Send email Copy Email Address

2023-08-06
Tobias Ebelshäuser

E-Mail Security with Dr. Ben Stock

A new episode of our CISPA-TL;DR Podcasts is online! Episode 23 relates to the prestigious USENIX Security 2023 conference in Anaheim, California, which has been very successful for CISPA. One of the 30 papers with CISPA involvement that are presented at this top-tier conference has been co-authored by CISPA-Faculty Dr. Ben Stock. His concern is e-mail security. In this episode of TL;DR, he tells us how secure e-mails really are, why you should always double check who the sender of a suspicious e-mail really is, and what the future might hold in store for the e-mail standard.

For those doing world-class research in information security, such as CISPA Faculty Dr. Ben Stock, attending certain scientific conferences, such as USENIX Security, is a must. The conference is held in the USA each year in the second week of August. In the CISPA podcast TL;DR, Ben explains that in science language these conferences are referred to as “tier 1”. The importance of USENIX Security for his field of research he describes as follows: “These big conferences have been around for 30+ years, IEEE security even for 40 years. They have established themselves as the premier venues where every researcher who wants to know about the latest and greatest research in information security will go.” The scientific prestige of these conferences stems from the strict criteria applied in the selection process, also known as peer review process.

The CISPA Faculty has presented his work at USENIX Security conferences several times already. This year, he is presenting a paper entitled "Extended Hell(o): A Comprehensive Large-Scale Study on Email Confidentiality and Integrity Mechanisms in the Wild", which he has co-authored together with his former MA student Birk Blechschmidt. In a nutshell, the paper is about the security of e-mail communication. But what exactly makes this topic so important? “E-mail security is something that concerns everybody all the time without the vast majority of people even noticing it”, he says in the podcast. When asked how well e-mail providers perform in this field, his answer is clear: „They could do much better“. In the podcast, Ben also gives a full explanation of what exactly could be done better. One piece of advice is very important to him: „You cannot use e-mail to communicate in a confidential manner unless you have end-to-end-encryption”.

Birk, the paper's main author, is one of Ben's former MA students. When asked about the merits of a cybersecurity degree program such as the one offered by CISPA and Saarland University, he responds: “One of the key selling points of this study program is that you learn about information security from day one. So, while you get a fundamental introduction into computer science, as do all the others IT students at Saarland University, you look into topics such as cryptography, network security and also e-mail security from the beginning. This allows you to spend three years deep-diving into this topic.” Birk’s experience exemplifies that with a strong MA thesis you can already present your work at world-class conferences.

TL;DR, short for "Too Long Didnt' Read," is the CISPA podcast, with "Women in Cybersecurity" as a Special Edition. TL;DR has been on the air and on all major podcast platforms since 2022. Each month, we talk to CISPA researchers about their work on cybersecurity and artificial intelligence, and try to ask them the exact same questions that our listeners are asking themselves. Our goal is to explain complex topics in simple language. People from 43 nations work at CISPA, which is why some conversations are in German and others in English.

Podcast episode