PGP Modification for Securing Digital Envelope Mail Using COM(superscript +) and Web Services

10.6633/IJNS.201109.13(2).03

Tarek Salah Sobh；Mohamed Ibrahiem Amer

Component object model ； e-mail security protocols ； encryption ； PGP ； Web services

International Journal of Network Security

13卷2期（2011 / 09 / 01）

79 - 91

英文

Certified email is a value-added service for standard email systems, which guarantees the fairness, i.e., the intended recipient gets the mail content if and only if the mail originator receives a non-repudiation receipt showing that the message has been received by the recipient. Most of certified email protocols schemes have more or less weaknesses and/or security flaws. E-mail communication is insecure it can be read and modified as they are passed through the Internet as clear-text. In the worst case, fairness cannot be achieved since one dishonest party can mount some attacks to cheat the honest party such that the latter cannot get the expected items. In this paper, the proposed model is an attempt to standardize a protocol used to encrypt and digitally sign e-mail correspondence. Also, end-to-end security is discussed and a mechanism of key management is proposed if this service is requested by the user. We analyze some certified email protocols and propose some improvements in order to avoid security problems. Component object model and Web services are used to implement a prototype to the proposed model.