Design and development of OTRmail security engine for thunderbird

Electronic mail has become an important mode of communication, thus security and privacy of correspondence has become an increasing concern. It is also noted that emails which are sent in clear are easily eavesdropped by intermediate nodes forwarding the emails. To overcome this issue, secure email...

Full description

Saved in:
Bibliographic Details
Main Author: Wang, Derong
Other Authors: Woo Wing Keong
Format: Final Year Project
Language:English
Published: 2010
Subjects:
Online Access:http://hdl.handle.net/10356/39907
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:Electronic mail has become an important mode of communication, thus security and privacy of correspondence has become an increasing concern. It is also noted that emails which are sent in clear are easily eavesdropped by intermediate nodes forwarding the emails. To overcome this issue, secure email solutions are being used. Currently, secure email solutions use either Secure/Multipurpose Internet Mail Extension (S/MIME), Pretty Good Privacy (PGP) or OpenPGP protocols. These protocols are not suitable for personal communication as they use long-lived encryption keys, digital signatures and complex key distributions. Hence, the use of Off-The-Record Mail (OTRmail) protocol is suggested. Not only does the OTRmail handles the key distribution for the users, it also provides perfect forward secrecy and repudiability, which is ideal for casual personal communication. However, the protocol had only been implemented using Java as a proof of concept. In order to garner wider public acceptance, an extension to Mozilla Thunderbird to enable support of the OTRmail protocol was developed. The development of the extension is divided into two parts, namely the graphical user interface (GUI) and the XPCOM components as the security engine. This project focused mainly on the engine component of the extension while a prototype GUI was created for the purpose of testing the engine. In this report, the OTRmail protocol design and the cryptographic algorithms used are introduced. The Mozilla extension API (Gecko) and the Network Security Services (NSS) are covered in detail. The design and implementation of both the engine and GUI are also discussed in detail along with the extension file structure and the necessary files to create this Mozilla extension. Essential information about the OTRmail security engine, which has been successfully developed and thoroughly tested, is provided. This report will serve as a guide for developers either in using the security engine in their extension or in improving the security engine capabilities.