SlideShare a Scribd company logo

SureMail: Notification Overlay for Email Reliability

Download as PPT, PDF
W
webhostingguy

The document proposes SureMail, a notification overlay system that addresses the problem of "silent email loss" where emails are lost without the sender or recipient's knowledge. SureMail aims to minimize demands on email infrastructure while preserving privacy. It works by having senders post encrypted notifications to a decentralized notification server in addition to sending emails. Recipients periodically download notifications to check for missing emails. The system seeks to protect recipient and sender identity and block notification spam through techniques like email-based handshakes and shared secrets between correspondents.

1 of 42
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
SureMail: Notification Overlay for Email Reliability Sharad Agarwal & Venkat Padmanabhan Microsoft Research Dilip Antony Joseph UC Berkeley HotNets 2005
Silent Email Loss Silent email loss: email “vanishes” without sender/recipient knowledge  missed opportunities, misunderstanding, or worse Nontrivial problem anecdotal evidence measurement studies 0.69% loss rate [LM 04] 0.1-5% loss rate [AB 05] commercial offerings to address the problem e.g., Pivotal Veracity, Zenprise
HotNets air ticket confirmation “ We have sent it through again. If you do not receive it with in an hour or two, please let us know.” Funding proposal "No I never got and I never acked it… My last mail from you was [on] 3/10/2004.” IMC 2005 decision notification “ I recd reviews for one paper (#X) but not that of #Y.” IMAP server upgrade problems “ Some unanticipated migration problems occurred that may have caused some lost or delayed email.”
Silent Email Loss Silent email loss: email “vanishes” without sender/recipient knowledge  missed opportunities, misunderstanding, or worse Nontrivial problem anecdotal evidence measurement studies 0.69% loss rate [Lang & Moors 2004] 0.1-5% loss rate [Afergan & Beverly 2005] commercial offerings to address the problem e.g., Pivotal Veracity, Zenprise
Silent Email Loss Why email loss? spam filtering: big problem  aggressive filtering MS: 90% of emails discarded before hitting user mailboxes AOL: 100 emails per month to maintain IP white-listing server failures and upgrades SMTP is not end-to-end reliable (Non-)Delivery status notifications compounds spam problem raises privacy concerns So email loss is often silent
Fixing the Problem Improve the email delivery infrastructure more reliable servers e.g., cluster-based (Porcupine [Saito ’00]) server-less systems e.g., DHT-based (POST [Mislove ’03]) total switchover might be risky “ Smarter” spam filtering moving target  mistakes inevitable non-content-based filtering still needed to cope with spam load
SureMail SureMail addresses the problem from the outside add separate notification overlay email delivery infrastructure left undisturbed users can benefit without operator cooperation Design goals: minimize demands on infrastructure and users preserve asynchronous operation and privacy (no worse than it is today) maintain defenses against spam and viruses minimize overhead
Basic Operation Sender S Recipient R Notification server Request lost message GetNotifications Missing Items Folder [S, H (M)]
Notification Overlay Decentralized limited collusion among the constituent nodes Efficient notification server lookup e.g., R  H (R) in a DHT setup Agnostic to actual implementation end-host-based (e.g., always-on user desktops) infrastructure-based (e.g., “NX servers”)
