Usable secure mailing lists with untrusted servers

Authors:
Rakesh Bobba;Joe Muggli;Meenal Pant;Jim Basney;Himanshu Khurana
Affiliations:
University of Illinois, Urbana-Champaign;University of Illinois, Urbana-Champaign;University of Illinois, Urbana-Champaign;University of Illinois, Urbana-Champaign;University of Illinois, Urbana-Champaign
Venue:
Proceedings of the 8th Symposium on Identity and Trust on the Internet
Year:
2009

Citing 19
Cited 4

A mathematical model of the finding of usability problems

CHI '93 Proceedings of the INTERACT '93 and CHI '93 Conference on Human Factors in Computing Systems
Secure group communications using key graphs

IEEE/ACM Transactions on Networking (TON)
Groupware walkthrough: adding context to groupware usability evaluation

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Tree-based group key agreement

ACM Transactions on Information and System Security (TISSEC)
How to make secure email easier to use

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Distributed Blinding for Distributed ElGamal Re-Encryption

ICDCS '05 Proceedings of the 25th IEEE International Conference on Distributed Computing Systems
Johnny 2: a user test of key continuity management with S/MIME and Outlook Express

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Security and usability engineering with particular attention to electronic mail

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Secrecy, flagging, and paranoia: adoption criteria in encrypted email

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Improved proxy re-encryption schemes with applications to secure distributed storage

ACM Transactions on Information and System Security (TISSEC)
Aligning usability and security: a usability study of Polaris

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Why Johnny can't encrypt: a usability evaluation of PGP 5.0

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Chosen-ciphertext secure proxy re-encryption

Proceedings of the 14th ACM conference on Computer and communications security
Cross-user analysis: Benefits of skill level comparison in usability testing

Interacting with Computers
From proxy encryption primitives to a deployable secure-mailing-list solution

ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Views, reactions and impact of digitally-signed mail in e-commerce

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Collusion resistant broadcast encryption with short ciphertexts and private keys

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Multiplex encryption: a practical approach to encrypting multi-recipient emails

ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Secure multicast using proxy encryption

ICICS'05 Proceedings of the 7th international conference on Information and Communications Security

Palantir: a framework for collaborative incident response and investigation

Proceedings of the 8th Symposium on Identity and Trust on the Internet
A timed-release proxy re-encryption scheme and its application to fairly-opened multicast communication

ProvSec'10 Proceedings of the 4th international conference on Provable security
An identity-based proxy re-encryption scheme with source hiding property, and its application to a mailing-list system

EuroPKI'10 Proceedings of the 7th European conference on Public key infrastructures, services and applications
Proxy-invisible CCA-secure type-based proxy re-encryption without random oracles

Theoretical Computer Science

Quantified Score

Hi-index	0.00

Visualization

Abstract

Mailing lists are a natural technology for supporting messaging in multi-party, cross-domain collaborative tasks. However, whenever sensitive information is exchanged on such lists, security becomes crucial. We have earlier developed a prototype secure mailing list solution called SELS (Secure Email List Services) based on proxy encryption techniques [20], which enables the transformation of cipher-text from one key to another without revealing the plain-text. Emails exchanged using SELS are ensured confidentiality, integrity, and authentication. This includes ensuring their confidentiality while in transit at the list server; a functionality that is uniquely supported by SELS through proxy re-encryption. In this work we describe our efforts in studying and enhancing the usability of the software system and our experiences in supporting a production environment that currently is used by more than 50 users in 11 organizations. As evidence of its deployability, SELS is compatible with common email clients including Outlook, Thunderbird, Mac Mail, Emacs, and Mutt. As evidence of its usability, the software is being used by several national and international incident response teams.