our system using automated verification tool; Scyther. We found that the original email ids of sender and receiver both are secured along with the aliveness and secrecy of the system.