The document discusses certified electronic mail (CEM) and its properties like non-repudiation, fairness, use of a trusted third party, and timeliness. It also summarizes the S/MIME protocol and proposes adding non-repudiation of receipt to S/MIME to improve its security. Finally, it outlines a key chain based CEM protocol that uses a transparent trusted third party and satisfies properties like non-repudiation of origin and receipt as well as fairness.

1. E-mail Security
Using Certified Electronic mail (CEM)

2. Team Members
 Pankaj Bhambhani (200901047) (pankajb64@gmail.com)
 Pratik Kumar (200901239) (pratik.kumar.bharat@gmail.com)
 Dipesh Shah (200901094) (dipesh1005@gmail.com)
 Jignesh Kakadiya (200901201) (jigneshhk1992@gmail.com)
 Ajay Dhameliya (200901203) (dhameliyaajay26@yahoo.in)

3. Topics
 Why E-mail security?
 CEM - Certified Electronic Mail
 Properties of CEM
 Existing Protocol - S/MIME – properties
 Missing properties in S/MIME and their importance
 Sample Certified Email Protocol
 How to do- Design
 Conclusion and our thoughts
 References

4. Why E-mail Security?
 Primitive E-Mail service – different intended purpose.
 Exchange of messages between small universities in a closed network.
 Not much concern about misuse.
 Different Game Altogether Today.
 Internet an open network - large number of messages sent.
 Can contain sensitive, valuable information. Security is essential.
 We shall examine Certified Electronic Mail as a theoretical measure of E-
mail Security.

5. Certified Electronic Mail (CEM)
 Added value to traditional electronic mail.
 Examination of various properties.
 Use a sample certified email protocols to demonstrate properties.
 Its use in improvement of existing protocol : S/MIME

6. Properties of CEM : Non-Repudiation
 Postal services force the recipient to sign a receipt token before delivering
the envelope which contains the certified message.
 Here the recipient only recognizes that it received an envelope which, in turn,
can be empty (intentionally or not).
 Hence there is a difference with respect to the digital evidence of receipt
(linked to the message and not to the envelope).

7. Types of non-repudiation
Direct Communication Model
Non-Repudiation of Origin (NRO) is intended to protect against the originator’s false
denial of having originated the message. Evidence of Origin (EOO) is generated by the
originator, or a TTP on its behalf, and will be held by the recipient.
Non-Repudiation of Receipt (NRR) is intended to protect against the recipient’s false
denial of having received the message. Evidence of Receipt (EOR) is generated by the
recipient, or a TTP on its behalf, and will be held by the originator.
Indirect Communication Model
Non-Repudiation of Submission (NRS) is intended to provide evidence that the originator
submitted the message for delivery. Evidence of Submission (EOS) is generated by the
delivery agent, and will be held by the originator.
Non-Repudiation of Delivery (NRD) is intended to provide evidence that the message
has been delivered to the recipient. Evidence of Delivery (EOD) is generated by the
delivery agent, and will be held by the originator

8. Properties of CEM : Non-Repudiation
(Contd…)
 Different Possible Message Transfer Combinations:
• Exchange of message and NRO for NRR linked to the message.
• Exchange of message and NRO for acknowledgement of receipt.
• Exchange of message for NRR linked to the message.
• Exchange of message for acknowledgement of receipt.
• Exchange of envelope and, if possible, NRO for NRR, if possible,
linked to the message.
• Exchange of envelope and, if possible, NRO for acknowledgement
of receipt.
• Exchange of envelope for NRR, if possible, linked to the message.
• Exchange of envelope for acknowledgement of receipt.

9. Communication Model
 The originator and the recipient potentially do not trust each other.
 The originator is not sure that the recipient will acknowledge a message it
has received.
 On the other hand, the recipient will only acknowledge messages it has
received.
 In order to facilitate a fair exchange in which neither party will gain an
advantage during the transaction, a TTP will usually be involved.
 The extent of the trusted third party’s involvement varies among different
protocols

10. Evidence
 This is the data that can be used if a dispute arises.
 It can be either generated and stored by the local user or by a third party.
 Its format depends on the cryptographic mechanisms agreed in the
service.
 Examples: digital signatures (public key cryptography) and secure
envelopes (secret key cryptography).

