Lightweight Email Signatures (Extended Abstract)
We present Lightweight Email Signatures (LES), a simple cryptographic architecture for authenticating email. LES is an extension of DKIM, the recent IETF effort to standardize domain-based email signatures. LES shares DKIM’s ease of deployment: they both use the DNS to distribute a single public key...
Main Authors: | , , , |
---|---|
Other Authors: | |
Format: | Article |
Language: | en_US |
Published: |
Springer Berlin Heidelberg
2014
|
Online Access: | http://hdl.handle.net/1721.1/87551 https://orcid.org/0000-0002-7105-3690 |
_version_ | 1811092214269345792 |
---|---|
author | Adida, Ben Chau, David Hohenberger, Susan Rivest, Ronald L. |
author2 | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory |
author_facet | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Adida, Ben Chau, David Hohenberger, Susan Rivest, Ronald L. |
author_sort | Adida, Ben |
collection | MIT |
description | We present Lightweight Email Signatures (LES), a simple cryptographic architecture for authenticating email. LES is an extension of DKIM, the recent IETF effort to standardize domain-based email signatures. LES shares DKIM’s ease of deployment: they both use the DNS to distribute a single public key for each domain. Importantly, LES supports common uses of email that DKIM jeopardizes: multiple email personalities, firewalled ISPs, incoming-only email forwarding services, and other common uses that often require sending email via a third-party SMTP server. In addition, LES does not require DKIM’s implied intra-domain mechanism for authenticating users when they send email.
LES provides these features using identity-based signatures. Each domain authority generates a master keypair, publishes the public component in the DNS, and stores the private component securely. Using this private component, the authority delivers to each of its users, via email, an individual secret key whose identity string corresponds to the user’s email address. A sender then signs messages using this individual secret key. A recipient verifies such a signature by querying the appropriate master public key from the DNS, computing the sender’s public key, and verifying the signature accordingly. As an added bonus, the widespread availability of user-level public keys enables deniable authentication, such as ring signatures. Thus, LES provides email authentication with optional repudiability.
We built a LES prototype to determine its practicality. Basic user tests show that the system is relatively easy to use, and that cryptographic performance, even when using deniable authentication, is well within acceptable range. |
first_indexed | 2024-09-23T15:14:53Z |
format | Article |
id | mit-1721.1/87551 |
institution | Massachusetts Institute of Technology |
language | en_US |
last_indexed | 2024-09-23T15:14:53Z |
publishDate | 2014 |
publisher | Springer Berlin Heidelberg |
record_format | dspace |
spelling | mit-1721.1/875512022-09-29T13:35:49Z Lightweight Email Signatures (Extended Abstract) Adida, Ben Chau, David Hohenberger, Susan Rivest, Ronald L. Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Adida, Ben Chau, David Rivest, Ronald L. We present Lightweight Email Signatures (LES), a simple cryptographic architecture for authenticating email. LES is an extension of DKIM, the recent IETF effort to standardize domain-based email signatures. LES shares DKIM’s ease of deployment: they both use the DNS to distribute a single public key for each domain. Importantly, LES supports common uses of email that DKIM jeopardizes: multiple email personalities, firewalled ISPs, incoming-only email forwarding services, and other common uses that often require sending email via a third-party SMTP server. In addition, LES does not require DKIM’s implied intra-domain mechanism for authenticating users when they send email. LES provides these features using identity-based signatures. Each domain authority generates a master keypair, publishes the public component in the DNS, and stores the private component securely. Using this private component, the authority delivers to each of its users, via email, an individual secret key whose identity string corresponds to the user’s email address. A sender then signs messages using this individual secret key. A recipient verifies such a signature by querying the appropriate master public key from the DNS, computing the sender’s public key, and verifying the signature accordingly. As an added bonus, the widespread availability of user-level public keys enables deniable authentication, such as ring signatures. Thus, LES provides email authentication with optional repudiability. We built a LES prototype to determine its practicality. Basic user tests show that the system is relatively easy to use, and that cryptographic performance, even when using deniable authentication, is well within acceptable range. American Society for Engineering Education. National Defense Science and Engineering Graduate Fellowship 2014-05-28T14:36:29Z 2014-05-28T14:36:29Z 2006 Article http://purl.org/eprint/type/ConferencePaper 978-3-540-38081-8 978-3-540-38080-1 0302-9743 http://hdl.handle.net/1721.1/87551 Adida, Ben, David Chau, Susan Hohenberger, and Ronald L. Rivest. "Lightweight Email Signatures (Extended Abstract)." R. De Prisco and M. Yung (Eds.). Security and Cryptography for Networks: 5th International Conference, SCN 2006, Maiori, Italy, September 6-8, 2006. Proceedings. (Lecture Notes in Computer Science ; Volume 4116), 2006, pp 288-302. © Springer 2006. https://orcid.org/0000-0002-7105-3690 en_US http://dx.doi.org/10.1007/11832072_20 Security and Cryptography for Networks Article is made available in accordance with the publisher's policy and may be subject to US copyright law. Please refer to the publisher's site for terms of use. application/pdf Springer Berlin Heidelberg Springer |
spellingShingle | Adida, Ben Chau, David Hohenberger, Susan Rivest, Ronald L. Lightweight Email Signatures (Extended Abstract) |
title | Lightweight Email Signatures (Extended Abstract) |
title_full | Lightweight Email Signatures (Extended Abstract) |
title_fullStr | Lightweight Email Signatures (Extended Abstract) |
title_full_unstemmed | Lightweight Email Signatures (Extended Abstract) |
title_short | Lightweight Email Signatures (Extended Abstract) |
title_sort | lightweight email signatures extended abstract |
url | http://hdl.handle.net/1721.1/87551 https://orcid.org/0000-0002-7105-3690 |
work_keys_str_mv | AT adidaben lightweightemailsignaturesextendedabstract AT chaudavid lightweightemailsignaturesextendedabstract AT hohenbergersusan lightweightemailsignaturesextendedabstract AT rivestronaldl lightweightemailsignaturesextendedabstract |