Privacy preserving web-based email

Kevin Butler, William Enck, Jennifer Plasterr, Patrick Traynor, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service’s privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. In this paper, we show that it is possible to protect a user’s privacy from these risks by exploiting mutually oblivious, competing communication channels. We create virtual channels over online services (e.g., Google’s Gmail, Microsoft’s Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, we create a wired “spread-spectrum” mechanism for protecting the privacy of web-based communication. We discuss the design and implementation of our open-source Java applet, Aquinas, and consider ways that the myriad of communication channels present on the Internet can be exploited to preserve privacy.

Original languageEnglish (US)
Title of host publicationInformation Systems Security - 2nd International Conference, ICISS 2006, Proceedings
EditorsVijayalakshmi Atluri, Aditya Bagchi
PublisherSpringer Verlag
Pages116-131
Number of pages16
ISBN (Print)9783540689621
StatePublished - Jan 1 2006
Event2nd International Conference on Information Systems Security, ICISS 2006 - Kolkata, India
Duration: Dec 19 2006Dec 21 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4332 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other2nd International Conference on Information Systems Security, ICISS 2006
CountryIndia
CityKolkata
Period12/19/0612/21/06

Fingerprint

Privacy Preserving
Electronic mail
Electronic Mail
Web-based
Privacy
Communication channels (information theory)
Cellular telephone systems
Telephone lines
Communication
Communication Channels
Marketing
Inspection
Internet
Virtual Channel
Spread Spectrum
Instant
Open Source
Java
Lifetime
Restriction

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Butler, K., Enck, W., Plasterr, J., Traynor, P., & McDaniel, P. (2006). Privacy preserving web-based email. In V. Atluri, & A. Bagchi (Eds.), Information Systems Security - 2nd International Conference, ICISS 2006, Proceedings (pp. 116-131). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4332 LNCS). Springer Verlag.
Butler, Kevin ; Enck, William ; Plasterr, Jennifer ; Traynor, Patrick ; McDaniel, Patrick. / Privacy preserving web-based email. Information Systems Security - 2nd International Conference, ICISS 2006, Proceedings. editor / Vijayalakshmi Atluri ; Aditya Bagchi. Springer Verlag, 2006. pp. 116-131 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{938cc2c13bbd467d8072caef5fb857ae,
title = "Privacy preserving web-based email",
abstract = "Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service’s privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. In this paper, we show that it is possible to protect a user’s privacy from these risks by exploiting mutually oblivious, competing communication channels. We create virtual channels over online services (e.g., Google’s Gmail, Microsoft’s Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, we create a wired “spread-spectrum” mechanism for protecting the privacy of web-based communication. We discuss the design and implementation of our open-source Java applet, Aquinas, and consider ways that the myriad of communication channels present on the Internet can be exploited to preserve privacy.",
author = "Kevin Butler and William Enck and Jennifer Plasterr and Patrick Traynor and Patrick McDaniel",
year = "2006",
month = "1",
day = "1",
language = "English (US)",
isbn = "9783540689621",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "116--131",
editor = "Vijayalakshmi Atluri and Aditya Bagchi",
booktitle = "Information Systems Security - 2nd International Conference, ICISS 2006, Proceedings",
address = "Germany",

}

Butler, K, Enck, W, Plasterr, J, Traynor, P & McDaniel, P 2006, Privacy preserving web-based email. in V Atluri & A Bagchi (eds), Information Systems Security - 2nd International Conference, ICISS 2006, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4332 LNCS, Springer Verlag, pp. 116-131, 2nd International Conference on Information Systems Security, ICISS 2006, Kolkata, India, 12/19/06.

Privacy preserving web-based email. / Butler, Kevin; Enck, William; Plasterr, Jennifer; Traynor, Patrick; McDaniel, Patrick.

Information Systems Security - 2nd International Conference, ICISS 2006, Proceedings. ed. / Vijayalakshmi Atluri; Aditya Bagchi. Springer Verlag, 2006. p. 116-131 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4332 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Privacy preserving web-based email

AU - Butler, Kevin

AU - Enck, William

AU - Plasterr, Jennifer

AU - Traynor, Patrick

AU - McDaniel, Patrick

PY - 2006/1/1

Y1 - 2006/1/1

N2 - Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service’s privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. In this paper, we show that it is possible to protect a user’s privacy from these risks by exploiting mutually oblivious, competing communication channels. We create virtual channels over online services (e.g., Google’s Gmail, Microsoft’s Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, we create a wired “spread-spectrum” mechanism for protecting the privacy of web-based communication. We discuss the design and implementation of our open-source Java applet, Aquinas, and consider ways that the myriad of communication channels present on the Internet can be exploited to preserve privacy.

AB - Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service’s privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. In this paper, we show that it is possible to protect a user’s privacy from these risks by exploiting mutually oblivious, competing communication channels. We create virtual channels over online services (e.g., Google’s Gmail, Microsoft’s Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, we create a wired “spread-spectrum” mechanism for protecting the privacy of web-based communication. We discuss the design and implementation of our open-source Java applet, Aquinas, and consider ways that the myriad of communication channels present on the Internet can be exploited to preserve privacy.

UR - http://www.scopus.com/inward/record.url?scp=85025829583&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85025829583&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85025829583

SN - 9783540689621

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 116

EP - 131

BT - Information Systems Security - 2nd International Conference, ICISS 2006, Proceedings

A2 - Atluri, Vijayalakshmi

A2 - Bagchi, Aditya

PB - Springer Verlag

ER -

Butler K, Enck W, Plasterr J, Traynor P, McDaniel P. Privacy preserving web-based email. In Atluri V, Bagchi A, editors, Information Systems Security - 2nd International Conference, ICISS 2006, Proceedings. Springer Verlag. 2006. p. 116-131. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).