Please use this identifier to cite or link to this item:
Title: Design and development of OTRmail security engine for thunderbird
Authors: Wang, Derong
Keywords: DRNTU::Engineering::Computer science and engineering::Data::Data encryption
Issue Date: 2010
Abstract: Electronic mail has become an important mode of communication, thus security and privacy of correspondence has become an increasing concern. It is also noted that emails which are sent in clear are easily eavesdropped by intermediate nodes forwarding the emails. To overcome this issue, secure email solutions are being used. Currently, secure email solutions use either Secure/Multipurpose Internet Mail Extension (S/MIME), Pretty Good Privacy (PGP) or OpenPGP protocols. These protocols are not suitable for personal communication as they use long-lived encryption keys, digital signatures and complex key distributions. Hence, the use of Off-The-Record Mail (OTRmail) protocol is suggested. Not only does the OTRmail handles the key distribution for the users, it also provides perfect forward secrecy and repudiability, which is ideal for casual personal communication. However, the protocol had only been implemented using Java as a proof of concept. In order to garner wider public acceptance, an extension to Mozilla Thunderbird to enable support of the OTRmail protocol was developed. The development of the extension is divided into two parts, namely the graphical user interface (GUI) and the XPCOM components as the security engine. This project focused mainly on the engine component of the extension while a prototype GUI was created for the purpose of testing the engine. In this report, the OTRmail protocol design and the cryptographic algorithms used are introduced. The Mozilla extension API (Gecko) and the Network Security Services (NSS) are covered in detail. The design and implementation of both the engine and GUI are also discussed in detail along with the extension file structure and the necessary files to create this Mozilla extension. Essential information about the OTRmail security engine, which has been successfully developed and thoroughly tested, is provided. This report will serve as a guide for developers either in using the security engine in their extension or in improving the security engine capabilities.
Rights: Nanyang Technological University
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
SCE09 - 0289.pdf
  Restricted Access
1.45 MBAdobe PDFView/Open

Page view(s) 50

Updated on Oct 23, 2021


Updated on Oct 23, 2021

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.