Skip to main content
SpringerLink
Log in

On the Security of a Certified E-Mail Scheme

  • Conference paper
Progress in Cryptology - INDOCRYPT 2004 (INDOCRYPT 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3348))

Included in the following conference series:

Abstract

As a value-added service for standard e-mail systems, a certified e-mail scheme allows a sender to deliver a message to a receiver in a fair way in the sense that either the sender obtains a receipt from the receiver and the receiver accesses the content of the e-mail simultaneously, or neither party gets the expected item. In 2000, Ferrer-Gomila et al. [11] proposed a novel certified e-mail protocol. Their scheme is both efficient and optimistic, since it has only three steps and a trusted third party is not involved in normal cases. Later, Monteiro and Dahab [16] identified an attack on Ferrer-Gomila et al.’s scheme, and further presented a modified scheme. In this paper, we show that their improvement is still insecure by successfully identifying several weaknesses and security flaws. Our attacks also apply to Ferrer-Gomila et al.’s original scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Glew, N., Horne, B., Pinkas, B.: Certified email with a light on-line trusted third party: Design and implementation. In: Proc. of 2002 International World Wide Web Conference (WWW 2002), pp. 387–395. ACM Press, New York (2002)

    Chapter  Google Scholar 

  2. Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for fair exchange. In: Proc. of AMC Conference on Computer and Communications Security (CCS 1997), pp. 7–17. ACM Press, New York (1997)

    Chapter  Google Scholar 

  3. Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in Communications 18(4), 591–606 (2000)

    Article  Google Scholar 

  4. Ateniese, G., de Medeiros, B., Goodrich, M.T.: TRICERT: A distributed certified E-mail scheme. In: Proc. of Symposium on Network and Distributed Systems Security (NDSS 2001). Internet Society, San Diego (2001)

    Google Scholar 

  5. Ateniese, G., Nita-Rotaru, C.: Stateless-receipient certified E-mail system based on verifiable encryption. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 182–199. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  6. Bao, F., Wang, G., Zhou, J., Zhu, H.: Analysis and improvement of Micali’s fair contract signing protocol. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 176–187. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  7. Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.L.: A fair protocol for signing contracts. IEEE Transactions on Information Theory 36(1), 40–46 (1990)

    Article  Google Scholar 

  8. Boyd, C., Kearney, P.: Exploring fair exchange protocols using specification animation. In: Okamoto, E., Pieprzyk, J.P., Seberry, J. (eds.) ISW 2000. LNCS, vol. 1975, pp. 209–223. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  9. Damgård, I.B.: Practical and provably secure release of a secret and exchange of signatures. Journal of Cryptology 8(4), 201–222 (1995)

    Article  MATH  Google Scholar 

  10. Deng, R., Gong, L., Lazar, A., Wang, W.: Practical protocol for certified electronic mail. Journal of Network and Systems Management 4(3), 279–297 (1996)

    Article  Google Scholar 

  11. Ferrer-Gomila, J.L., Payeras-Capella, M., Huguet-Rotger, L.: An efficient protocol for certified elctronic mail. In: Okamoto, E., Pieprzyk, J.P., Seberry, J. (eds.) ISW 2000. LNCS, vol. 1975, pp. 237–248. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  12. Imamoto, K., Sakurai, K.: A cerified e-mail system with reciever’s selctive usage of delivery authortiy. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 326–338. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  13. Kremer, S., Markowitch, O.: Selective receipt in cerified e-mail. In: Pandu Rangan, C., Ding, C. (eds.) INDOCRYPT 2001. LNCS, vol. 2247, pp. 136–148. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  14. Kremer, S., Markowitch, O., Zhou, J.: An intensive survey of fair non-repudiation protocols. Computer Communications 25(17), 1606–1621 (2002)

    Article  Google Scholar 

  15. Gurgens, S., Rudolph, C., Vogt, H.: On the security of fair non-repudiation protocols. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 193–207. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Monteiro, J.R.M., Dahab, R.: An attack on a protocol for certified delivery. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 428–436. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  17. Micali, S.: Simple and fast optimistic protocols for fair electronic exchange. In: Proc. of 22th Annual ACM Symp. on Principles of Distributed Computing (PODC 2003), pp. 12–19. ACM Press, New York (2003)

    Google Scholar 

  18. Onieva, J.A., Zhou, J., Lopez, J.: Enhancing certied email service for timeliness and multicasting. In: Proc. of 4th International Network Conference (INC 2004), Plymouth, UK, July 2004, pp. 327–336 (2004)

    Google Scholar 

  19. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)

    Article  MATH  MathSciNet  Google Scholar 

  20. Zhou, J., Gollmann, D.: Certified electronic mail. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 160–171. Springer, Heidelberg (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Infocomm Security Department, Institute for Infocomm Research, 21 Heng Mui Keng Terrace, 119613, Singapore

    Guilin Wang, Feng Bao & Jianying Zhou

Authors
  1. Guilin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Feng Bao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. INRIA Rocquencourt, France

    Anne Canteaut

  2. SETS, 21 Mangadu Swamy Street, Nungambakkam, 600 034, Chennai, India

    Kapaleeswaran Viswanathan

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, G., Bao, F., Zhou, J. (2004). On the Security of a Certified E-Mail Scheme. In: Canteaut, A., Viswanathan, K. (eds) Progress in Cryptology - INDOCRYPT 2004. INDOCRYPT 2004. Lecture Notes in Computer Science, vol 3348. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30556-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30556-9_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24130-0

  • Online ISBN: 978-3-540-30556-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation