Advertisement

From Proxy Encryption Primitives to a Deployable Secure-Mailing-List Solution

  • Himanshu Khurana
  • Jin Heo
  • Meenal Pant
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4307)

Abstract

Proxy encryption schemes transform cipher-text from one key to another without revealing the plain-text. Agents that execute such transformations are therefore minimally trusted in distributed systems leading to their usefulness in many applications. However, till date no application of proxy encryption has been deployed and used in practice. In this work we describe our efforts in developing a deployable secure mailing list solution based on proxy encryption techniques. Securing emails exchanged on mailing lists requires that confidentiality, integrity, and authentication of the emails be provided. This includes ensuring their confidentiality while in transit at the list server; a functionality that is uniquely supported by proxy encryption. In developing this solution we addressed the challenges of identifying requirements for deployability, defining a component architecture that maximizes the use of COTS components to help in deployment, developing the proxy encryption protocol to satisfy requirements and to fit within the component architecture, implementing and testing the solution, and packaging the release. As evidence of its deployability, the resulting secure mailing list solution is compatible with common email clients including Outlook, Thunderbird, Mac Mail, Emacs, and Mutt.

Keywords

List Moderator List Size Mail Server Broadcast Encryption List Server 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adida, B., Hohenberger, S., Rivest, R.L.: Lightweight Encryption for Email. In: Proceedings of Usenix’s Symposium on Reducing Unwanted Traffic on the Internet (SRUTI 2005) (July 2005)Google Scholar
  2. 2.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 3-4 (2005)Google Scholar
  3. 3.
    Bentley, D., Rose, G.G., Whalen, T.: ssmail: Opportunistic Encryption in sendmail. In: Proceedings of the 13th Usenix Systems Administration Conference (LISA) (1999)Google Scholar
  4. 4.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. SIAM Journal of Computing 32(3), 586–615 (2003)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Boneh, D., Gentry, C., Waters, B.: Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)Google Scholar
  7. 7.
    Brownlee, N., Guttman, E.: Expectations for Computer Security Incident Response, IETF Network Working Group, RFC 2350 (June 1998)Google Scholar
  8. 8.
    Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP Message Format, IETF Network Working Group, Request for Comments, RFC 2440 (November 1998)Google Scholar
  9. 9.
    Callas, J.: Identity-Based Encryption with Conventional Public-Key Infrastructure. In: Proceedings of the 4th Annual PKI R&D Workshop (2005)Google Scholar
  10. 10.
    Chiu, Y.-P., Lei, C.-L., Huang, C.-Y.: Secure Multicast Using Proxy Encryption. In: Qing, S., Mao, W., López, J., Wang, G. (eds.) ICICS 2005. LNCS, vol. 3783, pp. 280–290. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Crocker, S., Freed, N., Galvin, J., Murphy, S.: MIME Object Security Services, IETF Network Working Group, Request for Comments, 1848 (October 1995)Google Scholar
  12. 12.
    Delaney, M. (ed.): Domain-based Email Authentication Using Public-Keys, IETF Internet Draft (September 2005)Google Scholar
  13. 13.
    Ding, X., Tsudik, G.: Simple Identity-Based Cryptography with Mediated RSA. In: Proceedings of the RSA Conference. Cryptographer’s Track (2003)Google Scholar
  14. 14.
    Dodis, Y., Fazio, N.: Public Key Broadcast Encryption for Stateless Receivers. In: ACM Workshop on Digital Rights Management (DRM) (November 2002)Google Scholar
  15. 15.
    Franklin, M., Tsudik, G.: Secure group barter: multi-party fair exchange with semi-trusted neutral parties. In: Financial Cryptography (1998)Google Scholar
  16. 16.
    Gamal, T.E.: A Public Key Cryptosystem and a Signature Scheme Based on the Discrete Logarithm. IEEE Transactions of Information Theory 31(4), 469–472 (1985)MATHCrossRefGoogle Scholar
  17. 17.
    Hoffman, P. (ed.): Enhanced Security Services for S/MIME, IETF Network Working Group, RFC 2634 (June 1999)Google Scholar
  18. 18.
    Ivan, A., Dodis, Y.: Proxy Cryptography Revisited. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (February 2003)Google Scholar
  19. 19.
    Jakobsson, M.: On quorum controlled asymmetric proxy re-encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 112–121. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  20. 20.
    Khurana, H., Slagell, A., Bonilla, R.: SELS: A Secure E-mail List Service. In: The Security Track of the ACM Symposium on Applied Computing (SAC) (March 2005)Google Scholar
  21. 21.
    Khurana, H., Hahm, H.-S.: Certified Mailing Lists. In: Proceedings of the ACM Symposium on Communication, Information, Computer and Communication Security (ASIACCS 2006), Taipei, Taiwan (March 2006)Google Scholar
  22. 22.
    Khurana, H., Koleva, R.: Scalable Security and Accounting Services for Content-Based Publish Subscribe Systems. International Journal of E-Business Research 2(3) (2006)Google Scholar
  23. 23.
    Kim, Y., Perrig, A., Tsudik, G.: Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups. In: Proceedings of 7th ACM Conference on Computer and Communication Security (CCS) (2000)Google Scholar
  24. 24.
    Linn, J.: Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures. IETF PEM WG RFC 21 (1993)Google Scholar
  25. 25.
    Mambo, M., Okamoto, E.: Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts. IEICE Transactions on Fundamentals E80-A(1) (1997)Google Scholar
  26. 26.
    Ramsdell, B. (ed.): Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification, IETF Network Working Group, Request for Comments, RFC 3851 (July 2004)Google Scholar
  27. 27.
    Smetters, D.K., Durfee, G.: Domain-based authentication of identity-based cryptosystems for secure email and IPsec. In: Proceedings of the 12th Usenix Security Symposium, Washington, DC, August 4-8 (2003)Google Scholar
  28. 28.
    Wei, W., Ding, X., Chen, K.: Multiplex Encryption: A Practical Approach to Encrypting Multi-Recipient Emails. In: Qing, S., Mao, W., López, J., Wang, G. (eds.) ICICS 2005. LNCS, vol. 3783, pp. 269–279. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  29. 29.
    West-Brown, M.J., Stikvoort, D., Kossakowski, K.-P., Killcrece, G., Ruefle, R., Zajicek, M.: Handbook for Computer Security Incident Response Teams (CSIRTs), CERT Handbook, CMU/SEI-2003-HB-002 (April 2003), available at: http://www.cert.org/archive/pdf/csirt-handbook.pdf
  30. 30.
    Wong, C.K., Gouda, M.G., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Transactions on Networking 8(1), 16–30 (2000)CrossRefGoogle Scholar
  31. 31.
    Zimmerman, P.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)Google Scholar
  32. 32.
    Zhou, J.: On the Security of a Multi-Party Certified Email Protocol. In: Proceedings of the International Conference on Information and Communications Security, Malaga, Spain (October 2004)Google Scholar
  33. 33.
    Zhou, L., Marsh, M.A., Schneider, F.B., Redz, A.: Distributed Blinding for Distributed ElGamal Re-Encryption. In: International Conference on Distributed Computing Systems (ICDCS), pp. 815–824 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Himanshu Khurana
    • 1
  • Jin Heo
    • 1
  • Meenal Pant
    • 1
  1. 1.National Center for Supercomputing Applications (NCSA)University of IllinoisUrbana-Champaign

Personalised recommendations