Certified E-mail Delivery Research Articles

A universal system for fair non-repudiable certified e-mail without a trusted third party

Certified e-mail delivery is a quickly emerging field with significant legal benefits for e-commerce and e-government. Existing service-providers provide individual solutions that rely on a trusted third party and are in general limited in their scope and interoperability; as a consequence, they are unsuitable for cross-border application as required by transnational unions like the EU.In contrast to existing service-providers, we present a working system for certified e-mail that does not rely on a trusted third party for fair non-repudiation of receipt. We achieve fair non-repudiation of receipt through a novel protocol that involves splitting an encrypted message into a chain of parts, which the addressee gradually acquires, generating proof-of-receipt for each individual part. The protocol cryptographically prevents the addressee from obtaining the message in case they terminate the protocol prematurely.The universality of the presented system makes it feasible for unobtrusive operation using existing user agents and e-mail providers. The system is presented as a proof-of-concept implementation for the open-source Mozilla Thunderbird user agent.

RSA-based Verifiable and Recoverable Encryption of Signatures and its application in certified e-mail delivery

This paper presents two variant protocols RSA-CEMD1 and RDA-CEMD2 for certified e-mail delivery with RSA receipts. The protocols provide non-repudiation of origin and non-repudiation of receipt security services to protect communicating parties from

Analysis and improvement of fair certified e-mail delivery protocol

Recently, Nenadic et al. proposed a novel fair exchange protocol RSA-CEMD [A. Nenadic, N. Zhang, S. Barton. Fair certified e-mail delivery, Proceedings of the 9th ACM Symposium on Applied Computing (SAC 2004)-Computer Security Track, Nicosia, Cyprus, pp. 391-396, 2004] for certified e-mail delivery with an off-line and transparent trusted third party. The protocol provides non-repudiation of origin and non-repudiation of receipt security service to protect communicating parties from each other's false denials that the e-mail has been sent and received. In this paper, we show that Nenadic's protocol cannot achieve the claimed fairness. In the exchange protocol, the receiver can cheat the sender successfully by sending an invalid verifiable and recoverable encryption of signature (VRES) which can pass all the sender's verifications, as the VRES scheme proposed in [A. Nenadic, N. Zhang, S. Barton. Fair certified e-mail delivery, Proceedings of the 9th ACM Symposium on Applied Computing (SAC 2004)-Computer Security Track, Nicosia, Cyprus, pp. 391-396, 2004] is inherently unrecoverable in some situations. In other words, there is always that the receiver can get the sender's e-mail message while the sender cannot obtain receiver's receipt. Furthermore, we propose a revised version of certified e-mail delivery protocol that preserves strong fairness while remaining optimistic.

Practical protocols for certified electronic mail

Electronic mail, or e-mail, has brought us a big step closer towards the vision of paperless offices. To advance even closer to this vision, however, it is essential that existing e-mail systems be enhanced with value-added services which are capable of replacing many of the human procedures established in pen and paper communications. One of the most important and desirable such services is certified e-mail delivery, in which the intended recipient will get the mail content if and only if the mail originator receives an irrefutable proof-of-delivery from the recipient. In this paper, we present the design of two third-party based certified mail protocols, termed CMP1 and CMP2. Both protocols are designed for integration into existing standard e-mail systems and both satisfy the requirements ofnonrepudiation of origin, nonrepudiation of delivery, and fairness. The difference between CMP1 and CMP2 is that the former provides no mail content confidentiality protection while the latter provides such a protection. Moreover, security of the protocols are analyzed using a recently proposed accountability framework.