Accredited domainkeys a service architecture for improved email validation
This presentation is the property of its rightful owner.
Sponsored Links
1 / 13

Accredited DomainKeys: A Service Architecture for Improved Email Validation PowerPoint PPT Presentation


  • 92 Views
  • Uploaded on
  • Presentation posted in: General

Accredited DomainKeys: A Service Architecture for Improved Email Validation. Michael GoodrichRoberto Tamassia Danfeng Yao UC Irvine Brown University Work principally supported by IAM Registry Additional funding from NSF. Overview.

Download Presentation

Accredited DomainKeys: A Service Architecture for Improved Email Validation

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Accredited domainkeys a service architecture for improved email validation

Accredited DomainKeys: A Service Architecture for Improved Email Validation

Michael GoodrichRoberto Tamassia Danfeng Yao

UC Irvine Brown University

Work principally supported by IAM Registry

Additional funding from NSF


Overview

Overview

  • DomainKeys signs outgoing messages using public-key cryptography (Delany 04)

    • Did the sender actually send this email?

  • Accredited DomainKeys provides assurance of sender’s public key and evidence of sender domain’s trustworthiness

    • Is the sender of this email trustworthy?

  • Two approaches of implementing Accredited DomainKeys are presented


Send and receive in domainkeys

Query for public key

Example.net Name Server

Yahoo.com MTA

Send signed email

Authentication-Results: example.net [email protected]; domainkeys=pass;

In-coming message

DomainKey-Signature: a=rsa-sha1; s=mail; d=example.net; c=simple; q=dns; b=Fg…5J

Out-going message

Send and Receive in DomainKeys

Public key

Verify

signature

Private key

Sign mail

Example.net MTA


Accredited domainkeys architecture

Accredited DomainKeys Architecture

  • Aims at establishing trust in the sender domain

    • Scalability, efficiency, and usability

  • Extends DomainKeys framework

    • Applicable also to Identified Internet Mail (Fenton, Thomas)

  • Introduces a trusted third-party: accreditation bureau

    • Accreditation bureau generates and updates accreditation seals for registered domains

    • The accreditation seal is the proof of membership

    • Time quantum of seal updates depends on applications


Send in accredited domainkeys

Update seal at

each time quantum

Register public key

Yahoo.com MTA

Send signed email

Example.net MTA

Accreditation Bureau

Accredited-DomainKeys: v=seal

DomainKey-Signature: a=rsa-sha1; s=mail; d=example.net; c=simple; q=dns; b=Fg…5J

Write mail

Bob

Send in Accredited DomainKeys

Public key

Example.net Name Server

Private key

Sign email


Receive in accredited domainkeys

Example.net Name Server

Query for public key

Query for accreditation seal

Yahoo.com MTA

Update accreditation seal

at each time quantum

Receive mail

Authentication-Results: example.net [email protected]; domainkeys=pass; accreditation=pass

Accreditation Bureau

Alice from Yahoo.com

Receive in Accredited DomainKeys

Verify signature

Verify seal


Seal realization simple signature

Seal realization: simple signature

Example.net Name Server

  • The seal is a signature signed by the bureau on the public key of a domain

  • The seal is refreshed at each time quantum

  • The seal is verified against the public key of the accreditation bureau

Update accreditation seal

at each time quantum

Accreditation Bureau


Seal realization stms

Query

Response

Seal realization: STMS

  • The Secure Transaction Management System [Goodrich, Tamassia et al.] implements an authenticated dictionary

Basis (signed)

Updates

t

Responder A

User

t

DS

Source

Answer

Proof

Basis (signed)

Responder B

DS

DS


Seal realization stms cont d

Example.net Name Server

(STMS Responder)

Yahoo.com MTA

(STMS User)

Receive mail

Accreditation Bureau

(STMS Source)

Seal realization: STMS (cont’d)

Query for accreditation seal (proof-basis pair)

Verify signature of basis

Verify proof of domain

Update proof and basis at each time quantum

Obtain the bureau’s public-key


Seal realizations efficiency

Seal Realizations: Efficiency

N: Number of domains registered with the accreditation bureau


Summary and future work

Summary and Future Work

  • Summary

    • Accredited DK provides assurance of sender’s public key and evidence of sender domain’s trustworthiness

    • Extension of DK framework

    • Accreditation seals issued by accreditation bureau and stored in domain name server

    • STMS approach is more scalable than simple signature approach

    • Website:http://www.accrediteddomainkeys.net

  • Current and Future Work

    • Performance tests

    • Accredited DKIM


Related work

Related Work

  • SPF (Lentczner, Wong) and Sender ID Framework (Microsoft)

  • DomainKeys (Delany)

  • Identified Internet Mail (Fenton, Thomas)

  • Flexible Sender Validation (Levine)

  • Sender Authorization with RMX DNS RR (Danisch)

  • Reverse DNS Marking (Stumpf, Hoehne)

  • Project Lumos (Email Service Provider Coalition)

  • Authenticated data structures (Goodrich, Tamassia et al.)


Acknowledgements

Acknowledgements

  • David Croston and IAM Registry, Inc

  • David Ellis, John Nuber

  • Eric Allman, Jon Callas, Mark Delany, and Jim Fenton

  • National Science Foundation


  • Login