Browse > Article
http://dx.doi.org/10.14400/JDC.2016.14.12.201

The Study on Secure Mail Platform and Mutual Authentication Using Mail Proxy  

Ahn, Hyo-Beom (Division of Information and communication, Kongju National University)
Lee, Su-Yeon (Division of Computer Engineering, Baekseok Culture University)
Publication Information
Journal of Digital Convergence / v.14, no.12, 2016 , pp. 201-208 More about this Journal
Abstract
The purpose of Email system is used to transmit important information between companies in today. But Email system has vulnerabilities such that changing email address of sender by attacker. So it is important to authenticate mail server and user using mail server. This paper proposed mail proxy located between mail servers that evaluate authority and authenticate sender and receiver. The proposed email platform has some functions to compose trusted domain and to authenticate mail servers in the domain. Also, if sender and recipient are valid users in mail system, each exchanges a key for confidentiality and the sender sends an e-mail encrypted with exchanged key to recipient. In this paper, we propose a key exchange scheme in proposed platform and verify this protocol using Casper which is the formal analysis tool. In the future research, we will study the overall platform of the domain configuration for the security of mail.
Keywords
Mutual Authentication; Mail Server; Mail Proxy; Key Exchange; User Authentication; Domain Management;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Kitterman, S., "Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1", RFC 7208, DOI 10.17487/RFC7208, April 2014, .   DOI
2 Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., "DomainKeys Identified Mail (DKIM) Signatures", STD 76, RFC 6376, DOI 10.17487/RFC6376, September 2011, .
3 Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based Message Authentication, Reporting, and Conformance(DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015,.   DOI
4 J. Callas, L. Donnerhacke and D. Shaw, "OpenPGP Message Format", RFC4880, November 2007, .
5 I. Brown and C. R. Snow, "A proxy approach to e-mail security," Software - Practice and Experience, Vol. 29, No. 12, pp. 1049-1060, October 1999   DOI
6 T. Aura, RFC 3872, Cryptographically Generated Address(CGA), http://tools.ietf.org/html/rfc3972
7 H.B. Ahn, J.H. Kim and J.H. Lee, "Study on Secure Mail System and User Authentication Using mail Proxy," MOBISEC2016 Symposium, 2016
8 J. Lyon, M. Wong, Sender ID: Authenticating E-mail, RFC 4406, April, 2006. https://tools.ietf.org/html/rfc4406
9 C. Cremers, S. Mauw, and E. de Vink, "Formal methods for security protocols: Three examples of the black-box approach," NVTI newsletter, Vol. 7, pp. 21-32, 2003.
10 SMTP Proxy, https://en.wikipedia.org/wiki/SMTP_proxy
11 S. Yang, X. Li, A limitation of BAN logic analysis on a manin-the-middle attack, Journal of Information and Computing, Science ,Vol. 1, No. 3, (2006) 131-138.
12 Formal System Ltd, FDR2 User Manual, Aug, 1999.
13 Kwang-Jae Lee, Keun-Ho Lee, "Authentication Scheme using Biometrics in Intelligent Vehicle Network", Journal of the Korea Convergence Society, Vol. 4, No. 3, pp. 15-20, 2013.   DOI
14 Lowq, G., "Casper: A Compiler for the analysis of Security Protocols," In Proc. of the 1997 IEEE Computer Security Foundation Workshop X, IEEE Computer Society, Silver Spring, MD, pp, 18-30, 1997.
15 Wessels, J., and CMG FINANCE BV. "Applications of BAN logic." Available from: http://www.win.tue. nl/ipa/activities/springdays2001/banwessels, 2001.
16 Myung-Seong Yim, Moral Disengagement in Information Security Context: A Study of Antecedents and Outcomes, Vol. 11, No. 11, pp. 1-13, 2013.   DOI
17 Tae-Hoon Yoo, Sang-Hun Lee, "Generation Method of Depth Map based on Vanishing Line using Gabor Filter", Journal of the Korea Convergence Society, Vol. 3, No. 1, pp. 13-17, 2012.