SlideShare une entreprise Scribd logo

E mail security using Certified Electronic Mail (CEM)

Pankaj Bhambhani
Pankaj Bhambhani

The document discusses certified electronic mail (CEM) and its properties like non-repudiation, fairness, use of a trusted third party, and timeliness. It also summarizes the S/MIME protocol and proposes adding non-repudiation of receipt to S/MIME to improve its security. Finally, it outlines a key chain based CEM protocol that uses a transparent trusted third party and satisfies properties like non-repudiation of origin and receipt as well as fairness.

Technologie
1  sur  32
Télécharger pour lire hors ligne
E-mail Security Using Certified Electronic mail (CEM)
Team Members  Pankaj Bhambhani (200901047) (pankajb64@gmail.com)  Pratik Kumar (200901239) (pratik.kumar.bharat@gmail.com)  Dipesh Shah (200901094) (dipesh1005@gmail.com)  Jignesh Kakadiya (200901201) (jigneshhk1992@gmail.com)  Ajay Dhameliya (200901203) (dhameliyaajay26@yahoo.in)
Topics  Why E-mail security?  CEM - Certified Electronic Mail  Properties of CEM  Existing Protocol - S/MIME – properties  Missing properties in S/MIME and their importance  Sample Certified Email Protocol  How to do- Design  Conclusion and our thoughts  References
Why E-mail Security?  Primitive E-Mail service – different intended purpose.  Exchange of messages between small universities in a closed network.  Not much concern about misuse.  Different Game Altogether Today.  Internet an open network - large number of messages sent.  Can contain sensitive, valuable information. Security is essential.  We shall examine Certified Electronic Mail as a theoretical measure of E- mail Security.
Certified Electronic Mail (CEM)  Added value to traditional electronic mail.  Examination of various properties.  Use a sample certified email protocols to demonstrate properties.  Its use in improvement of existing protocol : S/MIME
Properties of CEM : Non-Repudiation  Postal services force the recipient to sign a receipt token before delivering the envelope which contains the certified message.  Here the recipient only recognizes that it received an envelope which, in turn, can be empty (intentionally or not).  Hence there is a difference with respect to the digital evidence of receipt (linked to the message and not to the envelope).
Types of non-repudiation Direct Communication Model Non-Repudiation of Origin (NRO) is intended to protect against the originator’s false denial of having originated the message. Evidence of Origin (EOO) is generated by the originator, or a TTP on its behalf, and will be held by the recipient. Non-Repudiation of Receipt (NRR) is intended to protect against the recipient’s false denial of having received the message. Evidence of Receipt (EOR) is generated by the recipient, or a TTP on its behalf, and will be held by the originator. Indirect Communication Model Non-Repudiation of Submission (NRS) is intended to provide evidence that the originator submitted the message for delivery. Evidence of Submission (EOS) is generated by the delivery agent, and will be held by the originator. Non-Repudiation of Delivery (NRD) is intended to provide evidence that the message has been delivered to the recipient. Evidence of Delivery (EOD) is generated by the delivery agent, and will be held by the originator
Properties of CEM : Non-Repudiation (Contd…)  Different Possible Message Transfer Combinations: • Exchange of message and NRO for NRR linked to the message. • Exchange of message and NRO for acknowledgement of receipt. • Exchange of message for NRR linked to the message. • Exchange of message for acknowledgement of receipt. • Exchange of envelope and, if possible, NRO for NRR, if possible, linked to the message. • Exchange of envelope and, if possible, NRO for acknowledgement of receipt. • Exchange of envelope for NRR, if possible, linked to the message. • Exchange of envelope for acknowledgement of receipt.
Communication Model  The originator and the recipient potentially do not trust each other.  The originator is not sure that the recipient will acknowledge a message it has received.  On the other hand, the recipient will only acknowledge messages it has received.  In order to facilitate a fair exchange in which neither party will gain an advantage during the transaction, a TTP will usually be involved.  The extent of the trusted third party’s involvement varies among different protocols
