Usable E-Mail Encryption using the Smartphone as Second Channel
Secure communication on the Internet is becoming predominant in most application areas. Examples are the more and more wide-spread use of HTTPS on the Web or the de-facto standard usage of SSH for terminal login. However, e-mail communication is still done in most cases unprotected. The reason for this are manifold: complex key and trust management, different incompatible standards, lack of software support etc. Initiatives like Autocrypt or pEp are trying to increase the usability, but they are lacking trust management: an active impersonation attack is hard to detect for the user.
The goal of this thesis is finding solutions for this trust issue: How can an e-mail user verify that she is communicating with the right peer? One possibility is using the trust relation two peers have already established using a smartphone messenger like WhatsApp or Threema. As a final outcome of the thesis an easily usable solution for e-mail encryption is anticipated.