New encoding to enhance email security
A team of computer scientists, Duncan Wong and Xiaojian Tian of City University of Hong Kong have suggested a technical solution to enable email security to be independent of the server used to send message.
The scientists claimed that the new method can reduce the risk of interception of personal email by third party ensuring secrecy of the emails.
According to the team, an e-mail system offers a perfect forward secrecy if any third party, together with the e-mail server, will not be able to recover earlier session keys flanked by the sender and the recipient even after compromising of the secret keys of the sender and the recipient.
Based on the principle, the team advises the possibility of exchanging emails with almost nil risk of interference from third parties.
The team was quoted by International Journal of Security and Networks as saying: "Our protocol provides both confidentiality and message authentication in addition to perfect forward secrecy."
According to the Journal, the protocol developed by the team involves person A sending an encrypted email to person B expecting that person B cannot intercept and decrypt the message.
Prior to the encryption of email and sent the protocol proposed by the team has person A’s computer post an identification code to the email server.
Further the server develops a random session "hash" which is then utilised for encrypting the genuine encryption key for the email which is to be sent by person A.
In the interim, person B as assumed recipient, obtain the key used to develop the hash and recover an identification tag, which will enable both the parties to confirm their identities.
As a different key is utilised to lock up the PGP encrypted email with a subsequent one-time layer, though the PGP security is compromised precedent emails created with the same key cannot be unlocked, the team concludes.