A survey of certified mail systems provided on the Internet

Over the last several years, an increasing number of certified mail systems have been put into place on the Internet. Governments, postal operators and private businesses now provide value-added electronic services that match the quality of postal certified mail. So far, there is no common view on the security properties that an electronic certified mail system has to provide. This applies to implementers and, surprisingly, also applies to the research community. All certified mail systems provided on the Internet are autonomous, and most are closed systems. However, recent developments call for cross-border certified mail communications that are similar to what we have become accustomed to in e-mail. This demand is emphasized by the ongoing implementation of the European Union (EU) Services Directive. The interoperability of certified mail systems is a new and challenging research field. The aim of this paper is to assess and discuss various standards and certified mail systems deployed on a large scale by drawing on the literature. This will facilitate interoperability efforts by offering a clearer view on the security properties that are actually applied in practice, as opposed to what is in research. We do this by classifying systems according to the security properties defined to date in the literature. Our findings show that standards and systems provided on the Internet have adopted many aspects of postal certified mail with respect to fairness, non-repudiation services and applied trust models. Nevertheless, there are still differences and incompatibilities, and the community must work toward common and interoperable systems. We encourage research into additional properties that could be applied in practice.

[1]  P. Hoffman Enhanced Security Services for S/MIME , 1999, RFC.

[2]  Gianluca Ramunno,et al.  Electronic Signatures and Infrastructures (ESI); Provision of harmonized Trust-service status information , 2006 .

[3]  Michael K. Reiter,et al.  Fair Exchange with a Semi-Trusted Third Party (extended abstract) , 1997, CCS.

[4]  Dieter Gollmann,et al.  Certified Electronic Mail , 1996, ESORICS.

[5]  Rolf Oppliger,et al.  Providing Certified Mail Services on the Internet , 2007, IEEE Security & Privacy.

[6]  Jianying Zhou,et al.  An intensive survey of fair non-repudiation protocols , 2002, Comput. Commun..

[7]  Arne Tauber,et al.  Requirements for Electronic Delivery Systems in eGovernment - An Austrian Experience , 2009, I3E.

[8]  Jörg Apitzsch,et al.  Mechanismen zur Nachweisbarkeit der Kommunikation bei OSCI Transport , 2007, Datenschutz und Datensicherheit - DuD.

[9]  Blake Ramsdell,et al.  S/MIME Version 3 Message Specification , 1999, RFC.

[10]  Michael T. Goodrich,et al.  TRICERT: A Distributed Certified E-Mail Scheme , 2001, NDSS.

[11]  Dieter Gollmann,et al.  A fair non-repudiation protocol , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[12]  Jose Antonio Onieva,et al.  Certified electronic mail: Properties revisited , 2010, Comput. Secur..

[13]  Tom Tedrick,et al.  Fair Exchange of Secrets , 1984, CRYPTO.

[14]  Robert H. Deng,et al.  Practical protocols for certified electronic mail , 1996, Journal of Network and Systems Management.

[15]  Javier López,et al.  Multiparty nonrepudiation: A survey , 2009, CSUR.

[16]  Olivier Markowitch,et al.  Probabilistic Non-Repudiation without Trusted Third Party , 1999 .

[17]  Norbert Gronau,et al.  Software Services for e-Business and e-Society, 9th IFIP WG 6.1 Conference on e-Business, e-Services and e-Society, I3E 2009, Nancy, France, September 23-25, 2009. Proceedings , 2009, I3E.

[18]  Ning Zhang,et al.  Achieving Non-Repudiation of Receipt , 1996, Comput. J..

[19]  N. Asokan,et al.  Optimistic protocols for fair exchange , 1997, CCS '97.

[20]  João Melo,et al.  EPM: Tech, Biz and Postal Services Meeting Point , 2004, ISSE.

[21]  E. F. Michiels,et al.  ISO/IEC 10181-4:1995 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework , 1996 .

[22]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[23]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[24]  Jens Dietrich,et al.  De-Mail — verschlüsselt, authentisch, nachweisbar , 2010, Datenschutz und Datensicherheit - DuD.

[25]  Reinhard Posch,et al.  Security architecture of the Austrian citizen card concept , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[26]  Peter W. Resnick,et al.  Internet Message Format , 2001, RFC.

[27]  Tom Coffey,et al.  Non-repudiation with mandatory proof of receipt , 1996, CCRV.

[28]  Wilhelm Weisweber,et al.  Virtual Post Office in Practice , 2007, ISSE.