Privacy preserving web-based email

Kevin R.B. Butler, William Enck, Patrick Traynor, Jennifer Plasterr, Patrick D. McDaniel

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service’s privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. In this paper, we show that it is possible to protect a user’s privacy from these risks by exploiting mutually oblivious, competing communication channels. We create virtual channels over online services (e.g., Google’s Gmail, Microsoft’s Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, we create a wired “spread-spectrum” mechanism for protecting the privacy of web-based communication. We discuss the design and implementation of our open-source Java applet, Aquinas, and consider ways that the myriad of communication channels present on the Internet can be exploited to preserve privacy.

Original languageEnglish (US)
Title of host publicationAlgorithms, Architectures And Information Systems Security
PublisherWorld Scientific Publishing Co.
Pages349-371
Number of pages23
ISBN (Electronic)9789812836243
DOIs
StatePublished - Jan 1 2008

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Engineering(all)

Cite this