Understanding the limitations of S/MIME digital signatures for e-mails: A GUI based approach
نویسندگان
چکیده
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a well-known standard for secure e-mail exchange. S/MIME builds its identity management on e-mail addresses, rather than real names. This fact may sometimes cause sending a signed e-mail with a bogus name on it. Moreover, header information of a signed e-mail message, such as subject and name, can be altered without affecting the verifiability of the signature. This paper spots the details of such problems of S/MIME and discusses some solutions from both developer and user points of view. Moreover, GUI considerations about these problems are also analyzed in this paper. An ideal GUI is modeled and developed. a 2008 Elsevier Ltd. All rights reserved.
منابع مشابه
S/MIME Version 3 Message Specification
S/MIME (Secure/Multipurpose Internet Mail Extensions) provides a consistent way to send and receive secure MIME data. Based on the popular Internet MIME standard, S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encry...
متن کاملPractical Security in E-Mail Applications
This paper deals with practicability issues of encrypted e-mails. A quick survey on the status quo indicates that popular e-mail clients lack substantial practicability qualities, for example searching in encrypted e-mails. Other approaches such as De-Mail provide solutions, but offer transport encryption only. We present and discuss a number of improvements to the practicability of e-mail encr...
متن کاملExtraction of Sender Information from E-mails Based on Local Pattern Matching of Signatures and Its Application to Address Book Management
E-mails usually include sender information (e.g. name, organization etc.) in the signatures and the headers. For making good use of these data, we propose a method to extract sender address book information from Japanese e-mails. The main features of the method are signature separation using e-mail layout information, and sender information extraction based on pattern matching of the local stru...
متن کاملFighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails
We present a novel key distribution architecture and a novel use of a particular identity-based digital signature scheme for making email trustworthy. Like typical digital signatures, our solution fights email-based phishing attacks and mitigates spam by detecting spoofed emails. Unlike typical digital signatures, our approach requires no complex, preestablished public-key infrastructure nor co...
متن کاملExpires in six months Ascom Systec Ltd. Incorporation of IDEA encryption algorithm in S/MIME
This memo describes how to incorporate the IDEA (International Data Encryption Algorithm) [IDEA] encryption algorithm into S/MIME (Secure/Multipurpose Internet Mail Extensions) [SMIME2, SMIME3]. The S/MIME standard provides a consistent way to send and receive secure MIME [MIME] data. Information security services are implemented on the basis of a set of cryptographic functions. Thus, digital s...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Computers & Security
دوره 28 شماره
صفحات -
تاریخ انتشار 2009