GOVERNMENT

Version 1.0 of SELS (Secure Email List Services) has been released and is available for download. Developed at the National Center for Supercomputing Applications (NCSA) at the University of Illinois, SELS is open-source software for encrypted email discussions among multiple participants.

SELS addresses the problem of insecure email lists, which allow messages to be read by attackers on the network or the list servers. While PGP (Pretty Good Privacy) protocols have long provided encryption for email communications between individuals, encrypting group discussions, which requires a dynamic approach for managing the access of past and present participants, has proved much more challenging for both users and administrators.

SELS provides security via novel cryptographic techniques and usability via a greatly simplified key management system, which assigns a pair of private keys to each subscriber. One key enables subscribers to open and read messages; the other transforms every encrypted and signed email a subscriber sends to the list, ensuring that it can be read by only other list members.

SELS is used by both the TeraGrid Security Working Group and NCSA Security Operations.

SELS can be used with several common email clients, including Mozilla Thunderbird, MacMail, Microsoft Outlook, Mutt, and Emacs, through plugins provided by GNU Privacy Guard (GnuPG, an open-source implementation of PGP). In addition to these clients, SELS 1.0 now supports Gmail and other Mozilla Firefox web email clients, using a FireGPG plugin.

Other new features in SELS 1.0 include "key update" functionality, which facilitates certification revocation for previous list keys; subscriber and subscriber key deletion via Mailman Web or command line interfaces, and improved error handling and improved security features, such as encryption of the list server public key when sent to the list moderator. A complete list of features and changes for SELS 1.0 is available at http://sels.ncsa.uiuc.edu/.

SELS is available to any group requiring confidential email list services. It is available either as a download from SourceForge or as a service hosted on dedicated virtual servers at NCSA, which, in addition to security, provide backup, redundancy, and monitoring. Although NCSA hosts and administers these servers, SELS encryption capabilities assure that only the members of a given list will ever see the content of messages sent to that list.

To learn more, download SELS, or apply for a list, contact the SELS team (sels@ncsa.uiuc.edu) or visit http://sels.ncsa.uiuc.edu/.

SELS was developed with support from the National Center for Advanced Secure Systems Research, a multi-institutional cybersecurity research team led by NCSA and funded by the Office of Naval Research (ONR).