Abstract
As a value-added service for standard e-mail systems, a certified e-mail scheme allows a sender to deliver a message to a receiver in a fair way in the sense that either the sender obtains a receipt from the receiver and the receiver accesses the content of the e-mail simultaneously, or neither party gets the expected item. In 2000, Ferrer-Gomila et al. [11] proposed a novel certified e-mail protocol. Their scheme is both efficient and optimistic, since it has only three steps and a trusted third party is not involved in normal cases. Later, Monteiro and Dahab [16] identified an attack on Ferrer-Gomila et al.’s scheme, and further presented a modified scheme. In this paper, we show that their improvement is still insecure by successfully identifying several weaknesses and security flaws. Our attacks also apply to Ferrer-Gomila et al.’s original scheme.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abadi, M., Glew, N., Horne, B., Pinkas, B.: Certified email with a light on-line trusted third party: Design and implementation. In: Proc. of 2002 International World Wide Web Conference (WWW 2002), pp. 387–395. ACM Press, New York (2002)
Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for fair exchange. In: Proc. of AMC Conference on Computer and Communications Security (CCS 1997), pp. 7–17. ACM Press, New York (1997)
Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in Communications 18(4), 591–606 (2000)
Ateniese, G., de Medeiros, B., Goodrich, M.T.: TRICERT: A distributed certified E-mail scheme. In: Proc. of Symposium on Network and Distributed Systems Security (NDSS 2001). Internet Society, San Diego (2001)
Ateniese, G., Nita-Rotaru, C.: Stateless-receipient certified E-mail system based on verifiable encryption. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 182–199. Springer, Heidelberg (2002)
Bao, F., Wang, G., Zhou, J., Zhu, H.: Analysis and improvement of Micali’s fair contract signing protocol. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 176–187. Springer, Heidelberg (2004)
Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.L.: A fair protocol for signing contracts. IEEE Transactions on Information Theory 36(1), 40–46 (1990)
Boyd, C., Kearney, P.: Exploring fair exchange protocols using specification animation. In: Okamoto, E., Pieprzyk, J.P., Seberry, J. (eds.) ISW 2000. LNCS, vol. 1975, pp. 209–223. Springer, Heidelberg (2000)
Damgård, I.B.: Practical and provably secure release of a secret and exchange of signatures. Journal of Cryptology 8(4), 201–222 (1995)
Deng, R., Gong, L., Lazar, A., Wang, W.: Practical protocol for certified electronic mail. Journal of Network and Systems Management 4(3), 279–297 (1996)
Ferrer-Gomila, J.L., Payeras-Capella, M., Huguet-Rotger, L.: An efficient protocol for certified elctronic mail. In: Okamoto, E., Pieprzyk, J.P., Seberry, J. (eds.) ISW 2000. LNCS, vol. 1975, pp. 237–248. Springer, Heidelberg (2000)
Imamoto, K., Sakurai, K.: A cerified e-mail system with reciever’s selctive usage of delivery authortiy. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 326–338. Springer, Heidelberg (2002)
Kremer, S., Markowitch, O.: Selective receipt in cerified e-mail. In: Pandu Rangan, C., Ding, C. (eds.) INDOCRYPT 2001. LNCS, vol. 2247, pp. 136–148. Springer, Heidelberg (2001)
Kremer, S., Markowitch, O., Zhou, J.: An intensive survey of fair non-repudiation protocols. Computer Communications 25(17), 1606–1621 (2002)
Gurgens, S., Rudolph, C., Vogt, H.: On the security of fair non-repudiation protocols. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 193–207. Springer, Heidelberg (2003)
Monteiro, J.R.M., Dahab, R.: An attack on a protocol for certified delivery. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 428–436. Springer, Heidelberg (2002)
Micali, S.: Simple and fast optimistic protocols for fair electronic exchange. In: Proc. of 22th Annual ACM Symp. on Principles of Distributed Computing (PODC 2003), pp. 12–19. ACM Press, New York (2003)
Onieva, J.A., Zhou, J., Lopez, J.: Enhancing certied email service for timeliness and multicasting. In: Proc. of 4th International Network Conference (INC 2004), Plymouth, UK, July 2004, pp. 327–336 (2004)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Zhou, J., Gollmann, D.: Certified electronic mail. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 160–171. Springer, Heidelberg (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, G., Bao, F., Zhou, J. (2004). On the Security of a Certified E-Mail Scheme. In: Canteaut, A., Viswanathan, K. (eds) Progress in Cryptology - INDOCRYPT 2004. INDOCRYPT 2004. Lecture Notes in Computer Science, vol 3348. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30556-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-30556-9_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24130-0
Online ISBN: 978-3-540-30556-9
eBook Packages: Computer ScienceComputer Science (R0)