Submitted By: Gabriel Chen 

Doing research and pushing boundaries in innovations is one of the most important components to shape our future of Computer Security. Early this year, I was fortunate to be funded by WiCyS to work on a research paper at SANS. Here, I would like to share with you all about the process, experiences, and the tremendous final outcome, a published peer reviewed research paper. 

The program is called SANS Gold Paper. Once you finish a certificate at SANS, you will have the option to work on a “gold” version of that certificate by publishing a research paper. As one of the recipients of WiCyS Security Training Scholarship, I had the chance to work on three professional certificate at SANS. After successfully finishing the first certificate, I applied to the Gold Paper program immediately. To apply, a title and an abstract are required for approval. After being approved, you will be contacted by an advisor who is working in your potential research field. Once you have your advisor, the whole research process starts rolling.

My advisor is a professional working in the industry for decades. He started with providing insights about what is a Gold Paper and what this program is looking for. Basically, researchers in this program have to produce a research paper around twenty pages for peer review, then it will be published to the SANS Reading Room. The research process will last around six month depends on whether you require an extension. Throughout this intensive research program, I was meeting and chatting with my advisor about ideas and outcomes. The whole process is quite smooth.

The idea of our paper, “Secure Email Transmission Protocols — A New Architecture Design”, initiated from my passion in Network Security and Information Transmission Security. In this paper, we discussed how emails are transmitted under a standard design architecture with basic network protocols within common commercial products. After visiting the common design, we talked about some major flaws within these protocols including TLS, PGP/GPG, and S/MIME. Additionally, we brought up the fact that the general design itself is flawed. After raising all these questions, we went through some potential solutions researchers have proposed. EEKS structure, DMARCBox, Quantum Teleportation, and Schnorr Signature were discussed in details. In the end, we proposed a new design architecture which build additional security features using Schnorr Signature on top of the EEKS structure. For further research, we gave a vision on the potential of Quantum Teleportation. Also, we visit the possibility where our design fails once the equivalence of P and NP is resolved.

A published version of this paper can be found through below links: