基于离线条件可信第三方的挂号邮件协议

扩展了半可信第三方的思想，提出条件可信第三方，给出可接受的第三方必须满足的条件，并结合离线可信第三方提出一个基于离线条件可信第三方的挂号邮件协议，目的是在保证可接受的公平结果的前提下尽可能减少对可信第三方的依赖；新协议在离线可信第三方介入的情况下能够达到可接受的公平结果；而且协议中的证据是第三方可验证的，未使用特殊的签名和加密技术，具有较好的适用性。     

A forward-secure e-mail protocol without certificated public keys

Forward secrecy in an e-mail system means that compromising of the long-term secret keys of the mail users and mail servers does not affect the confidentiality of the e-mail messages. Previous forward-secure e-mail protocols used the certified public keys of the users using PKI (Public Key Infrastructure). In this paper, we propose a password-based authenticated e-mail protocol providing forward secrecy. The proposed protocol does not require certified public keys and is sufficiently efficient to be executed on resource-restricted mobile devices.     

A survey of certified mail systems provided on the Internet

Over the last several years, an increasing number of certified mail systems have been put into place on the Internet. Governments, postal operators and private businesses now provide value-added electronic services that match the quality of postal certified mail. So far, there is no common view on the security properties that an electronic certified mail system has to provide. This applies to implementers and, surprisingly, also applies to the research community. All certified mail systems provided on the Internet are autonomous, and most are closed systems. However, recent developments call for cross-border certified mail communications that are similar to what we have become accustomed to in e-mail. This demand is emphasized by the ongoing implementation of the European Union (EU) Services Directive. The interoperability of certified mail systems is a new and challenging research field. The aim of this paper is to assess and discuss various standards and certified mail systems deployed on a large scale by drawing on the literature. This will facilitate interoperability efforts by offering a clearer view on the security properties that are actually applied in practice, as opposed to what is in research. We do this by classifying systems according to the security properties defined to date in the literature. Our findings show that standards and systems provided on the Internet have adopted many aspects of postal certified mail with respect to fairness, non-repudiation services and applied trust models. Nevertheless, there are still differences and incompatibilities, and the community must work toward common and interoperable systems. We encourage research into additional properties that could be applied in practice.     

一个挂号电子邮件协议的缺陷及改进

Nenadic等设计了一个公平的挂号电子邮件协议,协议的目的是实现互不信任的双方以一种公平的方式交换电子邮件和收据并提供发方不可否认证据和收方不可否认证据,这是通过构造一个可验证和可恢复的加密数字签名(VRES)来实现的,由于采用离线TTP,且没有使用零知识证明,效率非常高。该文通过分析指出该协议在构造可验证的加密数字签名时存在缺陷,从而使得它不能保证公平性,并对其进行了修改。     

An interoperability standard for certified mail systems

A large number of certified mail systems have been put into operation on the market over the last years. In contrast to standard mailing systems like e-Mail, certified mail systems provide the secure, reliable and evidential exchange of messages with the quality of traditional postal registered or certified mail. Most of these systems are tailored to national laws, policies, needs and technical requirements and are thus closed and only accessible by certain user groups. However, the ongoing globalization and opening of the markets, especially in the European Union, ask for global certified mailing as already known from e-Mail. Interoperability of certified mail systems is a new and challenging research field. This article presents a framework and standard to make arbitrary certified mail systems interoperable. The presented approach uses a federated trust network of so-called electronic delivery gateways for seamless certified mailing across systems. This is achieved by converting protocols and system specifics on different layers using a harmonized interoperability protocol. The presented framework has been standardized by the European Telecommunications Standards Institute (ETSI) as Registered Electronic Mail specification for interoperable certified mail systems.     

一种有效的可证实的电子邮件协议

文章提出了一个具有完善保密的、公正的、ElGamal签名的、可证实的电子邮件协议。该协议保证了只有在发送者收到了接收者的电子收据后,接收者才能阅读信件内容。协议完全执行后,发送者不能否认自己所发的邮件,接收者也不能否认自己已阅读了该邮件。该协议具有完善的安全性,在协议的执行过程中,除了发送者和接收者,任何信任三方都不可能知道邮件的内容。     

Integrating Internet telephony services

Cost savings and the ease of developing and adding new services have motivated great interest in Internet telephony, which integrates services provided by the Internet with the public switched telephone network (PSTN). Internet telephony relies on several protocols, including the real-time transport protocol (RTP) for multimedia data transport and the session initiation protocol (SIP) or H.323 for establishing and controlling sessions. SIP can integrate with other Internet services, such as email, the Web, voice mail, instant messaging, conference calling, and multimedia collaboration. We have implemented a SIP-based software suite called the Columbia Internet extensible multimedia architecture (Cinema), which we installed and integrated with the existing private branch exchange (PBX) infrastructure in the computer science department at Columbia University. The Cinema environment provides interoperability with the PSTN, programmable Internet telephony services, and IP-based voice mail. It also integrates Web access and e-mail for unified messaging and supports multiparty multimedia conferencing. The setup lets us extend our PBX capacity and will eventually let us replace it while keeping our existing phone numbers. It also provides an environment in which we can easily add new services and features, including interoperation with existing multimedia tools, e-mail access from standard. telephones, network appliance control, and instant messaging support     

Providing Certified Mail Services on the Internet

Even though email is an increasingly important application, the Internet doesn't yet provide a reliable messaging infrastructure. Thus, an email message's sender can never be certain - and doesn't receive any evidence -that his or her message was actually delivered to and received by its intended recipients. Furthermore, a recipient can always deny having received a particular message, and the sender can't do much to prove the opposite. This lack of evidence for message delivery and reception is actually a missing piece in the infrastructure required for the more widespread and professional use of email. Against this background, several value-added services come to mind such as non-repudiation services and the digital analog of certified mail. In this article, the author addresses the problem of how to provide certified mail services on the Internet, focusing on the two-party scenario     

Rama: An architecture for Internet information filtering

This paper describes Rama, a first generation experimental information retrieval and filtering system that attempts to recover useful information from various Internet sources including USENIX news and anonymous FTP servers. The focus of the Rama system to date has been on building a distributed query and information retrieval system, which provides an interface to heterogeneous information services. A user of Rama sends one or more asynchronous queries to a Rama server using existing SMTP e-mail clients. The server periodically searches local and remote Internet services. Searches are prefiltered with the use of timestamps. Data objects which are newer than the timestamp are then searched via a query mechanism which relies on a combination of vector-distance, pattern matching operands, and boolean operators. Results are weighted according to how closely they match queries and are posted via e-mail to the user. Input to the e-mail client can be further filtered — one can use the MH mail system and sort input by weight. Results indicate that the current system is useful and extensible. So far we have assumed that existing e-mail systems will be used for input and output and have not attempted to construct special client interfaces. Efforts are underway to extend the system with WWW searching capabilities and construct a special WWW oriented user-interface.     

电子邮件安全扩展协议应用分析

电子邮件是黑客发起网络攻击的主要入口,其中身份仿冒是电子邮件欺诈重要手段。基于邮件身份验证机制,构建属性图以测量政府机构电子邮件安全扩展协议全球采用率。从邮件内容仿冒、域仿冒、信头仿冒 3 个维度研究安全扩展协议部署效果。结果表明,各国政府机构邮件系统中部署 SPF 协议的约占70%,部署DMARC协议的不足30%,电子邮件身份检测采用率较低。当欺诈邮件进入收件人邮箱后,邮件服务提供商针对仿冒邮件警告机制有待完善。