Abstract
S/MIME has been widely used to provide the end-to-end authentication, integrity and non-repudiation. S/MIME has the significant drawback that headers are unauthentic. DKIM protects specified headers, but only between the sending server and the receiver. These lead to possible impersonation attacks and profiling of the email communication, and encourage spam and phishing activities. In this paper we propose an approach to extend S/MIME to support end-to-end integrity of email headers. This approach is fully compatible with S/MIME. Under some reasonable assumption our approach can help reduce spam efficiently.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ramsdell, B. (ed.): S/MIME Version 3 Message Specification, IETF RFC 2633 (June 1999)
Ramsdell, B. (ed.): Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1, IETF RFC 3851 (July 2004)
Q2 2006 email statistics, breaking down email behaviors and trends, EROI, Inc., Portland, Tech. Rep. (2006), [Online]. Available: www.eroi.com/eMarketingGuide/Q2-06-stats-study.pdf
Resnick, P.: Internet Message Format, IETF RFC 2822 (April 2001)
Lyon, J., Wong, M.: Sender ID: Authenticating E-Mail, IETF RFC 4406 (April 2006)
Wong, M., Schlitt, W.: Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1, IETF RFC 4408 (April 2006)
Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J., Thomas, M.: DomainKeys Identified Mail (DKIM) Signatures, IETF RFC 4871 (May 2007) [Online] Available: http://www.ietf.org/rfc/rfc4871.txt
Adida, B., Chau, D., Hohenberger, S., Rivest, R.L.: Lightweight email signatures, (February 2006), [Online] Available: http://theory.lcs.mit.edu/ rivest/AdidaChauHohenbergerRivest -LightweightEmailSignatures.pdf
Email metrics program: The network operators’ perspectivereport #3 - 2nd quarter 2006, Messaging Anti-Abuse Working Group(MAAWG), Tech. Rep. (November 2006), [Online] Available: http://www.maawg.org/about/FINAL_2Q2006_Metrics_Report.pdf
Housley, R.: Cryptographic Message Syntax, IETF RFC 3852 (July 2004)
Abstract Syntax Notation One (ASN.1): Specification of Basic Notation, ITU-T ITU-T Rec. X.680 (2002) | ISO/IEC 8824-1:2002 (July 2002), [Online] Available: http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, IETF RFC 3280 (April 2002)
Cormack, G.V., Lynam, T.R.: TREC 2005 spam track public corpora (2005), [Online] Available: http://plg.uwaterloo.ca/~gvcormac/treccorpus/
Cormack, G.V., Lynam, T.R.: TREC 2006 spam track public corpora (2006), [Online] Available: http://plg.uwaterloo.ca/~gvcormac/treccorpus06/
Pooka - email client in java, [Online] Available: http://sourceforge.net/projects/pooka/
Javamail cryptography api., [Online] Available: http://sourceforge.net/projects/javamail-crypto/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liao, L., Schwenk, J. (2007). End-to-End Header Protection in Signed S/MIME. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS. OTM 2007. Lecture Notes in Computer Science, vol 4804. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76843-2_37
Download citation
DOI: https://doi.org/10.1007/978-3-540-76843-2_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76835-7
Online ISBN: 978-3-540-76843-2
eBook Packages: Computer ScienceComputer Science (R0)