E-mail is one of the most important means of communication in everyday life at TUM, both for internal communications between administrative staff, teaching staff and students and for external communication with research and cooperation partners. Here e-mail is often used to exchange sensitive and confidential data including personal data or research results which have to be specially protected.
But e-mail - as we use it today - provides not enough protection to allow communication with sensitive data via e-mail. Within the project "Secure Email and User Certification", our major goal is to increase the level of security in e-mail communication to enable users to use e-mail for secure internal and external communication and to enable future use cases relying on digital certificates.
Authenticity, Integrity and Confidentiality
A particular goal of the project is to provide authenticity and integrity for e-mail communication. This enables users to have an assertion about
- the identity of the sender and his authorship
- the e-mail not being modified during transmission and processing
- communication being confidential between sender and recipient
By providing these assertions, e-mail can be used to exchange sensitive and confidential data and allows innovative use cases for e-mail in digital business processes. Within the project "Secure E-mail and User Certification", we analyze and investigate how techniques for end-to-end security - like S/MIME and OpenPGP - can be employed in large organisations like TUM.
The primary goal of this project is to develop a concept how such techniques can be introduced and used here at TUM to protect e-mail communication with a special focus on the organizational requirements of TUM.
Intuitive User Concepts
A major focus within such a concept is to enable less technical experienced users to benefit from secure communication. Here a primary requirement is to integrate this secure communication within the users' daily lifes and their existing daily activities. The projects immanent credo is that raising awareness and integration of the users is a key requirement to make secure communication successful.
For these reasons, an efficient and intuitive user experience and the integration in everday life and processes is a key concern of the project and one of the primary challenges. Particular challenges are the use of multiple devices per user and the steady increase in the use of mobile devices to name just a few of the challenges to solve.
Besides the aspect of securing communication, digital certificates provide a large variety of use cases in a large organization like TUM. Such digital certificates are the key building block to enable the digitalization of business process today still relying on paper today or personal presence. Document management, authentication for services and computer systems, digital identification verification are just a few uses cases building on digital certificates to be mentioned here.
Efficient Business Processes
Providing users with digital certificates creates a major challenge for organizations, especially for a large, decentralized and hetereogenous organization like TUM with its over 50,000 members. To deploy certificates to all of these members, it is necessary to establish efficient business processes and a technical system:
- to apply and register for digital certificates
- to manage such certificates
- covering the full life cycle of digital certificates from user registration to revocation
- enabling users to efficiently perform these tasks.
Here the project develops a concept to enable users in large organizations like TUM to be equipped with digital (X.509 and OpenPGP) certificates. Primary focus are intuitive and efficient processes and in addition the integration in the users' daily lifes. A tight integration with existing IT services and environments is an additional key focus to cope with.