Evidence  This is the data that can be used if a dispute arises.  It can be either generated and stored by the local user or by a third party.  Its format depends on the cryptographic mechanisms agreed in the service.  Examples: digital signatures (public key cryptography) and secure envelopes (secret key cryptography).
Common Elements of Evidence format  Non-repudiation service to which evidence is related  Non-repudiation policy identifier  Originator identity  Recipient identity  Third party identity if evidence generator differs from the originator  Message or a digital fingerprint
Common Elements of Evidence format (Contd … )  Information needed for verifying evidence (i.e. digital certificate, symmetric secret key info) if it is not publicly available  TTP’s identifier  Time information (time and date that evidence was generated, expiry date, . . . ).  If this data is certified by a Time Stamp Authority (TSA), it could include a time-stamp service identifier.
Properties of CEM : Fairness  A certified e-mail protocol is fair if and only if at the end of a protocol execution either Alice got the non-repudiation of receipt evidence, and Bob got the corresponding mail (as well as the non-repudiation of origin evidence if required), or none of them got any valuable information.  Types of Fairness  Strong, Weak, Light, True, Probabilistic  Fairness is mandatory, so one of these properties must be compulsory. Weak Fairness is enough, although strong fairness is desirable. Probabilistic Fairness is not desirable
Properties of CEM : TTP  The probability to cheat the other entity in a protocol can be decreased by increasing the number of messages necessary in the protocol. To avoid the communication overhead, a different approach using a trusted third party (TTP) can be introduced. Both entities can send their items to the TTP that forwards them to the respective entities.  Types of TTP  In-line TTP, On-line TTP, Off-line TTP, Transparent TTP, Verifiable TTP  Off-line TTP is desired, but the involvement of the TTP depends on the application.  Transparent and Verifiable TTP are desired, but only one of them can be achieved because they are incompatible.
Properties of CEM : Timeliness  A certifed e-mail protocol provides timeliness if and only if all honest parties always have the ability to reach, in a finite amount of time, a point in the protocol where they can stop the protocol while preserving fairness.  Types of Timeliness  Synchronous Timeliness – Here deadlines are used and the TTP clock is assumed as the reference time.  Asynchronous Timeliness – There are no deadlines here for participants.  Asynchronous Timeliness is desirable as it is difficult to achieve clock synchronization.
Properties of CEM : State Storage  TTPs can be classified with respect to how long (temporal criteria) do they need, if applicable, to store state information.  Types of State Storage  Strong Stateless TTP  Weak Stateless TTP  Strong Stateful TTP  Weak Stateful TTP  Strong Stateless TTP is the most desirable property from a resource and storage point of view.
Properties of CEM : Confidentiality  A certified e-mail protocol is said to provide data confidentiality, if and only if Alice and Bob are the only entities that can extract the content of the sent mail out of the protocol messages.  Confidentiality is not always required as adding confidentiality may harm the efficiency of the protocol.  Types of Confidentiality  Data confidentiality  Identity confidentiality  We could also consider privacy of the originator (anonymity). However anonymity and NRO cannot be provided at the same time.
Properties of CEM : Evidence Transferability  It mainly consists of the sending and reception of evidence among participants.  It is greatly influenced by communication channel properties. The different options are as follows: 1. The communication channel is unreliable. In this case, data can be lost. 2. The communication channel is resilient (also called asynchronous network). In this case, data is delivered after a finite but unknown amount of time. 3. The communication channel is operational (also called synchronous network).In this case, data is delivered after a known, constant amount of time.  An unreliable channel will in most cases be transformed into a resilient channel by the use of an appropriate transport protocol (e.g. retransmissions).
