Viable Email Attacks and a Simple End-to-End Security Solution
DOI:
https://doi.org/10.17010/ijcs/2018/v3/i4/131647Keywords:
Attack
, Email, Security, Signature, VerificationManuscript received May 25
, 2018, revised June 15, accepted June 16, 2018. Date of publication July 6, 2018.Abstract
Many attacks, scams, and malware threats are based on or spread through emails nowadays. Although people have been fighting against them with technical and legal measures for many years, the situation has not improved. It seems to be getting worse and worse. We attribute this to lack of end-to-end security measures for emails in current internet infrastructure. Most past security solutions provide either in-domain authentication, or domain-to-domain authentication. Available end-to-end solutions are based on public key cryptography and have many limitations. In this paper, we propose a simple end-to-end solution for email security. It is based on the idea of trust chain from sender to receiver, which spans multiple domains and organizations without the requirement of a uniform platform. On the client-end, it is transparent to the user without requirement of any user operation. The solution provides end-to-end authentication and integrity for its users, which is hard to achieve or use in existing works.Downloads
Downloads
Published
How to Cite
Issue
Section
References
S. Mundy, “Fraudsters' fingerprints on fake Samsung deal,†Financial Times, October 11, 2013. [Online]. Available: http://www.ft.com/content/0b972892-3259-11e3-b3a7-00144feab7de
J. B. Postel, “Simple Mail Transfer Protocol,†August, 1982, IETF RFC 821.
J. Klensin, “Simple Mail Transfer Protocol,†October, 2008, IETF RFC 5321.
T. Hansen, D. Crocker, and P. Hallam-Baker, “Domain Keys Identified Mail (DKIM) Service Overview,†July, 2009, IETF RFC 5585.
D. Crocker, “DKIM Frequently Asked Questionsâ€, Version: 16-Oct-2007 10:32. [Online]. Available: http://www.dkim.org/info/dkim-faq.html
S. Kitterman, “Sender Policy Framework (SPF) for authorizing use of domains in email, Version 1,†April 2014, IETF RFC 7208.
M. Kucherawy and E. Zwicky, “Domain-based Message Authentication, Reporting, and Conformance (DMARC),†March 2015, IETF RFC7489.
S. Ruoti, J. Andersen, D. Zappala, and K. Seamons, “Why Johnny still, still can't encrypt: Evaluating the usability of a modern PGP client,†CoRR, vol. abs/1510.08555, 2015. [Online]. Available: http://arxiv.org/abs/1510.08555
D. Moolooand, and T. Fowdur, “An SSL-based client-oriented anti-spoofing email application,†In Africon Conf. Proc., September, 2013. doi: 10.1109/AFRCON.2013.6757757
A. Zadgaonkar, V. C. Pandey, and P. S. Pradhan, “Authentication against e-mail address spoofing using application,†Int. J. of Sci. and Modern Eng., vol. 1, no. 6, pp. 13–17, May 2013.
S. Zhao and S. Liu, “An add-on end-to-end secure email solution in mobile communications,†in Proc. of the 10th EAI Int. Conf. on Mobile Multimedia Commun., ser. MOBIMEDIA'17. ICST, Brussels, Belgium, Belgium: ICST (Inst. for Comput. Sciences, Social-Informatics and Telecommun. Eng., 2017, pp. 57–61. [Online]. Available: https://doi.org/10.4108/eai.13-7-2017.2270117
P. Faltstrom, “Most common ways that an email message can get transferred from its author to its recipient,†(n.d.). [Online]. Available: http://en.wikipedia.org/wiki/Email_authentication
T. Kleinjung, “On polynomial selection for the general number field sieve,†Mathematics of Computation, vol. 75, no. 256, pp. 2037–2047, 2006.