11. Common Elements of Evidence format
 Non-repudiation service to which evidence is related
 Non-repudiation policy identifier
 Originator identity
 Recipient identity
 Third party identity if evidence generator differs from the originator
 Message or a digital fingerprint

12. Common Elements of Evidence format
(Contd … )
 Information needed for verifying evidence (i.e. digital certificate, symmetric
secret key info) if it is not publicly available
 TTP’s identifier
 Time information (time and date that evidence was generated, expiry
date, . . . ).
 If this data is certified by a Time Stamp Authority (TSA), it could include a
time-stamp service identifier.

13. Properties of CEM : Fairness
 A certified e-mail protocol is fair if and only if at the end of a protocol
execution either Alice got the non-repudiation of receipt evidence, and
Bob got the corresponding mail (as well as the non-repudiation of origin
evidence if required), or none of them got any valuable information.
 Types of Fairness
 Strong, Weak, Light, True, Probabilistic
 Fairness is mandatory, so one of these properties must be compulsory.
Weak Fairness is enough, although strong fairness is desirable. Probabilistic
Fairness is not desirable

14. Properties of CEM : TTP
 The probability to cheat the other entity in a protocol can be decreased by
increasing the number of messages necessary in the protocol. To avoid the
communication overhead, a different approach using a trusted third party
(TTP) can be introduced. Both entities can send their items to the TTP that
forwards them to the respective entities.
 Types of TTP
 In-line TTP, On-line TTP, Off-line TTP, Transparent TTP, Verifiable TTP
 Off-line TTP is desired, but the involvement of the TTP depends on the
application.
 Transparent and Verifiable TTP are desired, but only one of them can be
achieved because they are incompatible.

15. Properties of CEM : Timeliness
 A certifed e-mail protocol provides timeliness if and only if all honest parties
always have the ability to reach, in a finite amount of time, a point in the
protocol where they can stop the protocol while preserving fairness.
 Types of Timeliness
 Synchronous Timeliness – Here deadlines are used and the TTP clock is assumed
as the reference time.
 Asynchronous Timeliness – There are no deadlines here for participants.
 Asynchronous Timeliness is desirable as it is difficult to achieve clock
synchronization.

16. Properties of CEM : State Storage
 TTPs can be classified with respect to how long (temporal criteria) do they
need, if applicable, to store state information.
 Types of State Storage
 Strong Stateless TTP
 Weak Stateless TTP
 Strong Stateful TTP
 Weak Stateful TTP
 Strong Stateless TTP is the most desirable property from a resource and
storage point of view.

17. Properties of CEM : Confidentiality
 A certified e-mail protocol is said to provide data confidentiality, if and only
if Alice and Bob are the only entities that can extract the content of the
sent mail out of the protocol messages.
 Confidentiality is not always required as adding confidentiality may harm
the efficiency of the protocol.
 Types of Confidentiality
 Data confidentiality
 Identity confidentiality
 We could also consider privacy of the originator (anonymity). However
anonymity and NRO cannot be provided at the same time.

18. Properties of CEM : Evidence
Transferability
 It mainly consists of the sending and reception of evidence among participants.
 It is greatly influenced by communication channel properties. The different options
are as follows:
1. The communication channel is unreliable. In this case, data can be lost.
2. The communication channel is resilient (also called asynchronous network). In
this case, data is delivered after a finite but unknown amount of time.
3. The communication channel is operational (also called synchronous network).In this
case, data is delivered after a known, constant amount of time.
 An unreliable channel will in most cases be transformed into a resilient channel by the use
of an appropriate transport protocol (e.g. retransmissions).

19. Dispute Resolution in CEM
 Dispute resolution is the last phase in a non-repudiation service. This phase
will not be activated unless disputes related to a transaction arise.
 When a dispute arises, an adjudicator will be invoked to settle the dispute
according to the non-repudiation evidence provided by the disputing
parties and the non-repudiation policy in effect. This policy should be
agreed in advance by the parties involved in the service.

