Key distribution and management in applications that use public key cryptosystems generally rely on Public Key Infrastructures (PKI). In this thesis, the disadvantages of this approach are discussed and an e-mail system that performs public key distribution and management in a unique way is proposed. The name of this system is "Practical and Secure E-Mail System" ("PractiSES"). PractiSES does not use the certification mechanisms of PKIs. A central authority, which is trusted by all users, takes the responsibility of key distribution and management in PractiSES. PractiSES Client is an e-mail application that is designed for end users. On top of regular e-mail client features, PractiSES Client can also be used to exchange e-mails among users in encrypted and/or signed fashion. PractiSES is designed according to the phases of "Object Oriented Analyses and Design (OOAD)". It is implemented using Java programming language. In PractiSES, there are several secure protocols developed for initializing users, removing and updating public keys of the users and obtaining the others' public keys. Key management and distribution features of PractiSES do not let the e-mail addresses move around in an uncontrolled fashion-this is one of the problems of PKI based systems. Moreover, certificate revocation problem does not exist in PractiSES. The trust mechanism of PractiSES is simple and straightforward so that an average user can easily use. Those characteristics of PractiSES make it "practical". On the other hand, PractiSES supports enough security features, such as authentic registration, encryption and digital signatures. The first version of PractiSES will be for closed-group e-mail exchange. PractiSES will be a free application that can be used without any warranty by companies and universities
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.