Dispute Resolution in CEM  Dispute resolution is the last phase in a non-repudiation service. This phase will not be activated unless disputes related to a transaction arise.  When a dispute arises, an adjudicator will be invoked to settle the dispute according to the non-repudiation evidence provided by the disputing parties and the non-repudiation policy in effect. This policy should be agreed in advance by the parties involved in the service.
Protocol : Key chain Based CEM Protocol with Transparent TTP  In 2010, Zhiyuan Liu, Jun Pang and Chenyi Zhang proposed an optimistic certified email protocol, which employs key chains to reduce the storage requirement of the trusted third party (TTP).  Satisfies the following CEM properties:  NOR,NRR  Strong Fairness  Timeliness  TTP Transparency
Protocol : Key chain Based CEM Protocol with Transparent TTP  Key Terms in Protocol:  EOO : Evidence of Origin  EOR: Evidence of Receipt  M : Message  T : TTP  sid : sender ID  A,B : Sender , Receiver  h(i) : hash of the I  label : It is used to identify the protocol run.  fT : flag indicating the purpose of the message where T identifies the corresponding message in that protocol
Protocol : Key chain Based CEM Protocol with Transparent TTP  Protocol
Protocol : Key chain Based CEM Protocol with Transparent TTP  Recovery Protocol for the Sender
Protocol : Key chain Based CEM Protocol with Transparent TTP  Recovery Protocol for the Receiver  where label is h(A,B,TTP, h(m), h(k), t)
Working of S/MIME (in brief) Message sending mechanism:
Working of S/MIME (in brief) Message receiving mechanism:
Security Properties met by S/MIME  Message confidentiality via encryption  Message integrity via digital signature  Message origin authentication via digital signature  Non-repudiation of origin via digital signature
Security property not met by S/MIME  Non-repudiation of receipt  S/MIME does not protect the sender of information against the denial of the receiver, who may say the sender never sent the information, or that he/she did not send it on time.  Lack of this property prevents professional use of email.
Addition of NRR with Fairness in S/Mime  Sender sends encrypted message and encryption key for message derived from message.  some function of hash of message for e.g.)  encrypted by public key of receiver.  TTP calculates hash of this and sends it to receiver.  Receiver signs this hash and sends back to TTP.  Now TTP sends signed hash back to sender encrypted by sender’s public key (which he can verify) and also sends message to receiver.
Conclusion and our Thought  Certified e-mail, also known as authenticated e-mail or stamped e-mail, is a system in which senders of commercial e-mail messages pay a small fee to ensure that their messages will bypass spam filter s to reach intended recipients.  Both America Online ( AOL ) and Yahoo have announced certified e-mail plans based on a technology developed by Goodmail Systems.  For a fee of approximately 1/4 of a cent (USD $0.0025) per e-mail, or USD $2.00 to $3.00 for every 1000 messages sent, advertisers can post e-mail messages that defeat most spam filters commonly used at the server level by Internet service providers ( ISP s).
References  Josep Lluis Ferrer-Gomilla a , Jose A. Onieva b , Magdalena Payeras a , Javier Lopez b, * : Certified electronic mail: Properties revisited Computers & Security Volume 29, Issue 2, March 2010, Pages 167–179  Secure Multi-Party Non-Repudiation Protocols and Applications, José A. Onieva, University of Malaga Spain, Javier Lopez ,University of Malaga ,Spain, Jianying Zhou, Institute for Infocomm Research, Singapore Ch – 2 Fundamentals of Non-Repudiation Pages 17-34  Selective Receipt in Certified E-Mail, Steve Kremer and Olivier Markowitch fskremer,omarkowg@ulb.ac.be, 2001 (http://www.ulb.ac.be/di/scsi/markowitch/publications/ic01.pdf)  Oppliger R. Certified mail: the next challenge for secure messaging. ACM Press. Communications of the ACM 2004;47: 75–9
References  Extending a Key-Chain Based Certified Email Protocol with Transparent TTP Zhiyuan Liu, Jun Pang, Chenyi Zhang, Conference: Embedded and Ubiquitous Computing - EUC , pp. 630-636, 2010, DOI: 10.1109/EUC.2010.101  Understanding S/MIME (http://technet.microsoft.com/en-us/library/aa995740(v=exchg.65).aspx)  Prof. Manik Lal Das Slides (L11 - E-Mail Security.pdf)  Certified e-mail (authenticated e-mail or stamped e-mail) (http://whatis.techtarget.com/definition/certified-e-mail-authenticated-e-mail-or-stamped-e-mail)

