Security textbooks tell us that it is unsafe for a system with sensitive data to have a central point of attack, that is, a system component on which the security of the data hinges. For example, a system should not rely on a trusted server or a trusted administrator with the confidentiality of sensitive data, because these will eventually be compromised. Instead, a system should distribute its trust in different components that would all have to be compromised for its security to fail. Yet, many systems today fail to follow these basic guidelines, in part because it is technically challenging to distribute this trust.


The recent Deloitte breach has once again proved the importance of not having a central point of attack. Deloitte is a private firm that provides auditing, tax and cybersecurity consultancy to banks, multinational companies, pharmaceutical firms or government agencies. According to this Guardian article, an attacker compromised an administrator’s account and potentially  gained access to emails of  244,000 Deloitte staff, as well as usernames, passwords, IP addresses, architectural diagrams for businesses and health information. It was also reported that the attachments of some emails had sensitive security and design information.


The key security problem is that the administrator was a central point of attack for all this information. Even if an administrator is well-intended, he/she becomes a target for attackers. Moreover, the administrator’s account was secured with a password, and we know that many passwords are breakable.


We designed the PreVeil email with the precise goal of preventing these problems.


PreVeil email does not have a central point of attack for viewing all emails. When using PreVeil a company configures an approval group. This is a group of administrators (at least three) who have access to that set of emails. No one administrator alone, even if fully compromised, can decrypt the contents of the emails. The reason is that PreVeil encrypts these emails with end-to-end encryption using a key that no administrator alone has. Each administrator has a cryptographic “shard” of the key; this shard cannot be used to reconstruct the original key, based on information theory. At the same time, when the administrators share their shards together, they can reconstruct the original key. This mechanism enables these administrators to help a user regain access to his/her account after losing his/her devices, without introducing a central point of attack. An attacker would have to compromise all the relevant administrators to gain access to the data, making it a much harder goal to achieve.


Futhermore, PreVeil does not use passwords. Not only are passwords breakable, but they are also burdensome for the users to remember. Instead, PreVeil stores cryptographic keys on the user devices. These keys are long and random so no attacker can guess, reverse engineer, or enumerate them as one can do with passwords. An analogy I like to tell to my students is that there are many more such keys than atoms in the universe!


If Deloitte would have used PreVeil email, the compromise of that one administrator would not have permitted the attackers to get access to these sensitive emails.



Authored by: Raluca Ada Popa, PreVeil Founder & Chief Technology Officer and Assistant Professor of Computer Science, University of California Berkeley