KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures

by   Michael Specter, et al.

Email breaches are commonplace, and they expose a wealth of personal, business, and political data that may have devastating consequences. The current email system allows any attacker who gains access to your email to prove the authenticity of the stolen messages to third parties -- a property arising from a necessary anti-spam / anti-spoofing protocol called DKIM. This exacerbates the problem of email breaches by greatly increasing the potential for attackers to damage the users' reputation, blackmail them, or sell the stolen information to third parties. In this paper, we introduce "non-attributable email", which guarantees that a wide class of adversaries are unable to convince any third party of the authenticity of stolen emails. We formally define non-attributability, and present two practical system proposals -- KeyForge and TimeForge -- that provably achieve non-attributability while maintaining the important protection against spam and spoofing that is currently provided by DKIM. Moreover, we implement KeyForge and demonstrate that that scheme is practical, achieving competitive verification and signing speed while also requiring 42 bandwidth per email than RSA2048.



There are no comments yet.



Towards the Adoption of Anti-spoofing Protocols for Email Systems

Email spoofing is a critical step of phishing, where the attacker impers...

Anti-Spoofing Using Transfer Learning with Variational Information Bottleneck

Recent advances in sophisticated synthetic speech generated from text-to...

MToFNet: Object Anti-Spoofing with Mobile Time-of-Flight Data

In online markets, sellers can maliciously recapture others' images on d...

ASSERT: Anti-Spoofing with Squeeze-Excitation and Residual neTworks

We present JHU's system submission to the ASVspoof 2019 Challenge: Anti-...

Dynamically Mitigating Data Discrepancy with Balanced Focal Loss for Replay Attack Detection

It becomes urgent to design effective anti-spoofing algorithms for vulne...

Learning deep forest with multi-scale Local Binary Pattern features for face anti-spoofing

Face Anti-Spoofing (FAS) is significant for the security of face recogni...

The fully-visible Boltzmann machine and the Senate of the 45th Australian Parliament in 2016

After the 2016 double dissolution election, the 45th Australian Parliame...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.