Journal of Network and Systems Management

, Volume 4, Issue 3, pp 279–297 | Cite as

Practical protocols for certified electronic mail

  • Robert H. Deng
  • Li Gong
  • Aurel A. Lazar
  • Weiguo Wang
Papers

Abstract

Electronic mail, or e-mail, has brought us a big step closer towards the vision of paperless offices. To advance even closer to this vision, however, it is essential that existing e-mail systems be enhanced with value-added services which are capable of replacing many of the human procedures established in pen and paper communications. One of the most important and desirable such services is certified e-mail delivery, in which the intended recipient will get the mail content if and only if the mail originator receives an irrefutable proof-of-delivery from the recipient. In this paper, we present the design of two third-party based certified mail protocols, termed CMP1 and CMP2. Both protocols are designed for integration into existing standard e-mail systems and both satisfy the requirements ofnonrepudiation of origin, nonrepudiation of delivery, and fairness. The difference between CMP1 and CMP2 is that the former provides no mail content confidentiality protection while the latter provides such a protection. Moreover, security of the protocols are analyzed using a recently proposed accountability framework.

Key words

Digital signature electronic mail encryption security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    S. Even, O. Goldreich, and A. Lempel, A randomized protocol for signing contracts,Communications of the ACM, Vol. 28, pp. 637–647, June 1985.Google Scholar
  2. 2.
    E. F. Brickell, D. Chaum, I. Damgard, and J. Van de Graaf, Gradual and veriable release of a secret,Advances in Cryptology-CRYPTO'87, pp. 156–166, 1987.Google Scholar
  3. 3.
    M. Blum, How do exchange (secret) keys, Proceedings of STOC'83, pp. 440–447, 1983.Google Scholar
  4. 4.
    R. Cleve, Controlled gradual disclosure schemes for random bits and their applications,Advances in Cryptology-CRYPTO'89, pp. 573–588, 1989.Google Scholar
  5. 5.
    I. Damgard, Practical and provably secure exchange of digital signatures,Advances in Cryptology-EUROCRYPT'93, pp. 200–217, 1993.Google Scholar
  6. 6.
    M. Luby, S. Micali, and C. Rackoff, How to simultaneously exchange secret bit by flipping a symmetrically-biased coin. Proceedings of FOCS'83, pp. 23–30, 1983.Google Scholar
  7. 7.
    T. Okamoto and K. Ohta, How to simultaneously exchange secrets by general assumptions. Proceedings of 2nd ACM Conference on Computer and Communications Security, pp. 184–192, Fairfax, Virginia, November 1994.Google Scholar
  8. 8.
    A. Yao, How to generate and exchange secrets. Proceedings of FOCS'86, pp. 162–167, 1986.Google Scholar
  9. 9.
    M. Ben-Or, O. Goldreich, S. Micali, and R. Rivest, A fair protocol for signing contracts,IEEE Transactions on Information Theory, Vol. 36, pp. 40–46, January 1990.Google Scholar
  10. 10.
    M. T. Rose,The Internet Message: Closing the Book with Electronic Mail, PTR Prentice Hall, Englewood Cliffs, New Jersey, 1993.Google Scholar
  11. 11.
    CCITT, Message Handling Systems, X. 400 Series Recommendations, 1988.Google Scholar
  12. 12.
    R. Kailar, Reasoning about accountability in protocols for electronic commerce, Proceedings of 1995 IEEE Symposium on Security and Privacy, pp. 236–250. Oakland, California, May 1995.Google Scholar
  13. 13.
    S. Radicati,Electronic Mail: An Introduction to the X.400 Message Handling Standards. McGraw-Hill, Inc., New York, 1992.Google Scholar
  14. 14.
    W. Diffie and M. Hellman, New directions in cryptography,IEEE Transactions on Information Theory, Vol. 22, pp. 644–654, 1976.Google Scholar
  15. 15.
    M. Reiter, A secure group membership protocol. Proceedings of the Symposium on Research in Security and Privacy, pp. 176–189, Oakland, California, May 1994.Google Scholar
  16. 16.
    C. Lai, G. Medvinsky, and B. C. Neuman, Endorsements, licensing, and insurance for distributed system services, Proceedings of 2nd ACM Conference on Computer and Communications Security, pp. 170–175, Fairfax, Virginia, November 1994.Google Scholar
  17. 17.
    L. Gong, Increasing availability and security of an authentication service.IEEE J. Selected Areas Communications, Vol. 11, pp. 657–662, June 1993.Google Scholar
  18. 18.
    M. K. Franklin and M. K. Reiter, The design and implementation of a secure auction service. Proceedings of 1995 IEEE Symposium on Security and Privacy, pp. 2–14, Oakland, California, May 1995.Google Scholar

Copyright information

© Plenum Publishing Corporation 1996

Authors and Affiliations

  • Robert H. Deng
    • 1
  • Li Gong
    • 2
  • Aurel A. Lazar
    • 3
  • Weiguo Wang
    • 1
  1. 1.Institute of Systems ScienceNational University of SingaporeSingapore
  2. 2.Computer Science LaboratorySRI InternationalMenlo Park
  3. 3.Department of Electrical Engineering and Center for Telecommunications ResearchColumbia UniversityNew York

Personalised recommendations