{"id":"https://openalex.org/W4382047412","doi":"https://doi.org/10.1145/3583678.3596899","title":"Preventing EFail Attacks with Client-Side WebAssembly: The Case of Swiss Post's IncaMail","display_name":"Preventing EFail Attacks with Client-Side WebAssembly: The Case of Swiss Post's IncaMail","publication_year":2023,"publication_date":"2023-06-26","ids":{"openalex":"https://openalex.org/W4382047412","doi":"https://doi.org/10.1145/3583678.3596899"},"language":"en","primary_location":{"id":"doi:10.1145/3583678.3596899","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1145/3583678.3596899","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th ACM International Conference on Distributed and Event-based Systems","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2306.13388","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071076138","display_name":"Pascal Gerig","orcid":"https://orcid.org/0000-0001-7826-9489"},"institutions":[{"id":"https://openalex.org/I118564535","display_name":"University of Bern","ror":"https://ror.org/02k7v4d05","country_code":"CH","type":"education","lineage":["https://openalex.org/I118564535"]}],"countries":["CH"],"is_corresponding":true,"raw_author_name":"Pascal Gerig","raw_affiliation_strings":["University of Bern, Bern, Switzerland"],"raw_orcid":"https://orcid.org/0000-0001-7826-9489","affiliations":[{"raw_affiliation_string":"University of Bern, Bern, Switzerland","institution_ids":["https://openalex.org/I118564535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051319967","display_name":"J\u00e4mes M\u00e9n\u00e9trey","orcid":"https://orcid.org/0000-0003-2470-2827"},"institutions":[{"id":"https://openalex.org/I57825437","display_name":"University of Neuch\u00e2tel","ror":"https://ror.org/00vasag41","country_code":"CH","type":"education","lineage":["https://openalex.org/I57825437"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"J\u00e4mes M\u00e9n\u00e9trey","raw_affiliation_strings":["University of Neuch\u00e2tel, Neuch\u00e2tel, Switzerland"],"raw_orcid":"https://orcid.org/0000-0003-2470-2827","affiliations":[{"raw_affiliation_string":"University of Neuch\u00e2tel, Neuch\u00e2tel, Switzerland","institution_ids":["https://openalex.org/I57825437"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092264926","display_name":"Baptiste Lanoix","orcid":"https://orcid.org/0009-0001-1736-0315"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Baptiste Lanoix","raw_affiliation_strings":["Swiss Post, Neuch\u00e2tel, Switzerland"],"raw_orcid":"https://orcid.org/0009-0001-1736-0315","affiliations":[{"raw_affiliation_string":"Swiss Post, Neuch\u00e2tel, Switzerland","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092264927","display_name":"Florian Stoller","orcid":"https://orcid.org/0009-0007-8417-2449"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Florian Stoller","raw_affiliation_strings":["Swiss Post, Neuch\u00e2tel, Switzerland"],"raw_orcid":"https://orcid.org/0009-0007-8417-2449","affiliations":[{"raw_affiliation_string":"Swiss Post, Neuch\u00e2tel, Switzerland","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059801724","display_name":"Pascal Felber","orcid":"https://orcid.org/0000-0003-1574-6721"},"institutions":[{"id":"https://openalex.org/I57825437","display_name":"University of Neuch\u00e2tel","ror":"https://ror.org/00vasag41","country_code":"CH","type":"education","lineage":["https://openalex.org/I57825437"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Pascal Felber","raw_affiliation_strings":["University of Neuch\u00e2tel, Neuch\u00e2tel, Switzerland"],"raw_orcid":"https://orcid.org/0000-0003-1574-6721","affiliations":[{"raw_affiliation_string":"University of Neuch\u00e2tel, Neuch\u00e2tel, Switzerland","institution_ids":["https://openalex.org/I57825437"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032492530","display_name":"Marcelo Pasin","orcid":"https://orcid.org/0000-0002-3064-5315"},"institutions":[{"id":"https://openalex.org/I4210119508","display_name":"HES-SO Arc","ror":"https://ror.org/02zzkv309","country_code":"CH","type":"education","lineage":["https://openalex.org/I173439891","https://openalex.org/I4210119508"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Marcelo Pasin","raw_affiliation_strings":["HES-SO University of Applied Sciences, Neuch\u00e2tel, Switzerland"],"raw_orcid":"https://orcid.org/0000-0002-3064-5315","affiliations":[{"raw_affiliation_string":"HES-SO University of Applied Sciences, Neuch\u00e2tel, Switzerland","institution_ids":["https://openalex.org/I4210119508"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033418614","display_name":"Valerio Schiavoni","orcid":"https://orcid.org/0000-0003-1493-6603"},"institutions":[{"id":"https://openalex.org/I57825437","display_name":"University of Neuch\u00e2tel","ror":"https://ror.org/00vasag41","country_code":"CH","type":"education","lineage":["https://openalex.org/I57825437"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Valerio Schiavoni","raw_affiliation_strings":["University of Neuch\u00e2tel, Switzerland, Neuch\u00e2tel, Switzerland"],"raw_orcid":"https://orcid.org/0000-0003-1493-6603","affiliations":[{"raw_affiliation_string":"University of