Secure E-mail System for Cloud Portals : Master Thesis in Information and Communication Systems Security

Abstract: Email is a well established technology used worldwide for enterprise and private communication through the Internet. It allows people to communicate using text, but also other information formats used either as HTML or attached files. The communication is performed without the need of synchronized endpoints, based on the use of email servers that take care of storing and forwarding email letters. All these properties and much more standardized ones do not include security, which makes the choice of service provider hard when the letters sent in the email system include sensitive information. In the last few years there has been a big interest and growth in the area of cloud computing. Placing resources (computers, applications, information) out of local environments, thanks to the high speed connections in the Internet, provides countless possibilities. Actually, even email systems can be deployed in cloud computing environments, including all the email services (interface, client, and server) or a part of them. From a security point of view, the use of cloud computing leads to many threats generated by external parties and even the cloud providers. Because of these reasons, this work intends to present an innovative approach to security in a cloud environment, focusing on the security of an email system. The purpose is to find a solution for an email system deployable in a cloud environment, with all the functionality deployed on a external machine. This email system must be completely protected, minimizing the actions taken by the user, which should just connect to a portal through a web browser. Along this report there are details about the foundations, progress and findings of the research that has been carried out. The main objectives involve: researching on the concepts and state of the art of cloud computing, email systems and security; presenting a cloud computing architecture that will take care of the general aspects of security; designing an email system for that architecture that contains mechanisms protecting it from the possible security threats; and finally, implementing a simplified version of the design to test and prove the feasibility of it. After all the mentioned activities, the findings are commented, mentioning the applicability of research results to the current situation. Obviously, there is place for more research in depth of several topics related to cloud computing and email, that is why some of them are suggested.