Recommandé

Digital Signature
Digital SignatureDigital Signature
Digital Signaturesaurav5884
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Digital signature & certificate
Digital signature & certificateDigital signature & certificate
Digital signature & certificateNetGains Technologies Pvt. Ltd.
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesSimmi Kamra
 
Message Authentication Requirement-MAC
Message Authentication Requirement-MACMessage Authentication Requirement-MAC
Message Authentication Requirement-MACSou Jana
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 

Recommandé

Digital Signature
Digital SignatureDigital Signature
Digital Signaturesaurav5884
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Digital signature & certificate
Digital signature & certificateDigital signature & certificate
Digital signature & certificateNetGains Technologies Pvt. Ltd.
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesSimmi Kamra
 
Message Authentication Requirement-MAC
Message Authentication Requirement-MACMessage Authentication Requirement-MAC
Message Authentication Requirement-MACSou Jana
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Key management.ppt
Key management.pptKey management.ppt
Key management.pptSou Jana
 
Cryptography
CryptographyCryptography
CryptographyBirmingham City University
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Cryptography
CryptographyCryptography
Cryptographyherrberk
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 
Digital signature
Digital signatureDigital signature
Digital signatureMohanasundaram Nattudurai
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptographyRoshan Chaudhary
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesBuddhika Karunanayaka
 
Digital Signature
Digital SignatureDigital Signature
Digital Signaturenayakslideshare
 
Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 
Digital Signature.pptx
Digital Signature.pptxDigital Signature.pptx
Digital Signature.pptxMd. AManullah Galib
 
Digital signature
Digital signatureDigital signature
Digital signaturePraseela R
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesEhtisham Ali
 
Cryptography
CryptographyCryptography
CryptographyDipti Sakpal
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Configurer ldaps sur un dc (avec une
Configurer ldaps sur un dc (avec uneConfigurer ldaps sur un dc (avec une
Configurer ldaps sur un dc (avec uneNovencia Groupe
 

Contenu connexe

Tendances

Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Key management.ppt
Key management.pptKey management.ppt
Key management.pptSou Jana
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Cryptography
CryptographyCryptography
Cryptographyherrberk
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 
Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 
Digital signature
Digital signatureDigital signature
Digital signaturePraseela R
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesEhtisham Ali
 

Tendances (20)

Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Key management.ppt
Key management.pptKey management.ppt
Key management.ppt
 
Cryptography
CryptographyCryptography
Cryptography
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Cryptography
CryptographyCryptography
Cryptography
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptography
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 Certificates
 
Digital Signature.pptx
Digital Signature.pptxDigital Signature.pptx
Digital Signature.pptx
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Cryptography
CryptographyCryptography
Cryptography
 

En vedette

E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Configurer ldaps sur un dc (avec une
Configurer ldaps sur un dc (avec uneConfigurer ldaps sur un dc (avec une
Configurer ldaps sur un dc (avec uneNovencia Groupe
 
US Cyber Security Policy
US Cyber Security PolicyUS Cyber Security Policy
US Cyber Security Policysuhlingse
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)Santosh Khadsare
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Cyber law In India: its need & importance
Cyber law In India: its need & importanceCyber law In India: its need & importance
Cyber law In India: its need & importanceAditya Shukla
 
MIS 10 Electronic Payment System
MIS 10 Electronic Payment SystemMIS 10 Electronic Payment System
MIS 10 Electronic Payment SystemTushar B Kute
 
Electronic Payment Systems (EPS)
Electronic Payment Systems (EPS)Electronic Payment Systems (EPS)
Electronic Payment Systems (EPS)Sahan Walpitagamage
 

En vedette (15)

E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Configurer ldaps sur un dc (avec une
Configurer ldaps sur un dc (avec uneConfigurer ldaps sur un dc (avec une
Configurer ldaps sur un dc (avec une
 
Group Q
Group QGroup Q
Group Q
 
US Cyber Security Policy
US Cyber Security PolicyUS Cyber Security Policy
US Cyber Security Policy
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
pgp s mime
pgp s mimepgp s mime
pgp s mime
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Pgp smime
Pgp smimePgp smime
Pgp smime
 
Cyber law In India: its need & importance
Cyber law In India: its need & importanceCyber law In India: its need & importance
Cyber law In India: its need & importance
 
