Lightweight Email

نویسندگان

  • David Chau
  • Susan Hohenberger
  • Ben Adida
  • Ronald L. Rivest
چکیده

We present Lightweight Email Signatures (LES), a simple cryptographic architecture for authenticating email. LES is an extension of DKIM, the recent IETF effort to standardize domain-based email signatures. LES shares DKIM’s ease of deployment: they both use the DNS to distribute a single public key for each domain. Importantly, LES supports common uses of email that DKIM jeopardizes: multiple email personalities, firewalled ISPs, incoming-only email forwarding services, and other common uses that often require sending email via a thirdparty SMTP server. In addition, LES does not require DKIM’s implied intra-domain mechanism for authenticating users when they send email. LES provides these features using identity-based signatures. Each domain authority generates a master keypair, publishes the public component in the DNS, and stores the private component securely. Using this private component, the authority delivers to each of its users, via email, an individual secret key whose identity string corresponds to the user’s email address. A sender then signs messages using this individual secret key. A recipient verifies such a signature by querying the appropriate master public key from the DNS, computing the sender’s public key, and verifying the signature accordingly. As an added bonus, the widespread availability of user-level public keys enables deniable authentication, such as ring signatures. Thus, LES provides email authentication with optional repudiability. We built a LES prototype to determine its practicality. Basic user tests show that the system is relatively easy to use, and that cryptographic performance, even when using deniable authentication, is well within acceptable range.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Lightweight Semantic Approach for Enterprise Search and Interoperability

In this paper we describe a lightweight approach for semantic interoperability suitable for small and micro enterprises. The approach is based on reusing the existing enterprise infrastructure – emails and documents – and enables lightweight semantic search and recommendation in order to fulfill interoperability tasks.

متن کامل

Lightweight Signatures for Email

We present the design and prototype implementation of a new public key infrastucture for email authentication. Our approach applies recent developments in identity-based cryptography and observations concerning the role of DNS and email servers in the current email architecture to produce end-to-end email signatures with no infrastructure change or new security assumption. Like current email si...

متن کامل

Lightweight Encryption for Email

Email encryption techniques have been available for more than a decade, yet none has been widely deployed. The problems of key generation, certification, and distribution have not been pragmatically addressed. We recently proposed a method for implementing a Lightweight Public Key Infrastructure (PKI) for email authentication using recent developments in identitybased cryptography and today’s e...

متن کامل

Fighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails

We present a novel key distribution architecture and a novel use of a particular identity-based digital signature scheme for making email trustworthy. Like typical digital signatures, our solution fights email-based phishing attacks and mitigates spam by detecting spoofed emails. Unlike typical digital signatures, our approach requires no complex, preestablished public-key infrastructure nor co...

متن کامل

Lightweight Email Signatures (extended Abstract) Publisher Accessed Terms of Use Detailed Terms Lightweight Email Signatures (extended Abstract)

We present Lightweight Email Signatures (LES), a simple cryptographic architecture for authenticating email. LES is an extension of DKIM, the recent IETF effort to standardize domain-based email signatures. LES shares DKIM’s ease of deployment: they both use the DNS to distribute a single public key for each domain. Importantly, LES supports common uses of email that DKIM jeopardizes: multiple ...

متن کامل

Controlling Spam through Lightweight Currency

Spam is an ongoing problem on the Internet today, and an increasing body of literature from research papers to the popular press addresses the problem. The solutions generally fall into the categories of paymentbased, legislative, and filter-based. In this paper, we present a payment-based solution to the spam problem that can reduce the level of unsolicited emails to reasonable levels without ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2006