Papamanthou Working to Make Navigating Email Encryption Easier
In light of more and more people becoming concerned about maintaining the privacy of their email accounts, several major Internet service providers are developing plug-in tools that will give users end-to-end encryption—meaning that only the sender and recipient can read an email’s content.
Yahoo debuted its plug-in at the recent South by Southwest expo in Austin, Texas, hoping to officially launch it by the end of 2015. Google is working on a Chrome plug-in to provide end-to-end encryption for its Gmail users.
But Charalampos “Babis” Papamanthou, an assistant professor of electrical and computer engineering with appointments in UMIACS and the Maryland Cybersecurity Center (MC2), says that adding more layers of protection often comes with a price.
“You get more privacy with end-to-end encryption, but it takes away some of the functionality of the email service, such as being able to search through your email inbox,” he says.
The problem, Papamanthou explains, is that the cloud provider—which virtually all emails are sent through—cannot perform any processing on the underlying data since it is encrypted. And since search is one of the most popular features of email, he adds, this is a pretty big limitation.
Papamanthou is currently developing an additional plug-in called PMAIL. It is a cloud-based email system that will store emails encrypted under keys managed by users—not by the cloud provider—which will enable the cloud provider to perform common search queries in the users’ inbox.
Papamanthou says he hopes to have an initial version of PMAIL up and running within the next month.
The project has already garnered attention. In February, Papamanthou showed a demo of the technology to Yahoo Chief Information Security Officer Alex Stamos, noting Stamos was “excited” by it.
Electrical and Computer Engineering seniors Connor Bruso and Aaron Steppa are assisting on the project. Antony Erb Lugo, a junior mathematics and computer science major at MIT, worked on the project in summer 2014 as part of the Research Experience for Undergraduates program in MC2.
Bruso says the project has given him the opportunity to combine the theoretical aspects of computer security with the practical skills he has learned at UMD.
“Traditionally, introducing a more secure system requires the user to have technical experience—or at the very least—to use a different service or tool than they would normally use,” he says. “We want to seamlessly integrate our technology with popular email services like Gmail and Yahoo Mail that people use every day.”
To see an overview of Papamanthou’s work in security for cloud computing, go here.
—Story by Melissa Brachfeld