Title :
IRRES: Intrusion-Resilient Remote Email Storage
Author :
Ma, Di ; Tsudik, Gene
Author_Institution :
Comput. & Inf. Sci. Dept., Univ. of Michigan-Dearborn, Dearborn, MI, USA
Abstract :
Both individuals and corporations increasingly rely on email to exchange important and, often sensitive, information. With the advent of ubiquitous computing and miniaturization of end-devices, many users leave email on remote servers, thus facilitating anywhere/anytime access from any networked device. Since private and sensitive information is often contained in email, it is very important to prevent its unauthorized disclosure. In this paper, we consider the problem of repeated intrusions of third-party email servers. Specifically, we design IRRES: Intrusion-Resilient Remote Email Storage system that prevents email leakage despite the presence of a powerful mobile adversary. IRRES eliminates sender compliance requirements by shifting encryption from email sender to email server. Incoming email messages are encrypted by the server with one-time keys obtained from an intrusion-resilient cooperative randomness generation process. Thus, even if the server is compromised twice, all email encrypted in the interim remains secure.
Keywords :
electronic mail; security of data; ubiquitous computing; IRRES; email messages; email servers; end devices miniaturization; intrusion resilient remote email storage; networked device; powerful mobile adversary; remote servers; sensitive information; shifting encryption; ubiquitous computing; unauthorized disclosure; cloud storage; email security; intrusion resilience;
Conference_Titel :
Distributed Computing Systems Workshops (ICDCSW), 2010 IEEE 30th International Conference on
Conference_Location :
Genova
Print_ISBN :
978-1-4244-7471-4
DOI :
10.1109/ICDCSW.2010.38
