Skip to main content
SpringerLink
Log in

WSEmail

An architecture and system for secure Internet messaging based on web services

  • Original Research Paper
  • Published:
Service Oriented Computing and Applications Aims and scope Submit manuscript

Abstract

Web services offer an opportunity to redesign a variety of older systems to exploit the advantages of a flexible, extensible, secure set of standards. In this work, we revisit WSEmail, a system proposed over 10 years ago to improve email by redesigning it as a family of web services. WSEmail offers an alternative vision of how instant messaging and email services could have evolved, offering security, extensibility, and openness in a distributed environment instead of the hardened walled gardens that today’s rich messaging systems have become. WSEmail’s architecture, especially its automatic plug-in download feature, allows for rich extensions without changing the base protocol or libraries. We demonstrate WSEmail’s flexibility using three business use cases: secure channel instant messaging, business workflows with routed forms, and on-demand attachments. Since increased flexibility often mitigates against security and performance, we designed WSEmail with security in mind and formally proved the security of one of its core protocols (on-demand attachments) using the TulaFale and ProVerif automated proof tools. We provide performance measurements for WSEmail functions in a prototype we implemented using .NET. Our experiments show a latency of about a quarter of a second per transaction under load.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Abadi M, Glew N, Horne B, Pinkas B (2002) Certified email with a light on-line trusted third party: design and implementation. In: Proceedings of the eleventh international conference on world wide web, ACM Press, pp 387–395, https://doi.org/10.1145/511446.511497

  2. Afandi R, Zhang J, Gunter CA (2006) AMPol-Q: adaptive middleware policy to support QoS. In: Proceedings of the 4th international conference on service-oriented computing, Springer, Berlin, Heidelberg, ICSOC’06, pp 165–178, https://doi.org/10.1007/11948148_14

    Chapter  Google Scholar 

  3. Anglano C (2014) Forensic analysis of WhatsApp messenger on Android smartphones. Digit Investig 11(3):201–213. https://doi.org/10.1016/j.diin.2014.04.003, Special Issue: Embedded Forensics

    Article  Google Scholar 

  4. Bajaj S, Box D, Chappell D, Curbera F, Daniels G, Hallam-Baker P, Hondo M, Kaler C, Langworthy D, Nadalin A, Nagaratnam N, Prafullchandra H, von Riegen C, Roth D, Schlimmer J, Sharp C, Shewchuk J, Vedamuthu A, Ümit Yalçinalp, Orchard D (2006) Web Services Policy 1.2 - Framework (WS-Policy). W3C member submission, World Wide Web Consortium, URL https://www.w3.org/Submission/WS-Policy/

  5. Bartel M, Boyer J, Fox B, LaMacchia B, Simon E (2002) XML-signature syntax and processing. W3C recommendation, World Wide Web Consortium, URL www.w3.org/TR/xmldsig-core/

  6. Bhargavan K, Fournet C, Gordon AD, Pucella R (2003) TulaFale: A security tool for web services. In: International symposium on formal methods for components and objects (FMCO’03), Springer, LNCS

  7. Bhargavan K, Fournet C, Gordon A (2004) A semantics for web services authentication. In: Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on principles of programming languages, ACM Press, New York, NY, pp 198–209

  8. Biondi P, Desclaux F (2006) Silver needle in the Skype. In: BlackHat Europe 2006, Black Hat

  9. Blanchet B (2001) An efficient cryptographic protocol verifier based on Prolog rules. In: Proceedings of the 14th IEEE Workshop on Computer Security Foundations, IEEE Computer Society, p 82

  10. Bobba R, Fatemieh O, Khan F, Gunter CA, Khurana H (2006) Using attribute-based access control to enable attribute-based messaging. In: 2006 22nd annual computer security applications conference (ACSAC’06), pp 403–413. https://doi.org/10.1109/ACSAC.2006.53

  11. Borisov N, Goldberg I, Brewer E (2004) Off-the-record communication, or, why not to use PGP. In: Proceedings of the 2004 ACM workshop on privacy in the electronic society, ACM, New York, NY, USA, pp 77–84. https://doi.org/10.1145/1029179.1029200

  12. Cohn-Gordon K, Cremers C, Dowling B, Garratt L, Stebila D (2016) A formal security analysis of the Signal messaging protocol. Cryptology ePrint Archive, Report 2016/1013, eprint.iacr.org/2016/1013

  13. Gioachin F, Shankesi R, May MJ, Gunter CA, Shin W (2007) Emergency alerts as RSS feeds with interdomain authorization. In: Second International Conference on Internet Monitoring and Protection (ICIMP 2007), pp 13–13. https://doi.org/10.1109/ICIMP.2007.15