MIS 10 Electronic Payment System
MIS 10 Electronic Payment SystemMIS 10 Electronic Payment System
MIS 10 Electronic Payment System
 
Electronic Payment Systems (EPS)
Electronic Payment Systems (EPS)Electronic Payment Systems (EPS)
Electronic Payment Systems (EPS)
 
PUBLIC POLICY: AN INTRODUCTION
PUBLIC POLICY: AN INTRODUCTIONPUBLIC POLICY: AN INTRODUCTION
PUBLIC POLICY: AN INTRODUCTION
 

Similaire à E mail security using Certified Electronic Mail (CEM)

OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOL
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOLOPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOL
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOLIJNSA Journal
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different ScenariosRaj Sikarwar
 
A fair exchange & customer anonymity protocol
A fair exchange & customer anonymity protocolA fair exchange & customer anonymity protocol
A fair exchange & customer anonymity protocolIJNSA Journal
 
A Fair Exchange & Customer Anonymity Protocol Using A Trusted Third Party for...
A Fair Exchange & Customer Anonymity Protocol Using A Trusted Third Party for...A Fair Exchange & Customer Anonymity Protocol Using A Trusted Third Party for...
A Fair Exchange & Customer Anonymity Protocol Using A Trusted Third Party for...IJNSA Journal
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different ScenariosRaj Sikarwar
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLcscpconf
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocolcsandit
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxhallettfaustina
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxdohertyjoetta
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxvannagoforth
 
Info tec Information Systems homework help.docx
Info tec Information Systems homework help.docxInfo tec Information Systems homework help.docx
Info tec Information Systems homework help.docxwrite4
 
Technical Background Overview Ppt
Technical Background Overview PptTechnical Background Overview Ppt
Technical Background Overview PptAntonio Ieranò
 
User authentication crytography in cse engineering
User authentication crytography in cse engineeringUser authentication crytography in cse engineering
User authentication crytography in cse engineeringmohmmedsahil111
 
Identifying Valid Email Spam Emails Using Decision Tree
Identifying Valid Email Spam Emails Using Decision TreeIdentifying Valid Email Spam Emails Using Decision Tree
Identifying Valid Email Spam Emails Using Decision TreeEditor IJCATR
 
7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx
7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx
7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docxblondellchancy
 
Outlook and thunderbird ii
Outlook and thunderbird iiOutlook and thunderbird ii
Outlook and thunderbird iiBanukaVidusanka
 
Email security
Email securityEmail security
Email securitykumarviji
 

Similaire à E mail security using Certified Electronic Mail (CEM) (20)

OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOL
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOLOPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOL
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOL
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
 
A fair exchange & customer anonymity protocol
A fair exchange & customer anonymity protocolA fair exchange & customer anonymity protocol
A fair exchange & customer anonymity protocol
 
A Fair Exchange & Customer Anonymity Protocol Using A Trusted Third Party for...
A Fair Exchange & Customer Anonymity Protocol Using A Trusted Third Party for...A Fair Exchange & Customer Anonymity Protocol Using A Trusted Third Party for...
A Fair Exchange & Customer Anonymity Protocol Using A Trusted Third Party for...
 
Cryptographic protocols
Cryptographic protocolsCryptographic protocols
Cryptographic protocols
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docx
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docx
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docx
 
Network Security CS2
Network Security CS2Network Security CS2
Network Security CS2
 
Info tec Information Systems homework help.docx
Info tec Information Systems homework help.docxInfo tec Information Systems homework help.docx
Info tec Information Systems homework help.docx
 
Technical Background Overview Ppt
Technical Background Overview PptTechnical Background Overview Ppt
Technical Background Overview Ppt
 
User authentication crytography in cse engineering
User authentication crytography in cse engineeringUser authentication crytography in cse engineering
User authentication crytography in cse engineering
 
Identifying Valid Email Spam Emails Using Decision Tree
Identifying Valid Email Spam Emails Using Decision TreeIdentifying Valid Email Spam Emails Using Decision Tree
Identifying Valid Email Spam Emails Using Decision Tree
 
