Using Untrusted and Unreliable Cloud Providers to Obtain Private Email

A recent trend for organizations is to shift to cloud services which typically include email. As a result, the natural privacy concerns for users stem not only from outside attackers, but from insiders as well. Our solution does not rely on unproven assumptions and does not need a PKI. To achieve this, we partially rely on concepts from Private and Secure Message Transmission protocols, which are built on top of secret sharing. This technology allows us to distribute trust over email providers. Hence, the system remains secure as long as hackers are unable to penetrate a threshold number of providers, or this set of providers does not form a coalition to attack their users. The prototype of our proposed system has been implemented as an add-on for the Thunderbird email client, using Mozilla's Web Crypto API and Rempe's secret.js library. It currently supports the following secret sharing schemes: the 2-out-2 additive scheme (set as a default), the k-out-n threshold Shamir scheme, and the Rabin and Ben-Or robust scheme.