Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accredited DomainKeys: A Service Architecture for Improved Email Validation Accredited DomainKeys: A Service Architecture for Improved Email Validation.

Published byElizabeth Grant Modified over 8 years ago

Similar presentations

Presentation on theme: "Accredited DomainKeys: A Service Architecture for Improved Email Validation Accredited DomainKeys: A Service Architecture for Improved Email Validation."— Presentation transcript:

1 Accredited DomainKeys: A Service Architecture for Improved Email Validation Accredited DomainKeys: A Service Architecture for Improved Email Validation Michael GoodrichRoberto Tamassia Danfeng Yao UC Irvine Brown University Work principally supported by IAM Registry Additional funding from NSF

2 Overview DomainKeys signs DomainKeys signs outgoing messages using public-key cryptography (Delany 04) – –Did the sender actually send this email? Accredited DomainKeys provides assurance of sender’s public key and evidence of sender domain’s trustworthiness – –Is the sender of this email trustworthy? Two approaches of implementing Accredited DomainKeys are presented

3 Send and Receive in DomainKeys Example.net Name Server Example.net MTA Yahoo.com MTA Sign mail Private key Public key Query for public key Verify signature DomainKey-Signature: a=rsa-sha1; s=mail; d=example.net; c=simple; q=dns; b=Fg…5J Out-going message Authentication-Results: example.net from=bob@example.net; domainkeys=pass; In-coming message Send signed email

4 Accredited DomainKeys Architecture Aims at establishing trust in the sender domain –Scalability, efficiency, and usability Extends DomainKeys framework –Applicable also to Identified Internet Mail (Fenton, Thomas) Introduces a trusted third-party: accreditation bureau –Accreditation bureau generates and updates accreditation seals for registered domains –The accreditation seal is the proof of membership –Time quantum of seal updates depends on applications

5 Send in Accredited DomainKeys Example.net Name Server Example.net MTA Bob Write mail Private key Public key Register public key Accreditation Bureau Update seal at each time quantum Accredited-DomainKeys: v=seal DomainKey-Signature: a=rsa-sha1; s=mail; d=example.net; c=simple; q=dns; b=Fg…5J Yahoo.com MTA Send signed email Sign email

6 Receive in Accredited DomainKeys Yahoo.com MTA Query for public key Verify signature Query for accreditation seal Verify seal Accreditation Bureau Example.net Name Server Update accreditation seal at each time quantum Alice from Yahoo.com Receive mail Authentication-Results: example.net from=bob@example.net; domainkeys=pass; accreditation=pass

7 Seal realization: simple signature The seal is a signature signed by the bureau on the public key of a domain The seal is refreshed at each time quantum The seal is verified against the public key of the accreditation bureau Example.net Name Server Accreditation Bureau Update accreditation seal at each time quantum

8 Seal realization: STMS The Secure Transaction Management System [Goodrich, Tamassia et al.] implements an authenticated dictionary Source Responder A Responder B DS t Basis (signed) Updates User Query Response Answer Proof Basis (signed) t

9 Seal realization: STMS (cont’d) Example.net Name Server (STMS Responder) Accreditation Bureau (STMS Source) Update proof and basis at each time quantum Yahoo.com MTA (STMS User) Query for accreditation seal (proof-basis pair) Verify signature of basis Verify proof of domain Obtain the bureau’s public-key Receive mail

10 Seal Realizations: Efficiency Operation Simple Signature STMS Accreditation Bureau Update seals of M domains Update seals of M domains N signatures 1 signature 1.5 M log N hashes Receiver MTA Verify seals of D domains Verify seals of D domains D signature verifications 1 signature verification 1.5 D log N hashes Sender Name Server Provide seal Provide seal 1 signature transmitted 1.5 log N hashes transmitted N: Number of domains registered with the accreditation bureau

11 Summary and Future Work Summary –Accredited DK provides –Accredited DK provides assurance of sender’s public key and evidence of sender domain’s trustworthiness –Extension of DK framework –Accreditation seals issued by accreditation bureau and stored in domain name server –STMS approach is more scalable than simple signature approach –Website: http://www.accrediteddomainkeys.net Current and Future Work –Performance tests –Accredited DKIM

12 Related Work SPF (Sender ID Framework (Microsoft) SPF (Lentczner, Wong) and Sender ID Framework (Microsoft) DomainKeys (Delany) Identified Internet Mail (Fenton, Thomas) Flexible Sender Validation (Levine) Sender Authorization with RMX DNS RR (Danisch) Reverse DNS Marking () Reverse DNS Marking (Stumpf, Hoehne) Project Lumos (Email Service Provider Coalition) Authenticated data structures (Goodrich, Tamassia et al.)

13 Acknowledgements David Croston and IAM Registry, Inc David Ellis, John Nuber Eric Allman, Jon Callas, Mark Delany, and Jim Fenton National Science Foundation

Download ppt "Accredited DomainKeys: A Service Architecture for Improved Email Validation Accredited DomainKeys: A Service Architecture for Improved Email Validation."

Similar presentations

What is. Digital Certificate It is an identity.

What is. Digital Certificate It is an identity.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Notarized Federated Identity Management for Web Services Michael T. Goodrich Roberto Tamassia Danfeng Yao Brown University University of California, Irvine.

Notarized Federated Identity Management for Web Services Michael T. Goodrich Roberto Tamassia Danfeng Yao Brown University University of California, Irvine.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
DNSSEC & Email Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.
© UPU 2014 – All rights reserved Mitigating online risk for postal e-services.

© UPU 2014 – All rights reserved Mitigating online risk for postal e-services.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.

DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.
Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.

Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Lecture 12 e-mail Security. Summary  PEM  secure email  PGP  S/MIME.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.

Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Similar presentations

Ads by Google