2
22
2
 
7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx
7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx
7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx
 
Outlook and thunderbird ii
Outlook and thunderbird iiOutlook and thunderbird ii
Outlook and thunderbird ii
 
Email security
Email securityEmail security
Email security
 

Dernier

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Dernier (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

E mail security using Certified Electronic Mail (CEM)

  • 1. E-mail Security Using Certified Electronic mail (CEM)
  • 2. Team Members  Pankaj Bhambhani (200901047) (pankajb64@gmail.com)  Pratik Kumar (200901239) (pratik.kumar.bharat@gmail.com)  Dipesh Shah (200901094) (dipesh1005@gmail.com)  Jignesh Kakadiya (200901201) (jigneshhk1992@gmail.com)  Ajay Dhameliya (200901203) (dhameliyaajay26@yahoo.in)
  • 3. Topics  Why E-mail security?  CEM - Certified Electronic Mail  Properties of CEM  Existing Protocol - S/MIME – properties  Missing properties in S/MIME and their importance  Sample Certified Email Protocol  How to do- Design  Conclusion and our thoughts  References
  • 4. Why E-mail Security?  Primitive E-Mail service – different intended purpose.  Exchange of messages between small universities in a closed network.  Not much concern about misuse.  Different Game Altogether Today.  Internet an open network - large number of messages sent.  Can contain sensitive, valuable information. Security is essential.  We shall examine Certified Electronic Mail as a theoretical measure of E- mail Security.
  • 5. Certified Electronic Mail (CEM)  Added value to traditional electronic mail.  Examination of various properties.  Use a sample certified email protocols to demonstrate properties.  Its use in improvement of existing protocol : S/MIME
  • 6. Properties of CEM : Non-Repudiation  Postal services force the recipient to sign a receipt token before delivering the envelope which contains the certified message.  Here the recipient only recognizes that it received an envelope which, in turn, can be empty (intentionally or not).  Hence there is a difference with respect to the digital evidence of receipt (linked to the message and not to the envelope).
  • 7. Types of non-repudiation Direct Communication Model Non-Repudiation of Origin (NRO) is intended to protect against the originator’s false denial of having originated the message. Evidence of Origin (EOO) is generated by the originator, or a TTP on its behalf, and will be held by the recipient. Non-Repudiation of Receipt (NRR) is intended to protect against the recipient’s false denial of having received the message. Evidence of Receipt (EOR) is generated by the recipient, or a TTP on its behalf, and will be held by the originator. Indirect Communication Model Non-Repudiation of Submission (NRS) is intended to provide evidence that the originator submitted the message for delivery. Evidence of Submission (EOS) is generated by the delivery agent, and will be held by the originator. Non-Repudiation of Delivery (NRD) is intended to provide evidence that the message has been delivered to the recipient. Evidence of Delivery (EOD) is generated by the delivery agent, and will be held by the originator
  • 8. Properties of CEM : Non-Repudiation (Contd…)  Different Possible Message Transfer Combinations: • Exchange of message and NRO for NRR linked to the message. • Exchange of message and NRO for acknowledgement of receipt. • Exchange of message for NRR linked to the message. • Exchange of message for acknowledgement of receipt. • Exchange of envelope and, if possible, NRO for NRR, if possible, linked to the message. • Exchange of envelope and, if possible, NRO for acknowledgement of receipt. • Exchange of envelope for NRR, if possible, linked to the message. • Exchange of envelope for acknowledgement of receipt.
  • 9. Communication Model  The originator and the recipient potentially do not trust each other.  The originator is not sure that the recipient will acknowledge a message it has received.  On the other hand, the recipient will only acknowledge messages it has received.  In order to facilitate a fair exchange in which neither party will gain an advantage during the transaction, a TTP will usually be involved.  The extent of the trusted third party’s involvement varies among different protocols
