iSATS: Leveraging Identity based Sender Authentication for Spam Mitigation

Sufian Hameed, Tobias Kloht, Xiaoming Fu

Abstract

A vast majority of spam emails today are sent from botnets with forged sender addresses. This has attracted researchers over the years to develop email sender authentication mechanism as a promising way to verify identity of the senders. In this paper we introduce iSATS, a new email sender authentication system based on Identity-based public key cryptography. iSATS leverages an identity based signature scheme to provide a reliable and easy way to bind the identity of legitimate sender to an email. Unlike the popular existing solutions like SPF and DKIM, it is hard for the spammer to adopt iSATS.

References

  1. Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J., and Thomas, M. (2007). Domainkeys identified mail (dkim). RFC 4871.
  2. Boneh, D. and Franklin, M. (2001). Identity-based encryption from the weil pairing. In Advances in Cryptology - CRYPTO 2001, Lecture Notes in Computer Science, pages 213-229. Springer Berlin / Heidelberg.
  3. Cocks, C. (2001). An identity based encryption scheme based on quadratic residues. In Cryptography and Coding, Lecture Notes in Computer Science, pages 360-363. Springer Berlin / Heidelberg.
  4. EmailLimit (2010). Email address limit in webmail by providers. http://www.emailaddressmanager.com/ tips/email-address-limit.html.
  5. EVC (2009). Guidelines for the issuance and management of extended validation certificates. CA/Browser Forum Version 1.2.
  6. Klensin, J. (2008). Simple mail transfer protocol. The Internet Society, RFC 5321.
  7. MessageLabs (2005). Messagelabs intelligence report: Spam intercepts timeline. http:// www.messagelabs.co.uk/.
  8. Mori, T., Sato, K., Takahashi, Y., and Ishibashi, K. (2011). How is e-mail sender authentication used and misused? In Proceedings of CEAS 7811.
  9. Pingdom (2011). Internet 2010 in numbers. http://royal. pingdom.com/2011/01/12/internet-2010-in-numbers/.
  10. RedCondor (2011). Tracking the high cost of spam. http:// www.redcondor.com/company/.
  11. Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In Advances in cryptology, pages 47- 53. Springer.
  12. Symantec (2010). 2010 annual security report.
  13. Taylor, B. (2006). Sender reputation in a large webmail service. In CEAS.
  14. Wong, M. and Schlitt, W. (2006). Sender policy framework (spf). RFC 4408.
  15. Wong, M. W. (2005). Sender authentication: What to do. http://spf.pobox.com/whitepaper.pdf.
Download


Paper Citation


in Harvard Style

Hameed S., Kloht T. and Fu X. (2012). iSATS: Leveraging Identity based Sender Authentication for Spam Mitigation . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 408-411. DOI: 10.5220/0004078404080411


in Bibtex Style

@conference{secrypt12,
author={Sufian Hameed and Tobias Kloht and Xiaoming Fu},
title={iSATS: Leveraging Identity based Sender Authentication for Spam Mitigation},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={408-411},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004078404080411},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - iSATS: Leveraging Identity based Sender Authentication for Spam Mitigation
SN - 978-989-8565-24-2
AU - Hameed S.
AU - Kloht T.
AU - Fu X.
PY - 2012
SP - 408
EP - 411
DO - 10.5220/0004078404080411