Accredited DomainKeys: A Service Architecture for Improved Email Validation Accredited DomainKeys: A Service Architecture for Improved Email Validation.

Slides:



Advertisements
Similar presentations
What is. Digital Certificate It is an identity.
Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Notarized Federated Identity Management for Web Services Michael T. Goodrich Roberto Tamassia Danfeng Yao Brown University University of California, Irvine.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Management and X.509 Certificates
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
Lecture 23 Internet Authentication Applications
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.
© UPU 2014 – All rights reserved Mitigating online risk for postal e-services.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.
Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.
Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
COEN 351 Non-Repudiation. A non-repudiation service provides assurance of the origin or delivery of data in order to protect the sender against false.
DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.
DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.
Electronic mail – protocol evolution. standards.
03/09/05Oregon State University X-Sig: An Signing Extension for the Simple Mail Transport Protocol (SMTP) Robert Rose 03/09/05.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Wireless and Security CSCI 5857: Encoding and Encryption.
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
Masud Hasan Secue VS Hushmail Project 2.
IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
A Trust Overlay for Operations: DKIM and Beyond Dave Crocker Brandenburg Internet Working bbiw.net Apricot / Perth 2006 Dave Crocker Brandenburg.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Message Authentication Signature Standards (MASS) BOF Jim Fenton Nathaniel Borenstein.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.
Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.
Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
COEN 351 Non-Repudiation. A non-repudiation service provides assurance of the origin or delivery of data in order to protect the sender against false.
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Decentralized authorization and data security in web content delivery * Danfeng Yao (Brown University, USA) Yunhua Koglin (Purdue University, USA) Elisa.
Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.
Using Public Key Cryptography Key management and public key infrastructures.
By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.
X-ASVP Technical Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 22, 2007.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
Network Applications: DNS Y. Richard Yang 2/1/2016.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Unit 3 Section 6.4: Internet Security
Unit 3 Section 6.4: Internet Security
Public Key Infrastructure
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Chapter -8 Digital Signatures
Presentation transcript:

Accredited DomainKeys: A Service Architecture for Improved Validation Accredited DomainKeys: A Service Architecture for Improved Validation Michael GoodrichRoberto Tamassia Danfeng Yao UC Irvine Brown University Work principally supported by IAM Registry Additional funding from NSF

Overview DomainKeys signs DomainKeys signs outgoing messages using public-key cryptography (Delany 04) – –Did the sender actually send this ? Accredited DomainKeys provides assurance of sender’s public key and evidence of sender domain’s trustworthiness – –Is the sender of this trustworthy? Two approaches of implementing Accredited DomainKeys are presented

Send and Receive in DomainKeys Example.net Name Server Example.net MTA Yahoo.com MTA Sign mail Private key Public key Query for public key Verify signature DomainKey-Signature: a=rsa-sha1; s=mail; d=example.net; c=simple; q=dns; b=Fg…5J Out-going message Authentication-Results: example.net domainkeys=pass; In-coming message Send signed

Accredited DomainKeys Architecture Aims at establishing trust in the sender domain –Scalability, efficiency, and usability Extends DomainKeys framework –Applicable also to Identified Internet Mail (Fenton, Thomas) Introduces a trusted third-party: accreditation bureau –Accreditation bureau generates and updates accreditation seals for registered domains –The accreditation seal is the proof of membership –Time quantum of seal updates depends on applications

Send in Accredited DomainKeys Example.net Name Server Example.net MTA Bob Write mail Private key Public key Register public key Accreditation Bureau Update seal at each time quantum Accredited-DomainKeys: v=seal DomainKey-Signature: a=rsa-sha1; s=mail; d=example.net; c=simple; q=dns; b=Fg…5J Yahoo.com MTA Send signed Sign

Receive in Accredited DomainKeys Yahoo.com MTA Query for public key Verify signature Query for accreditation seal Verify seal Accreditation Bureau Example.net Name Server Update accreditation seal at each time quantum Alice from Yahoo.com Receive mail Authentication-Results: example.net domainkeys=pass; accreditation=pass

Seal realization: simple signature The seal is a signature signed by the bureau on the public key of a domain The seal is refreshed at each time quantum The seal is verified against the public key of the accreditation bureau Example.net Name Server Accreditation Bureau Update accreditation seal at each time quantum

Seal realization: STMS The Secure Transaction Management System [Goodrich, Tamassia et al.] implements an authenticated dictionary Source Responder A Responder B DS t Basis (signed) Updates User Query Response Answer Proof Basis (signed) t

Seal realization: STMS (cont’d) Example.net Name Server (STMS Responder) Accreditation Bureau (STMS Source) Update proof and basis at each time quantum Yahoo.com MTA (STMS User) Query for accreditation seal (proof-basis pair) Verify signature of basis Verify proof of domain Obtain the bureau’s public-key Receive mail

Seal Realizations: Efficiency Operation Simple Signature STMS Accreditation Bureau Update seals of M domains Update seals of M domains N signatures 1 signature 1.5 M log N hashes Receiver MTA Verify seals of D domains Verify seals of D domains D signature verifications 1 signature verification 1.5 D log N hashes Sender Name Server Provide seal Provide seal 1 signature transmitted 1.5 log N hashes transmitted N: Number of domains registered with the accreditation bureau

Summary and Future Work Summary –Accredited DK provides –Accredited DK provides assurance of sender’s public key and evidence of sender domain’s trustworthiness –Extension of DK framework –Accreditation seals issued by accreditation bureau and stored in domain name server –STMS approach is more scalable than simple signature approach –Website: Current and Future Work –Performance tests –Accredited DKIM

Related Work SPF (Sender ID Framework (Microsoft) SPF (Lentczner, Wong) and Sender ID Framework (Microsoft) DomainKeys (Delany) Identified Internet Mail (Fenton, Thomas) Flexible Sender Validation (Levine) Sender Authorization with RMX DNS RR (Danisch) Reverse DNS Marking () Reverse DNS Marking (Stumpf, Hoehne) Project Lumos ( Service Provider Coalition) Authenticated data structures (Goodrich, Tamassia et al.)

Acknowledgements David Croston and IAM Registry, Inc David Ellis, John Nuber Eric Allman, Jon Callas, Mark Delany, and Jim Fenton National Science Foundation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.