  • 10. Evidence  This is the data that can be used if a dispute arises.  It can be either generated and stored by the local user or by a third party.  Its format depends on the cryptographic mechanisms agreed in the service.  Examples: digital signatures (public key cryptography) and secure envelopes (secret key cryptography).
  • 11. Common Elements of Evidence format  Non-repudiation service to which evidence is related  Non-repudiation policy identifier  Originator identity  Recipient identity  Third party identity if evidence generator differs from the originator  Message or a digital fingerprint
  • 12. Common Elements of Evidence format (Contd … )  Information needed for verifying evidence (i.e. digital certificate, symmetric secret key info) if it is not publicly available  TTP’s identifier  Time information (time and date that evidence was generated, expiry date, . . . ).  If this data is certified by a Time Stamp Authority (TSA), it could include a time-stamp service identifier.
  • 13. Properties of CEM : Fairness  A certified e-mail protocol is fair if and only if at the end of a protocol execution either Alice got the non-repudiation of receipt evidence, and Bob got the corresponding mail (as well as the non-repudiation of origin evidence if required), or none of them got any valuable information.  Types of Fairness  Strong, Weak, Light, True, Probabilistic  Fairness is mandatory, so one of these properties must be compulsory. Weak Fairness is enough, although strong fairness is desirable. Probabilistic Fairness is not desirable
  • 14. Properties of CEM : TTP  The probability to cheat the other entity in a protocol can be decreased by increasing the number of messages necessary in the protocol. To avoid the communication overhead, a different approach using a trusted third party (TTP) can be introduced. Both entities can send their items to the TTP that forwards them to the respective entities.  Types of TTP  In-line TTP, On-line TTP, Off-line TTP, Transparent TTP, Verifiable TTP  Off-line TTP is desired, but the involvement of the TTP depends on the application.  Transparent and Verifiable TTP are desired, but only one of them can be achieved because they are incompatible.
  • 15. Properties of CEM : Timeliness  A certifed e-mail protocol provides timeliness if and only if all honest parties always have the ability to reach, in a finite amount of time, a point in the protocol where they can stop the protocol while preserving fairness.  Types of Timeliness  Synchronous Timeliness – Here deadlines are used and the TTP clock is assumed as the reference time.  Asynchronous Timeliness – There are no deadlines here for participants.  Asynchronous Timeliness is desirable as it is difficult to achieve clock synchronization.
  • 16. Properties of CEM : State Storage  TTPs can be classified with respect to how long (temporal criteria) do they need, if applicable, to store state information.  Types of State Storage  Strong Stateless TTP  Weak Stateless TTP  Strong Stateful TTP  Weak Stateful TTP  Strong Stateless TTP is the most desirable property from a resource and storage point of view.
  • 17. Properties of CEM : Confidentiality  A certified e-mail protocol is said to provide data confidentiality, if and only if Alice and Bob are the only entities that can extract the content of the sent mail out of the protocol messages.  Confidentiality is not always required as adding confidentiality may harm the efficiency of the protocol.  Types of Confidentiality  Data confidentiality  Identity confidentiality  We could also consider privacy of the originator (anonymity). However anonymity and NRO cannot be provided at the same time.
  • 18. Properties of CEM : Evidence Transferability  It mainly consists of the sending and reception of evidence among participants.  It is greatly influenced by communication channel properties. The different options are as follows: 1. The communication channel is unreliable. In this case, data can be lost. 2. The communication channel is resilient (also called asynchronous network). In this case, data is delivered after a finite but unknown amount of time. 3. The communication channel is operational (also called synchronous network).In this case, data is delivered after a known, constant amount of time.  An unreliable channel will in most cases be transformed into a resilient channel by the use of an appropriate transport protocol (e.g. retransmissions).