Neuch\u00e2tel, Switzerland, Neuch\u00e2tel, Switzerland","institution_ids":["https://openalex.org/I57825437"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5071076138"],"corresponding_institution_ids":["https://openalex.org/I118564535"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.0634697,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"151","last_page":"156"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10651","display_name":"IPv6, Mobility, Handover, Networks, Security","score":0.9882000088691711,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9861000180244446,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7910990715026855},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.705917477607727},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6411007642745972},{"id":"https://openalex.org/keywords/plaintext","display_name":"Plaintext","score":0.5878802537918091},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5692141056060791},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.5411137938499451},{"id":"https://openalex.org/keywords/client-side","display_name":"Client-side","score":0.5074209570884705},{"id":"https://openalex.org/keywords/on-the-fly-encryption","display_name":"On-the-fly encryption","score":0.4183650314807892}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7910990715026855},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.705917477607727},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6411007642745972},{"id":"https://openalex.org/C92717368","wikidata":"https://www.wikidata.org/wiki/Q1162538","display_name":"Plaintext","level":3,"score":0.5878802537918091},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5692141056060791},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.5411137938499451},{"id":"https://openalex.org/C202477664","wikidata":"https://www.wikidata.org/wiki/Q1352449","display_name":"Client-side","level":2,"score":0.5074209570884705},{"id":"https://openalex.org/C147977885","wikidata":"https://www.wikidata.org/wiki/Q117010","display_name":"On-the-fly encryption","level":3,"score":0.4183650314807892}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3583678.3596899","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1145/3583678.3596899","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th ACM International Conference on Distributed and Event-based Systems","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2306.13388","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2306.13388","pdf_url":"https://arxiv.org/pdf/2306.13388","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2306.13388","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2306.13388","pdf_url":"https://arxiv.org/pdf/2306.13388","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.5199999809265137}],"awards":[{"id":"https://openalex.org/G5185518776","display_name":null,"funder_award_id":"957197","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4382047412.pdf","grobid_xml":"https://content.openalex.org/works/W4382047412.grobid-xml"},"referenced_works_count":15,"referenced_works":["https://openalex.org/W156706870","https://openalex.org/W2138858469","https://openalex.org/W2153185479","https://openalex.org/W2888937667","https://openalex.org/W2926494289","https://openalex.org/W3048513423","https://openalex.org/W3107581703","https://openalex.org/W3173940409","https://openalex.org/W4206742944","https://openalex.org/W4232865065","https://openalex.org/W4235228933","https://openalex.org/W4283375991","https://openalex.org/W4286307980","https://openalex.org/W4288366730","https://openalex.org/W4313129540"],"related_works":["https://openalex.org/W2915067502","https://openalex.org/W2098392677","https://openalex.org/W2624912447","https://openalex.org/W3206362444","https://openalex.org/W2362689357","https://openalex.org/W4315815885","https://openalex.org/W1484220609","https://openalex.org/W2365982350","https://openalex.org/W4205100462","https://openalex.org/W2508016950"],"abstract_inverted_index":{"Traditional":[0],"email":[1,30],"encryption":[2,50,104],"schemes":[3],"are":[4],"vulnerable":[5],"to":[6,52,87,129],"EFail":[7,41],"attacks,":[8],"which":[9],"exploit":[10],"the":[11,82,113,116],"lack":[12],"of":[13,84,115],"message":[14,54],"authentication":[15,57],"by":[16],"manipulating":[17],"ciphertexts":[18],"and":[19,37,56,67,96,102,110],"exfiltrating":[20],"plaintext":[21],"via":[22],"HTML":[23],"backchannels.":[24],"Swiss":[25],"Post's":[26],"IncaMail,":[27],"a":[28,63,76],"secure":[29],"service":[31],"for":[32],"transmitting":[33],"legally":[34],"binding,":[35],"encrypted,":[36],"verifiable":[38],"emails,":[39],"counters":[40],"attacks":[42],"using":[43],"an":[44],"authenticated-encryption":[45],"with":[46,119],"associated":[47],"data":[48],"(AEAD)":[49],"scheme":[51],"ensure":[53],"privacy":[55],"between":[58],"servers.":[59],"IncaMail":[60,78],"relies":[61],"on":[62],"trusted":[64],"infrastructure":[65],"backend":[66],"encrypts":[68],"messages":[69],"per":[70],"user":[71],"policy.":[72],"This":[73],"paper":[74],"presents":[75],"revised":[77],"architecture":[79],"that":[80],"offloads":[81],"majority":[83],"cryptographic":[85,122],"operations":[86,123],"clients,":[88],"offering":[89],"benefits":[90],"such":[91],"as":[92],"reduced":[93],"computational":[94],"load":[95],"energy":[97],"footprint,":[98],"relaxed":[99],"trust":[100],"assumptions,":[101],"per-message":[103],"key":[105],"policies.":[106],"Our":[107],"proof-of-concept":[108],"prototype":[109],"benchmarks":[111],"demonstrate":[112],"robustness":[114],"proposed":[117],"scheme,":[118],"client-side":[120],"WebAssembly-based":[121],"yielding":[124],"significant":[125],"performance":[126],"improvements":[127],"(up":[128],"~14\u00d7)":[130],"over":[131],"conventional":[132],"JavaScript":[133],"implementations.":[134]},"counts_by_year":[],"updated_date":"2026-05-23T08:51:43.019350","created_date":"2023-06-27T00:00:00"}