Challenges Privacy information about users’ email habits could be leaked Notification spam spammers can spoof notifications and burden users annoyance attacks discredit notifications in general Even the notification infrastructure isn’t trusted No universal PKI for email users
SureMail Goals Protect the recipient’s identity attacker shouldn’t be able to retrieve R’s notifications or learn the volume of notifications intended for R Protect the sender’s identity attacker shouldn’t be able to learn S’s identity or monitor the volume of notifications posted by S Block notification spam attacker shouldn’t be able to spoof notifications
Assumptions No email eavesdroppers privacy is moot otherwise Limited collusion among notification nodes needed only to avoid leaking notification volume info
Key Mechanisms #1: Email-based handshake #2: Decoupled registration and notification #3: Email-based shared secret #4: Reply-based shared secret
#1: Email-based handshake Goal: prevent hijacking of R’s identity Only R can receive emails sent to R One-time operation for initial registration Send email to R to establish registration secret shared with the notification overlay R can then use registration secret to authenticate itself to the notification overlay
#2: Decoupled registration & notification Goal: prevent snooping on recipient identity Limited collusion among notification nodes Registration at D reg = H ( H (R)) Notification posted at D not = H (R) R contacts D not to retrieve notifications for H (R) D not can find D reg without knowing R Neither D not nor D reg can associate notifications with R, unless they collude
#3: Email-based shared secret Goal: prevent snooping on sender identity Email M old from S to R in known only to S and R H (M old ) could serve as implicit identifier of S to R But it doesn’t quite serve as authenticator for S: D not knows H (M old ), so it could spoof notifications from S even other attackers could do so by first sending M spam purporting to be from S
#4: Reply-based shared secret Goal: block spoofing of notifications Users rarely have conversation with spammers R remembers (hashes of) recent emails from S that it has replied to If S receives a reply to M old it had sent R, M old can serve as a shared secret between S and R S could use H 1 (M old ) as an implicit identifier… … and H 2 (M old ) as an authenticator Hard for a spammer (even D not ) to spoof
Putting it all together Sender S Recipient R D reg = H ( H (R)) D not= H (R) Missing Items Folder Request lost message Register Verify GetNotifications H 1 (M) =H 1 (M old ) ,H 2 (M old )] [
Other issues Reply-detection: “ in-reply-to” header may not always help indirect checks based on text similarity Reducing overhead: post notifications only for “important” emails hold off on posting notification in the hope of receiving an implicit ACK (reply) or NACK (bounce-back) First-time “legitimate” senders: they are indistinguishable from spammers Mobility: reply-based shared secret enables secure migration without state transfer
Status Ongoing measurement experiment Design being refined Implementation in the works
Discussion #1: Should the notification system be folded into the email infrastructure? Separation is advantageous: provides failure independence keeps the notification layer simple small, fixed format notifications don’t require the same kind of processing as virus-laden email provides engineering convenience
Discussion #2: Is there a social benefit to silent email loss because of the plausible deniability it provides? Any such benefit is far outweighed by the costs Should cars be slightly unreliable because of the excuse it would give people when they miss an engagement? It is the asynchronous nature of email that is key
 
