<blockquote what="official NYCBUG announcement"> Date: Sun, 06 Jan 2008 21:41:11 -0500 To: "Announcements only list for NYCBUG (announcements are not cross-posted to other lists)." <[EMAIL PROTECTED]> From: NYC*BUG Announcements <[EMAIL PROTECTED]> Subject: [announce] NYC*BUG: Wednesday January 9th Reply-To: [EMAIL PROTECTED]
Angelos Keromytis on SSARES Suspenders Restaurant, 6:30pm http://www.suspendersbar.com/location.php Please note that we our January meeting will be held January 9th instead of on January 2nd SSARES: Secure Searchable Automated Remote Email Storage - A usable, secure email system on a remote untrusted server The increasing centralization of networked services places user data at considerable risk. For example, many users store email on remote servers rather than on their local disk. Doing so allows users to gain the benefit of regular backups and remote access, but it also places a great deal of unwarranted trust in the server. Since most email is stored in plaintext, a compromise of the server implies the loss of confidentiality and integrity of the email stored therein. Although users could employ an end-to-end encryption scheme (e.g., PGP), such measures are not widely adopted, require action on the sender side, only provide partial protection (the email headers remain in the clear), and prevent the users from performing some common operations, such as server-side search. To address this problem, we present Secure Searchable Automated Remote Email Storage (SSARES), a novel system that offers a practical approach to both securing remotely stored email and allowing privacy-preserving search of that email collection. Our solution encrypts email (the headers, body, and attachments) as it arrives on the server using public-key encryption. SSARES uses a combination of Identity Based Encryption and Bloom Filters to create a searchable index. This index reveals little information about search keywords and queries, even against adversaries that compromise the server. SSARES remains largely transparent to both the sender and recipient. However, the system also incurs significant costs, primarily in terms of expanded storage requirements. We view our work as a starting point toward creating privacy-friendly hosted services. Angelos Keromytis is an Associate Professor with the Department of Computer Science at Columbia University, and director of the Network Security Laboratory. He received his B.Sc. in Computer Science from the University of Crete, Greece, and his M.Sc. and Ph.D. from the Computer and Information Science (CIS) Department, University of Pennsylvania. He is the author and co-author of more than 100 papers on refereed conferences and journals, and has served on over 40 conference program committees. He is an associate editor of the ACM Transactions on Information and Systems Security (TISSEC). He recently co-authored a book on using graphics cards for security, and is a co-founder of StackSafe Inc. His current research interests revolve around systems and network security, and cryptography. The paper on this topic is at http://www1.cs.columbia.edu/~angelos/Papers/2007/SSARES_ACSAC.pdf _______________________________________________ announce mailing list [EMAIL PROTECTED] http://lists.nycbug.org/mailman/listinfo/announce </blockquote> Distributed poC TINC: Jay Sulzberger <[EMAIL PROTECTED]> Corresponding Secretary LXNY LXNY is New York's Free Computing Organization. http://www.lxny.org _______________________________________________ gnu-misc-discuss mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-misc-discuss
