Carleton University - School of Computer Science Honours Project
The Challenges of Ubiquitous End-to-End Encrypted Email
Although end-to-end encrypted email as been accessible for many years, it has yet to see ubiquitous uptake by the general public. In an effort to determine why this is the case, encrypted email schemes, PGP and S/MIME have been studied. Although they meet the requirements of sending an encrypted email, they fail to meet some requirements that are needed to make the use of end-to-end encrypted email ubiquitous. Meeting the requirements of end-to-end encrypted email allows for implementing secure email in a closed setting. In a closed setting, cryptographic artifacts can be managed by the trusted third party who is providing encrypted email service. When applied to an open setting, the management of cryptographic artifacts is left to the end user. In order to manage these artifacts, four requirements of ubiquity are proposed to reduce the barriers to end-to-end encrypted email adoption in an open setting. The challenges of end-to-end encrypted email are why current secure email schemes do not meet the ubiquity requirements. The challenges of end-to-end encrypted email are the establishment of trust, the management of key material, cross-platform, and supporting backwards compatibility. It is suggested that the root of the four challenges of end-to-end encrypted email is the reliance of end users to have a sematic understanding of the underlying implementation of end-to-end encrypted email and relying on users to make secure decisions. It is believed that by providing infrastructure and security management processes to support the artifacts of end-to-end encrypted email, the requirement of sematic understanding can be changed to that of a procedural understanding. As a result, the barriers of ubiquitous use of end-to-end encrypted email will be reduced.