Lightweight Signatures for Email [1,2]

Cryptographic Foundation [1] Email phishing attacks are one of today's most common and costly forms of digital identity theft, where an adversary tricks a user into revealing their personal information by impersonating an established company. Such attacks could be mitigated with digitally-signed emails, if these signatures did not: (1) destroy the traditional repudiability of email, and (2) require the unrealistic, widespread adoption of a Public-Key Infrastructure (PKI).

In order to overcome these obstacles, we introduce, define, and implement separable (a.k.a. cross-domain) identity-based ring signatures (SIBR, pronounced "cyber," signatures). The ring structure of these signatures provides repudiability. With identity-based public keys, a full PKI is no longer required. Separability allows ring constructions across different identity-based master key domains. Together, these properties make SIBR signatures a practical solution to the email spoofing problem.

Our construction yields a number of interesting components. First, we present several novel proofs of knowledge of bilinear map pre-images. We then present new identity-based identification (IBI) and signature (IBS) schemes based on these proofs. We note how our constructions share system parameters with the existing identity-based encryption schemes of Boneh-Franklin and Waters, thereby forming complete identity-based cryptosystems. We finally construct the first SIBR signature schemes by transforming our new signature schemes and certain other signature schemes.

Practical Deployment [2] We present a novel key distribution architecture and a novel use of the SIBR signatures in [1] for making email trustworthy. Like typical digital signatures, our solution fights email-based phishing attacks and mitigates spam by detecting spoofed emails. Unlike typical digital signatures, our approach requires no complex, preestablished public-key infrastructure nor cooperation between email domains. Furthermore, it provides just enough trust to make email useful again, but not too much: email remains repudiable. All current legitimate uses of email -- alternate email personalities, alternate outgoing mail servers, PGP or S/MIME encryption, sending attachments, web-based email etc... -- remain fully functional. The end-to-end nature of email is preserved: the only requirements are an upgraded email client and at least one keyserver. We call this approach a Lightweight Trust Architecture.

Ben and David are currently finishing a prototype of our system.

Lightweight Encryption for Email [3]

Though email encryption techniques have been available for more than a decade, none has been widely deployed. The problems of key generation, certification, and distribution have not been pragmatically addressed. We propose a new email encryption architecture which simplifies these key management functions and exhibits a progressive, realistic adoption and deployment process. Our solution is a key-splitting extension to our recently introduced Lightweight Trust Architecture [1,2]. It requires no significant new infrastructure and respects the end-to-end nature of email: the only requirements are an upgraded mail client and at least one keyserver.

References

[1] Ben Adida, Susan Hohenberger and Ronald L. Rivest. Separable Identity-Based Ring Signatures: Theoretical Foundations for Fighting Phishing Attacks. Preliminary version presented at the DIMACS Workshop on Theft in E-Commerce, Piscataway, New Jersey, April 2005. Available at http://theory.lcs.mit.edu/~rivest/publications.

[2] Ben Adida, Susan Hohenberger and Ronald L. Rivest. Fighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails. Preliminary version presented at the DIMACS Workshop on Theft in E-Commerce, Piscataway, New Jersey, April 2005. Available at http://theory.lcs.mit.edu/~rivest/publications.

[3] Ben Adida, Susan Hohenberger and Ronald L. Rivest. Lightweight Encryption for Email. Draft (to appear), April 2005. Soon to be available at http://theory.lcs.mit.edu/~rivest/publications.