| Abstract: | Electronic mail (e-mail) is one of the most important and widely used network applications. It has been used in communications between individuals, business organizations and governmental agencies around the world. In 2006, Kim et al. proposed two e-mail protocols with perfect forward secrecy. Unfortunately, Yoon and Yoo recently demonstrated that Kim et al.’s second e-mail protocol is insecure under two impersonation attacks, where an attacker can easily impersonate a legal sender in order to send a forged e-mail to a recipient, or and attacker can easily impersonate a legal e-mail server to get all e-mail content sent from senders to recipients.
However, Yoon and Yoo didn’t propose the improved version for the impersonation attacks. For this reason, the first goal of the thesis is to propose a secure e-mail protocol, which not only can remedy the weakness came from the impersonation attacks, but also can provide the additional functionality by attaching the time-stamp issued by the Time-Stamping Service (TSS). Hence, some time-sensitive e-mail content, typically for e-commerce, intellectual property protection, and records integrity, all benefit from the time-stamping service. In additions, some possible attacks, i.e. delay or replay, can also be eliminated.
With the rapid development of communication technologies, mobile communication environments are pervasive. Major e-mail providers, such as Gmail, Yahoo, currently provide mobile e-mail services. However, mobile devices are not equipped with sufficient resources to handle the expensive computations required for exploiting PKI. Furthermore, there has been growing interest in executing web-applications on resource-constrained mobile devices via browser-based interface. Therefore, it is necessary to design an efficient and secure e-mail system for mobile applications. According to the point, the second goal of the thesis is to design an efficient e-mail protocol with elliptic curve cryptography (ECC).
From the viewpoint of the security, these two e-mail systems proposed in this thesis not only can provide perfect forward secrecy but also can withstand variety of well-known attacks. Besides, some basic security requirements, such as non-repudiation, confidentiality, integrity, and authentication, can also be guaranteed. In this way, this model can be put on many deployed popular mobile e-mail services directly. Thus, we thought that this project is important and ought to be examined. |
