Trusted Email protocol: Dealing with privacy concerns from malicious email intermediaries

It is well-known that intermediate mediums that route emails between senders and recipients can be a real threat to privacy as these intermediaries can easily intercept and tamper with email messages. Many software-based solutions have been proposed to solve such privacy concerns by means of end-to-end data encryption such as PGP, OpenPGP, and S/MIME. These solutions pose yet another challenging issue for the secure and trusted management of cryptographic keys they utilize. To address this issue, we propose a new protocol for a Trusted Email System using hardware-based cryptographic functionality of Trusted Platform Module (TPM) and the Ephemerizer concept. By leveraging the advantages of these two technologies, our protocol provides a safeguard to cryptographic keys so that only designated email senders and recipients can read email messages. Furthermore, our protocol guarantees that nobody can read email messages that have expired or have been securely deleted. In this paper, we first describe the protocol of our Trusted Email System and then verify the security aspects of the protocol using a popular cryptographic verification tool, ProVerif.