  • 19. Dispute Resolution in CEM  Dispute resolution is the last phase in a non-repudiation service. This phase will not be activated unless disputes related to a transaction arise.  When a dispute arises, an adjudicator will be invoked to settle the dispute according to the non-repudiation evidence provided by the disputing parties and the non-repudiation policy in effect. This policy should be agreed in advance by the parties involved in the service.
  • 20. Protocol : Key chain Based CEM Protocol with Transparent TTP  In 2010, Zhiyuan Liu, Jun Pang and Chenyi Zhang proposed an optimistic certified email protocol, which employs key chains to reduce the storage requirement of the trusted third party (TTP).  Satisfies the following CEM properties:  NOR,NRR  Strong Fairness  Timeliness  TTP Transparency
  • 21. Protocol : Key chain Based CEM Protocol with Transparent TTP  Key Terms in Protocol:  EOO : Evidence of Origin  EOR: Evidence of Receipt  M : Message  T : TTP  sid : sender ID  A,B : Sender , Receiver  h(i) : hash of the I  label : It is used to identify the protocol run.  fT : flag indicating the purpose of the message where T identifies the corresponding message in that protocol
  • 22. Protocol : Key chain Based CEM Protocol with Transparent TTP  Protocol
  • 23. Protocol : Key chain Based CEM Protocol with Transparent TTP  Recovery Protocol for the Sender
  • 24. Protocol : Key chain Based CEM Protocol with Transparent TTP  Recovery Protocol for the Receiver  where label is h(A,B,TTP, h(m), h(k), t)
  • 25. Working of S/MIME (in brief) Message sending mechanism:
  • 26. Working of S/MIME (in brief) Message receiving mechanism:
  • 27. Security Properties met by S/MIME  Message confidentiality via encryption  Message integrity via digital signature  Message origin authentication via digital signature  Non-repudiation of origin via digital signature
  • 28. Security property not met by S/MIME  Non-repudiation of receipt  S/MIME does not protect the sender of information against the denial of the receiver, who may say the sender never sent the information, or that he/she did not send it on time.  Lack of this property prevents professional use of email.
  • 29. Addition of NRR with Fairness in S/Mime  Sender sends encrypted message and encryption key for message derived from message.  some function of hash of message for e.g.)  encrypted by public key of receiver.  TTP calculates hash of this and sends it to receiver.  Receiver signs this hash and sends back to TTP.  Now TTP sends signed hash back to sender encrypted by sender’s public key (which he can verify) and also sends message to receiver.
  • 30. Conclusion and our Thought  Certified e-mail, also known as authenticated e-mail or stamped e-mail, is a system in which senders of commercial e-mail messages pay a small fee to ensure that their messages will bypass spam filter s to reach intended recipients.  Both America Online ( AOL ) and Yahoo have announced certified e-mail plans based on a technology developed by Goodmail Systems.  For a fee of approximately 1/4 of a cent (USD $0.0025) per e-mail, or USD $2.00 to $3.00 for every 1000 messages sent, advertisers can post e-mail messages that defeat most spam filters commonly used at the server level by Internet service providers ( ISP s).
  • 31. References  Josep Lluis Ferrer-Gomilla a , Jose A. Onieva b , Magdalena Payeras a , Javier Lopez b, * : Certified electronic mail: Properties revisited Computers & Security Volume 29, Issue 2, March 2010, Pages 167–179  Secure Multi-Party Non-Repudiation Protocols and Applications, José A. Onieva, University of Malaga Spain, Javier Lopez ,University of Malaga ,Spain, Jianying Zhou, Institute for Infocomm Research, Singapore Ch – 2 Fundamentals of Non-Repudiation Pages 17-34  Selective Receipt in Certified E-Mail, Steve Kremer and Olivier Markowitch fskremer,omarkowg@ulb.ac.be, 2001 (http://www.ulb.ac.be/di/scsi/markowitch/publications/ic01.pdf)  Oppliger R. Certified mail: the next challenge for secure messaging. ACM Press. Communications of the ACM 2004;47: 75–9
  • 32. References  Extending a Key-Chain Based Certified Email Protocol with Transparent TTP Zhiyuan Liu, Jun Pang, Chenyi Zhang, Conference: Embedded and Ubiquitous Computing - EUC , pp. 630-636, 2010, DOI: 10.1109/EUC.2010.101  Understanding S/MIME (http://technet.microsoft.com/en-us/library/aa995740(v=exchg.65).aspx)  Prof. Manik Lal Das Slides (L11 - E-Mail Security.pdf)  Certified e-mail (authenticated e-mail or stamped e-mail) (http://whatis.techtarget.com/definition/certified-e-mail-authenticated-e-mail-or-stamped-e-mail)