Anecdotes Funding proposal "No I never got and I never acked it… My last mail from you was [on] 3/10/2004.” Response to self-managing networks summit invitation "Yesterday's email did not bounce back, wonder where it is!” IMC 2005 decision notification “ I recd reviews for one paper (#X) but not that of #Y.” IMAP server upgrade problems “ Some unanticipated migration problems occurred that may have caused some lost or delayed email.”
Basic Operation Senders post notifications to overlay, in addition to sending emails as usual Intended recipients periodically download notifications intended for them A notification without a matching email suggests possible email loss
Putting it all together Registration: R contacts D reg = H ( H (R)) to register D reg sends R an email to set up registration secret Posting notifications: upon sending email M to R, S posts notification N to D not = H (R) N = [Encrypt( H 2 (M old ), H 1 (M)), H 1 (M old )]
Putting it all together Retrieving notifications: R asks D not for the notifications corresponding to H (R) and presents evidence of registration secret D not contacts D reg to verify evidence, before returning the notifications to R R uses H 1 (M old ) to identify M old and compute the encryption key H 2 (M old ) R discards bogus notifications and checks for missing emails corresponding to the remaining notifications
#1: Protecting the recipient’s identity Goal: only R should be able to retrieve notifications intended for it attackers shouldn’t be able to learn even the volume of notifications intended for R Key idea: Email-based handshake: prevents “hijacking” of R’s identity Decoupling registration from notification: prevents bad DHT node from associating notifications with R
#1: Protecting the recipient’s identity Registration: R contacts D reg = H ( H (R)) to register D reg sends R an email to set up a shared secret Posting notifications: Upon sending email M to R, S posts notification N = [ H (M),S] to D not = H (R) Retrieving notifications: R presents an authenticator to D not and asks for the notifications corresponding to H (R) D not contacts D reg to verify the authenticator, before returning the notifications R checks if emails are missing and presents the corresponding S to the user
SureMail Goals #1: protecting the recipient’s identity #2: protecting the sender’s identity #3: blocking notification spam
#2: protecting the sender’s identity Goal: attackers shouldn’t be able to learn S’s identity or monitor the volume of notifications posted by S clearly N = [ H (M),S] won’t do Key idea: email-based shared secret assuming no eavesdroppers, an email M old from S to R in known only to S and R so H (M old ) could serve as an authenticator and identifier of S to R
#2: protecting the sender’s identity Posting notifications: S’s identity is made implicit in the notification N = [ H (M), H (M old )] Retrieving notifications: R stores hashes of emails received (recently) from various senders it searches for H (M old ) to identify S if H (M old ) can’t be found, the notification is ignored
SureMail Goals #1: protecting the recipient’s identity #2: protecting the sender’s identity #3: blocking notification spam
#3: blocking notification spam Goal: prevent spammers from posting bogus notifications and burdening users with false reports of email loss A malicious DHT node could itself be a spammer
#3: blocking notification spam Current scheme is vulnerable to attack Easy for malicious DHT node D not to generate spam: D not has ready access to H (M old ) it could spam R with bogus notifications purporting to be from S Another spammer (say X) could also do so: X sends R a message M spam purporting to be from S X can then use H (M spam ) as the implicit identifier in notifications R may assume it is really missing an email from S Spammer gain indirectly by annoying R and S, thereby discrediting notifications in general
#3: blocking notification spam Key idea: reply-based shared secret users rarely engage in conversations with spammers so if S receives a reply to a message M old that it had sent R, S could use H (M old ) as an implicit identifier hard for a spammer to spoof the identifier special construction to prevent spoofing by D not Notification format: N = [Encrypt( H ”(M old ), H (M)), H (M old )] R uses H (M old ) to identify M old and compute the encryption key H ”(M old )
PKI-based Design R ↔ D A : RegisterRecipient(R,A) S ↔ D N : PostNotification( H (R),N) N = [ H (M), TTL, E (R pb ,S), Sg (S pv , H (M),TTL)] R ↔ D N : CheckNotification( H (R),A) D N : find D A = H ( H (R)) D N ↔ D A : AuthenticateRequest( H (R),A) D N ↔ R: ReturnNotifications() R: identify notifications corresponding to missing email and notify user if S is trusted
Notation Sender S Recipient R Message M Notification N Crypto operations: H : hash(…) Sg : sign(key,…) E : encrypt(key,…)
Overhead duplication of effort with respect to email delivery #3: preserve privacy of email content attacker shouldn’t be able to learn email content
Silent Email Loss Silent email loss is a non-negligible problem silent loss = no notification to sender or recipient imposes significant cost, degrades user experience Several causes spam filtering MS IT: 90% of emails discarded off the bat failures and upgrades Measurement studies 0.5-1.0% silent loss ([Lang ’04], [Afergan ’05]) ongoing measurement study at MSR quantify email delays & loss across ~25 domains
SureMail Overview SureMail adds separate notification system orthogonal to email delivery infrastructure email is still subject to checking by spam filters, virus scanners doesn’t create backdoor for malware bounds worst case performance Asynchronous operation senders post notifications = hash(message) recipients check for them preserves the privacy of email (unlike read receipts)
SureMail Design Reply-based shared secret A sends an email M to B (A  B) B replies to A’s email (B  A) A uses hash(M) to “prove” to B that it is legitimate shared secret is continually refreshed Reply-based shared secret helps: avoid burdening users with notification spam maintain privacy of notifications

