Indian Journal of Computer Science

Open Access Open Access  Restricted Access Subscription Access

Viable Email Attacks and a Simple End-to-End Security Solution


Affiliations
1 Assistant Professor, Division of Management and Education, University of Pittsburgh at Bradford,300 Campus Dr. Bradford PA, 16701, United States

   Subscribe/Renew Journal


Many attacks, scams, and malware threats are based on or spread through emails nowadays. Although people have been fighting against them with technical and legal measures for many years, the situation has not improved. It seems to be getting worse and worse. We attribute this to lack of end-to-end security measures for emails in current internet infrastructure. Most past security solutions provide either in-domain authentication, or domain-to-domain authentication. Available end-to-end solutions are based on public key cryptography and have many limitations. In this paper, we propose a simple end-to-end solution for email security. It is based on the idea of trust chain from sender to receiver, which spans multiple domains and organizations without the requirement of a uniform platform. On the client-end, it is transparent to the user without requirement of any user operation. The solution provides end-to-end authentication and integrity for its users, which is hard to achieve or use in existing works.

Keywords

Attack, Email, Security, Signature, Verification

No Classification

Manuscript received May 25, 2018; revised June 15, 2018; accepted June 16, 2018. Date of publication July 6, 2018.

User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 172

PDF Views: 0




  • Viable Email Attacks and a Simple End-to-End Security Solution

Abstract Views: 172  |  PDF Views: 0

Authors

Shushan Zhao
Assistant Professor, Division of Management and Education, University of Pittsburgh at Bradford,300 Campus Dr. Bradford PA, 16701, United States

Abstract


Many attacks, scams, and malware threats are based on or spread through emails nowadays. Although people have been fighting against them with technical and legal measures for many years, the situation has not improved. It seems to be getting worse and worse. We attribute this to lack of end-to-end security measures for emails in current internet infrastructure. Most past security solutions provide either in-domain authentication, or domain-to-domain authentication. Available end-to-end solutions are based on public key cryptography and have many limitations. In this paper, we propose a simple end-to-end solution for email security. It is based on the idea of trust chain from sender to receiver, which spans multiple domains and organizations without the requirement of a uniform platform. On the client-end, it is transparent to the user without requirement of any user operation. The solution provides end-to-end authentication and integrity for its users, which is hard to achieve or use in existing works.

Keywords


Attack, Email, Security, Signature, Verification

No Classification

Manuscript received May 25, 2018; revised June 15, 2018; accepted June 16, 2018. Date of publication July 6, 2018.




DOI: https://doi.org/10.17010/ijcs%2F2018%2Fv3%2Fi4%2F131647