USENIX Technical Program - Abstract - 13th Systems Administration Conference - LISA '99
ssmail: Opportunistic Encryption in sendmail
Damian Bentley, Australian National University; Greg Rose, QUALCOMM Australia; and Tara Whalen, Communications Research Centre Canada
Abstract
Much electronic mail is sent unencrypted, making it vulnerable to
passive eavesdropping. We propose to protect email privacy by building
encryption functionality into ESMTP mailers. Our solution,
ssmail, provides fast, simple encryption for
sendmail that does not require user intervention or
reliance on public key infrastructure. We added a small number of
steps to an ESMTP session, thereby allowing a client and server to
create a secret, one-time session key used to encrypt the mail
transfer session. ssmail relies on caching to reduce key
generation overhead. The overhead imposed by our encryption scheme is
minimal, allowing even busy mail servers to support privacy. We
placed our encryption mechanism within the mail transfer agent itself,
allowing people to use privacy protection software without having to
know how to run an encryption program explicitly. Furthermore, we are
able to encrypt the email transmission session, protecting such
information as sender and recipient identities. The speed and
simplicity of ssmail make it a very useful addition to
widely deployed ESMTP mailers. Our solution can also be adopted easily
by other mailers, and can be extended to use other encryption
algorithms.
|