Improving email trustworthiness through social-group key authentication

Vivek Pathak, Liviu Iftode, Danfeng Yao

Research output: Contribution to conferencePaperpeer-review

1 Scopus citations

Abstract

The increasing use of email for phishing and unsolicited marketing has reduced the trustworthiness of email as a communication medium. Sender authentication is a known defense against these attacks. Existing proposals for sender authentication either require infrastructural support or break compatibility with existing email infrastructure. We propose, implement, and evaluate social-group key authentication, an incrementally deployable and backward compatible sender authentication mechanism for email. Our solution requires honest majority instead of trust infrastructure or human input for correctness. In accordance with the end-to-end principle, authentication is implemented at the mail client by executing our previously proposed Byzantine fault tolerant public key authentication protocol [11] as an overlay on top of the mail transport protocol. We evaluated the authentication overhead by instrumenting our Thunderbird authentication plugin with synthetic data and found a user visible latency increase of about 200ms. Real life usability of the authentication mechanism is investigated with two anonymized email traces. Our results show that about 40% of the peers can be authenticated over the 92 day trace period without adding any new messages to the email network. Adding a small fraction of extra email messages permits more than 90% of the peers to be authenticated within a week.

Original languageEnglish (US)
StatePublished - 2008
Event5th Conference on Email and Anti-Spam, CEAS 2008 - Mountain View, CA, United States
Duration: Aug 21 2008Aug 22 2008

Other

Other5th Conference on Email and Anti-Spam, CEAS 2008
CountryUnited States
CityMountain View, CA
Period8/21/088/22/08

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint Dive into the research topics of 'Improving email trustworthiness through social-group key authentication'. Together they form a unique fingerprint.

Cite this