Moderately hard, memory-bound functions
ACM Transactions on Internet Technology (TOIT)
| Hi-index | 0.00 |
Universal email authentication is impossible with existing authentication schemes, namely DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF), primarily because at a minimum this would require the ongoing participation of every domain administrator in the world. Consequently a vast quantity of current email is unauthenticated, thus empowering spammers. This paper describes two unique methods employing digital signatures to automatically authenticate every computer involved in sending an email. The first method will authenticate the mail transfer agent (MTA) used to forward an email, while the second method will authenticate the personal computer that originated the email. Universal authentication occurring redundantly at both the MTA and the personal computer is achievable because these two methods do not require the participation of email users or administrations. The first method, MTA Authentication, will authenticate every MTA listed in an email header regardless of forwarding or the use of a dynamic IP address. This is made possible by having MTA software sign all outgoing email with an autonomously generated private key that is unique to that server. The distribution of the corresponding public key (an issue that plagues all other public key schemes) will require no human intervention as each mail server will automatically provide its public key to any computer in the world that queries it. The second method, Personal Computer Authentication, will authenticate the personal computer used to send an email. The email client will sign all email by using a public key -- the entire world can potentially use the same universally known public key. These digital signatures will encrypt not only the message hash but also a secret ID number that is unique to the personal computer. Receiving email systems will submit this encrypted digital signature to a single global database that will use the private key to decrypt the hash and the secret ID number. A reputation report corresponding to the secret ID number (but not the secret ID number itself) will be sent back to the receiving mail system. Personal computers will transparently acquire these secret ID numbers in a way that is resilient to botnets. Web browsers will employ a similar mechanism to authenticate personal computers used for webmail and other online transactions; one benefit of this will be that CAPTCHA can be eliminated. Universal authentication via these methods is easily achievable as it requires only a onetime software update by the relatively miniscule number of developers of the MTA programs, email clients, and web browsers that are in common use.