Journal of University of Anbar for Pure Science

Current Issue

By Issue

By Author

By Subject

Author Index

Keyword Index

About Journal

Editorial Board

Editorial Staff

Publication Ethics

Peer Review Process

Journal Metrics

Indexing and Abstracting

Related Links

FAQ

News

Use of DOI

Digital Archiving

Journal Funding Sources

Plagiarism

Appeals and complaints

Authorship

Allegations of Misconduct

Copy Right Policies

Self Archiving Policy

Creative Commons License

Open Access Policy

SECURE E-MAIL SYSTEM USING S/MIME AND IB-PKC

Document Type : Review Paper

Authors

1 COLLEGE OF ENGINEERING .UNIVERSITY OF BAGHDAD

2 COLLEGE OF COMPUTERS, UNIVERSITY OF ANBAR

Abstract

Although e-mail security solutions have been introduced for more than two decades, most of the e-mail messages are sent nowadays without being secured by any of these techniques. This is due to the complexity of using these secure e-mail systems and protocols. The complexity mainly arises from the difficulty associated with managing certificates and public keys. The main objective of this study was to find a solution that can make secure e-mail systems easier to use while maintaining the same level of security. This paper proposes a secure e-mail system that is based on the S/MIME standard where the public key and signature algorithms have been replaced by their Identity-Based Cryptography analogue algorithms. Using Identity-Based Cryptography has eliminated the need for digital certificates, and provided a solution to the usability problem present in the existing secure e-mail systems. Users can determine the public key of the recipient without having to contact any trusted third party, and can start encrypting or verifying messages as long as they have the public system parameters that can be publicly available. Users need to contact the Private Key Generator (PKG) only once in order to retrieve their private key before being able to decrypt or sign messages.

Keywords

Main Subjects

References
Linn, J. (1987). Privacy Enhancement for Internet Electronic Mail, Part I: Message Encipherment and Authentication Procedures. Internet Engineering Task Force (IETF), RFC 989.
Atkins, D., Stallings, W. and Zimmermann, P. (1996). PGP Message Exchange Formats. Internet Engineering Task Force (IETF), RFC 1991.
Dusse, S., Hoffman, P., Ramsdell, B., Lundblade, L. and Repka, L. (1998). S/MIME Version 2 Message Specification. Internet Engineering Task Force (IETF), RFC 2311.
Whitten, A. and Tygar, J. (1999). Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. The 8th USENIX Security Symposium, pp. 169 – 184.
Garfinkel, S. (2005). Creating Systems that are Simultaneously Usable and Secure. PhD Thesis, The Massachusetts Institute of Technology (MIT).
Linn, J., and Branchaud, M. (2004). An Examination of Asserted PKI Issues and Proposed Alternatives. In Proceedings of the 3rd Annual PKI R&D Workshop, pp. 34-47.
Whitten, A. and Tygar, J. (2003). Safe staging for computer security. In Proceedings of the 2003 Workshop on Human-Computer Interaction and Security Systems. "http://www.andrewpatrick.ca/CHI2003/HCISEC/".
Garfinkel, S. (2003). Enabling e-mail Confidentiality through the use of Opportunistic Encryption. In The 2003 National Conference on Digital Government Research, National Science Foundation, pp. 173-176.
Baldwin, M. (2002). Identity Based Encryption from the Tate Pairing to Secure E-mail Communications. Master of Engineering Thesis, University of Bristol.
Ding, X. and Tsudic, G. (2003). Simple Identity- Based Cryptography with Mediated RSA. Cryptographer's Track RSA Conference.
Adida, B., Chau, D., Hohenberger, S. and Rivest, R. (2005). Lightweight Signatures for Email. A preliminary version presented in the DIMACS Workshop on Theft in E-Commerce.
Adida, B., Chau, D., Hohenberger, S. and Rivest, R. (2006). Lightweight Email Signatures. Available at:
"http://theory.lcs.mit.edu/~rivest/publications.html".
Adida, B., Hohenberger, S. and Rivest, R. (2005). Lightweight Encryption for Email. In Proceedings of Usenix's Symposium on Reducing Unwanted Traffic on the Internet, pp. 93-99.
Shamir, A. (1984). Identity-Based Cryptosystems and Signature Schemes. Proceedings of Crypto ’84, pp. 47-53.
Boneh, D. and Franklin, M. (2001). Identity Based Encryption from the Weil Pairing. Proceedings of Crypto 2001, Lecture Notes in Computer Science (LNCS) 2139, pp 213 - 229, Springer-Verlag.
Cha, J. and Cheon, J. (2003). An Identity-Based Signature from Gap Diffie-Hellman Groups. Practice and Theory in Public Key Cryptography-PKC 2003. Also Cryptology ePrint Archive 2002/018.
Garfinkel, S. (2003). Email-based identification and authentication: An alternative to PKI?. Security & Privacy Magazine, 1:20–26, Nov. - Dec.
Ramsdell, B. (2004). Secure/Multipurpose Internet Message Extensions  Version 3.1 Message Specification. Internet Engineering Task Force (IETF), RFC 3851.
Housley, R. (2004). Cryptographic Message Syntax (CMS). Internet Engineering Task Force (IETF), RFC 3852.
SFL, S/MIME Freeware Library, "http://www.digitalnetgov.com/hot/ sfl_home.htm".
MIRACL, Multiprecision Integer and Rational Arithmetic C/C++ Library, "http://indigo.ie/~mscott/".
Journal of University of Anbar for Pure Science
Volume 1, Issue 3
December 2007
Page 122-135
Files
History
  • Receive Date: 02 February 2007
  • Revise Date: 05 August 2007
  • Accept Date: 07 August 2007
Share
Export Citation
Statistics