  14. Google (2018) Peer-to-peer calling in Hangouts. Hangouts Help [Online]. https://support.google.com/hangouts/answer/6334301?hl=en. Accessed 22 Nov 2018

  15. GoogleTalkGuide (2006) Can my GTalk discussion be tracked? Google Talk Help Discussion Archive, URL http://www.groups.google.com/group/Calls-Chats-and-Voicemail/browse_thread/thread/431d561bf7d6f7d6/e49343f783a06a1e

  16. Huang Q, Lee PPC, He C, Qian J, He C (2015) Fine-grained dissection of WeChat in cellular networks. In: 2015 IEEE 23rd international symposium on quality of service (IWQoS), pp 309–318. https://doi.org/10.1109/IWQoS.2015.7404750

  17. Iwase Y (2016) Is Slack’s WebRTC really slacking? webrtcH4cKS, URL https://webrtchacks.com/slack-webrtc-slacking/

  18. Karpisek F, Baggili I, Breitinger F (2015) WhatsApp network forensics: decrypting and understanding the WhatsApp call signaling messages. Digit Invest 15:110–118. https://doi.org/10.1016/j.diin.2015.09.002

    Article  Google Scholar 

  19. Kobeissi N, Breault A (2013) Cryptocat: Adopting accessibility and ease of use as security properties. CoRR arXiv:abs/1306.5156

  20. Lux KD, May MJ, Bhattad NL, Gunter CA, (2005) Wsemail: secure internet messaging based on web services. In 2005 IEEE international conference on web services (ICWS). IEEE, Orlando, FL, USA

  21. Nadalin A, Kaler C, Monzillo R, Hallam-Baker P (2006) Web services security: SOAP message security 1.1 (WS-Security 2004). Standard wss-v1.1-spec-os-SOAPMessageSecurity, OASIS

  22. Paleari R (2013) A look at WeChat security. URL http://www.blog.emaze.net/2013/09/a-look-at-wechat-security.html

  23. Pautasso C, Zimmermann O, Leymann F (2008) Restful web services vs. “big”’ web services: Making the right architectural decision. In: Proceedings of the 17th international conference on world wide web, ACM, New York, NY, USA, WWW ’08, pp 805–814. https://doi.org/10.1145/1367497.1367606

  24. Senagi KM, Okeyo G, Cheruiyot W, Kimwele M (2016) An aggregated technique for optimization of SOAP performance in communication in web services. Serv Oriented Comput Appl 10(3):273–278. https://doi.org/10.1007/s11761-015-0186-x

    Article  Google Scholar 

  25. Slack (2019) Security White Paper: Slack’s Approach to Security

  26. Warner B (2005) Petmail Design. Petmail, URL http://petmail.lothar.com/design.html. Accessed 13 Aug 2019

  27. WhatsApp (2016) WhatsApp encryption overview. Technical white paper, WhatsApp, URL www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf

Download references

Acknowledgements

We are grateful for discussions of WSEmail that we had with Martin Abadi, Raja Afandi, Noam Arzt, Karthikeyan Bhargavan, Luca Cardelli, Dan Fay, Eric Freudenthal, Cedric Fournet, Andy Gordon, Ari Hershl Gordon-Schlosberg, Munawar Hafiz, Jin Heo, Himanshu Khurana, Ralph Johnson, Bjorn Knutsson, Jay Patel, Neelay Shah, Kaijun Tan, and Jianqing Zhang. We are also grateful to Nayan L. Bhattad for technical support with experiments.

Author information

Authors and Affiliations

  1. Kinneret Academic College, Zemach Regional Center, Jordan Valley, 1513200, Israel

    Michael J. May

  2. University of Pennsylvania Philadelphia, Pennsylvania, USA

    Kevin D. Lux

  3. Rowan University, Glassboro, New Jersey, USA

    Kevin D. Lux

  4. University of Illinois at Urbana-Champaign, Urbana Illinois, USA

    Carl A. Gunter

Authors
  1. Michael J. May
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kevin D. Lux
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Carl A. Gunter
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael J. May.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Our work was supported by Microsoft University Relations, National Science Foundation Grants CCR02-08996 and EIA00-88028, Office of Naval Research Grant N000014-02-1-0715, and Army Research Office Grant DAAD-19-01-1-0473.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

May, M.J., Lux, K.D. & Gunter, C.A. WSEmail. SOCA 14, 5–17 (2020). https://doi.org/10.1007/s11761-019-00283-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11761-019-00283-9

Keywords

Search

Navigation