Abstract
As demonstrated by the revelations of Edward Snowden on the extent of pervasive surveillance, one pressing danger is in the vast predominance of unencrypted messages, due to the influence of the centralizing silos such as Microsoft, Facebook, and Google. We present the threat model and architectural design of the LEAP platform and client applications, which currently provisions opportunistic email encryption combined with a VPN tunnel and cross-device synchronization.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
To try, follow instructions on http://demo.bitmask.net.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
Such as Thunderbird, Evolution, or Outlook.
- 11.
- 12.
Note that parts of Sect. 3 are modified versions of material available on the LEAP wiki at http://leap.se/en/docs.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
The Android version tends to lag behind development compared to the Linux version due to the design having to be re-coded in Java.
- 22.
- 23.
- 24.
See work by Debian on reproducible builds that LEAP is applying to its code: https://wiki.debian.org/ReproducibleBuilds.
- 25.
- 26.
Details at https://leap.se/nicknym.
- 27.
The source code for Pixelated is available here: https://github.com/pixelated-project/.
References
Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, p. 2 (2004)
Foster, I.D., Larson, J., Masich, M., Snoeren, A.C., Savage, S., Levchenko, K.: Security by any other name: on the effectiveness of provider based email security. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 450–464. ACM (2015)
Garfinkel, S.L.: Enabling email confidentiality through the use of opportunistic encryption. In: Proceedings of the 2003 Annual National Conference on Digital Government Research, dg.o ’03, pp. 1–4. Digital Government Society of North America (2003)
Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J., Coniks: Bringing key transparency to end users. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 383–398 (2015)
Samuel, J., Mathewson, N., Cappos, J., Dingledine, R.: Survivable key compromise in software update systems. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 61–72. ACM, New York (2010)
Unger, N., Dechand, S., Bonneau, J., Fahl, S., Perl, H., Goldberg, I., Smith, M.: Sok: Secure messaging. In: 2015 IEEE Symposium on Security and Privacy, pp. 232–249. IEEE (2015)
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of pgp. 5.0. In: Proceedings of the 8th Conference on USENIX Security Symposium, vol. 8, SSYM’99, pp. 14. USENIX Association, Berkeley (1999)
Acknowledgements
The authors are supported by NEXTLEAP (EU H2020 ref: 688722) and the Open Technology Fund.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Sparrow, E., Halpin, H., Kaneko, K., Pollan, R. (2016). LEAP: A Next-Generation Client VPN and Encrypted Email Provider. In: Foresti, S., Persiano, G. (eds) Cryptology and Network Security. CANS 2016. Lecture Notes in Computer Science(), vol 10052. Springer, Cham. https://doi.org/10.1007/978-3-319-48965-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-48965-0_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48964-3
Online ISBN: 978-3-319-48965-0
eBook Packages: Computer ScienceComputer Science (R0)