20. Protocol : Key chain Based CEM
Protocol with Transparent TTP
 In 2010, Zhiyuan Liu, Jun Pang and Chenyi Zhang proposed an optimistic
certified email protocol, which employs key chains to reduce the storage
requirement of the trusted third party (TTP).
 Satisfies the following CEM properties:
 NOR,NRR
 Strong Fairness
 Timeliness
 TTP Transparency

21. Protocol : Key chain Based CEM
Protocol with Transparent TTP
 Key Terms in Protocol:
 EOO : Evidence of Origin
 EOR: Evidence of Receipt
 M : Message
 T : TTP
 sid : sender ID
 A,B : Sender , Receiver
 h(i) : hash of the I
 label : It is used to identify the protocol run.
 fT : flag indicating the purpose of the message where T identifies the
corresponding message in that protocol

22. Protocol : Key chain Based CEM
Protocol with Transparent TTP
 Protocol

23. Protocol : Key chain Based CEM
Protocol with Transparent TTP
 Recovery Protocol for the Sender

24. Protocol : Key chain Based CEM
Protocol with Transparent TTP
 Recovery Protocol for the Receiver
 where label is h(A,B,TTP, h(m), h(k), t)

25. Working of S/MIME (in brief)
Message sending mechanism:

26. Working of S/MIME (in brief)
Message receiving mechanism:

27. Security Properties met by S/MIME
 Message confidentiality via encryption
 Message integrity via digital signature
 Message origin authentication via digital signature
 Non-repudiation of origin via digital signature

28. Security property not met by S/MIME
 Non-repudiation of receipt
 S/MIME does not protect the sender of information against the denial of the
receiver, who may say the sender never sent the information, or that he/she did
not send it on time.
 Lack of this property prevents professional use of email.

29. Addition of NRR with Fairness in S/Mime
 Sender sends encrypted message and encryption key for message derived
from message.
 some function of hash of message for e.g.)
 encrypted by public key of receiver.
 TTP calculates hash of this and sends it to receiver.
 Receiver signs this hash and sends back to TTP.
 Now TTP sends signed hash back to sender encrypted by sender’s public
key (which he can verify) and also sends message to receiver.

30. Conclusion and our Thought
 Certified e-mail, also known as authenticated e-mail or stamped e-mail, is a
system in which senders of commercial e-mail messages pay a small fee to
ensure that their messages will bypass spam filter s to reach intended
recipients.
 Both America Online ( AOL ) and Yahoo have announced certified e-mail
plans based on a technology developed by Goodmail Systems.
 For a fee of approximately 1/4 of a cent (USD $0.0025) per e-mail, or USD
$2.00 to $3.00 for every 1000 messages sent, advertisers can post e-mail
messages that defeat most spam filters commonly used at the server level
by Internet service providers ( ISP s).

31. References
 Josep Lluis Ferrer-Gomilla a , Jose A. Onieva b , Magdalena Payeras a ,
Javier Lopez b, * : Certified electronic mail: Properties revisited Computers &
Security Volume 29, Issue 2, March 2010, Pages 167–179
 Secure Multi-Party Non-Repudiation Protocols and Applications, José A.
Onieva, University of Malaga Spain, Javier Lopez ,University of Malaga
,Spain, Jianying Zhou, Institute for Infocomm Research, Singapore Ch – 2
Fundamentals of Non-Repudiation Pages 17-34
 Selective Receipt in Certified E-Mail, Steve Kremer and Olivier Markowitch
fskremer,omarkowg@ulb.ac.be, 2001 (http://www.ulb.ac.be/di/scsi/markowitch/publications/ic01.pdf)
 Oppliger R. Certified mail: the next challenge for secure messaging. ACM
Press. Communications of the ACM 2004;47: 75–9

32. References
 Extending a Key-Chain Based Certified Email Protocol with Transparent TTP
Zhiyuan Liu, Jun Pang, Chenyi Zhang, Conference: Embedded and
Ubiquitous Computing - EUC , pp. 630-636, 2010, DOI: 10.1109/EUC.2010.101
 Understanding S/MIME (http://technet.microsoft.com/en-us/library/aa995740(v=exchg.65).aspx)
 Prof. Manik Lal Das Slides (L11 - E-Mail Security.pdf)
 Certified e-mail (authenticated e-mail or stamped e-mail)
(http://whatis.techtarget.com/definition/certified-e-mail-authenticated-e-mail-or-stamped-e-mail)