Joe Naegele | Comcast Center of Excellence for Security Innovation

Abstract: Why our email is still being read by others, and how we can stop it

We take encryption for granted for all digital communication, except one: email. Email, perhaps our most basic means of communications, is routinely sent without any encryption, enabling others to monitor it (which they most certainly do). Email encryption has been available for 26 years, yet it has seen such poor adoption that banks routinely tell their customers: contact us via the web, never email. I’ll show that our lack of email privacy is due to legitimate technical obstacles: namely, email’s unique distribution mechanism, which avoids any direct connection, and therefore creates a chicken-and-egg dilemma for certificate exchange. I can’t securely email you until I have your cert, but I can’t get your cert until I’ve already emailed you. Thus, email remains with the same (lack of) privacy its had since birth. However, new standards, like IETF’s DANE SMIMEA, solve this chicken-and-egg problem, by using the DNS as a massive, global key distribution system. I’ll present Great DANE, the first publicly available, open source implementation of DANE SMIMEA, which allows you to secure encrypt all your emails, from the start, automatically.

Bio:

Joe Naegele is a Senior Software Engineer at Grier Forensics, where he has led development of an analytics platform for large scale (80 TB) web data developed for the US Air Force, and of Great DANE, a cross-platform suite of tools for email security, and led enhancements to Grier Forensics’ advanced forensics acceleration system. Naegele is experienced in C++, Java, Scala, Python, the Apache Spark cluster-computing framework, and other platforms and languages; developed software for Linux, Windows, and Mac OS X; and is proficient in multiple DBMS. Prior to joining Grier, Naegele served as Software Engineer at the Functional MRI Facility at the National Institutes of Health, where he developed a medical image reconstruction framework using Python and C++, which stored, converted, and extracted MRI data, provided on-screen visualizations, and performed statistical analysis. He also helped create the ISMRM format for MRI datasets, including APIs for C/C++, Python, and MATLAB. His work resulted in peer-reviewed publication in Magnetic Resonance in Medicine, as well as a popular open source implementation.