More and more users are suffering from email-based phishing attacks over the past years. Despite the use of various technologies for anti-phishing, phishing is still one of most serious attacks against Internet users. Email phishing attacks fabricate the email’s origin. Unfortunately, current email server systems can not authenticate the genuineness of in-coming emails. In this paper, we present a novel antiphishing mechanism: Signed Email for Anti-Phishing (SEFAP), designed to automatically identify an email’s origin to mitigate email phishing attacks. The SEFAP system is an extendable secure cryptographic system that accommodates multiple signature schemes. SEFAP can adopt any signature scheme which has two properties: Identity-based and repudiability. Identity-based property removes the unrealistic full PKI infrastructure deployment requirement and the repudiability property protects sender’s privacy. We describe how to integrate the SEFAP system into a standard SMTP server. We also proposed an efficient implementation based on a novel ID-based ring signature scheme.
History
Citation
This conference paper was originally published as Qoing Ren, Yi Mu, Susilo, W., SEFAP: An Email System for Anti-Phishing, 6th IEEE/ACIS International Conference on Computer and Information Science ICIS 2007, 11-13 Jul, 782-787.
Parent title
Proceedings - 6th IEEE/ACIS International Conference on Computer and Information Science, ICIS 2007; 1st IEEE/ACIS International Workshop on e-Activity, IWEA 2007