More Related Content

PDF
IRJET- Security from Man-In-The-Middle-Attack
IRJET Journal
 
PDF
Final report
Rahul Sihag
 
PDF
03 wireshark dns-solution_july_22_2007
brayan huamani capcha
 
PPTX
Public Key Cryptosystem
Devakumar Kp
 
PPT
Public Key Cryptography
anusachu .
 
PDF
MULTI-STAGE ENCRYPTION USING SEEDED SDES
Eswar Publications
 
PDF
Authentication in Different Scenarios
Raj Sikarwar
 
DOCX
Unit v
Bathshebaparimala
 
IRJET- Security from Man-In-The-Middle-Attack
IRJET Journal
 
Final report
Rahul Sihag
 
03 wireshark dns-solution_july_22_2007
brayan huamani capcha
 
Public Key Cryptosystem
Devakumar Kp
 
Public Key Cryptography
anusachu .
 
MULTI-STAGE ENCRYPTION USING SEEDED SDES
Eswar Publications
 
Authentication in Different Scenarios
Raj Sikarwar
 
Unit v
Bathshebaparimala
 

Viewers also liked (20)

PPT
PL WEB
webhostingguy
 
PPT
Slide 1 - Parallels Plesk Control Panel 8.6.0
webhostingguy
 
PPT
Css
Kavi Bharathi R
 
PPT
Ajax
Kavi Bharathi R
 
PDF
Slide 1
webhostingguy
 
PPT
Parallels Hosting Products
webhostingguy
 
PPS
IT Power Management Strategy
webhostingguy
 
PDF
Linux Hosting Training Course Level 1-2
Ramy Allam
 
PPT
Notes8
webhostingguy
 
PPT
Microsoft PowerPoint presentation 2.175 Mb
webhostingguy
 
PPTX
setting Dns linux debian
Arga Prahara
 
PPT
SureMail: Notification Overlay for Email Reliability
webhostingguy
 
PPT
Web 2.0
Kavi Bharathi R
 
PPT
Get your website noticed by Jason King of HAVS
webhostingguy
 
PPT
Html
Kavi Bharathi R
 
PPT
Managing Diverse IT Infrastructure
webhostingguy
 
PDF
Installing web sphere application server v7 on red hat enterprise linux v6.3
Dave Hay
 
PPT
Class Presentation
webhostingguy
 
PPT
#1
webhostingguy
 
PPT
OLUG_xen.ppt
webhostingguy
 
PL WEB
webhostingguy
 
Slide 1 - Parallels Plesk Control Panel 8.6.0
webhostingguy
 
Css
Kavi Bharathi R
 
Ajax
Kavi Bharathi R
 
Slide 1
webhostingguy
 
Parallels Hosting Products
webhostingguy
 
IT Power Management Strategy
webhostingguy
 
Linux Hosting Training Course Level 1-2
Ramy Allam
 
Notes8
webhostingguy
 
Microsoft PowerPoint presentation 2.175 Mb
webhostingguy
 
setting Dns linux debian
Arga Prahara
 
SureMail: Notification Overlay for Email Reliability
webhostingguy
 
Web 2.0
Kavi Bharathi R
 
Get your website noticed by Jason King of HAVS
webhostingguy
 
Html
Kavi Bharathi R
 
Managing Diverse IT Infrastructure
webhostingguy
 
Installing web sphere application server v7 on red hat enterprise linux v6.3
Dave Hay
 
Class Presentation
webhostingguy
 
#1
webhostingguy
 
OLUG_xen.ppt
webhostingguy
 
Ad

Similar to SureMail: Notification Overlay for Email Reliability (20)

PDF
Email security
SultanErbo
 
PPTX
Security Services for E-mail in Network Security
chitram210
 
PPTX
Network and Internet Security.pptx
Guna Dhondwad
 
PPTX
Digital Certified Mail (PPT)
Matthew Chang
 
DOCX
YosefGamble_Writing_Sample_Email_Security
Yosef Gamble
 
PPTX
Jipdec 20131216-english
Kazunori Ando
 
PDF
Digital Certified Mail
Matthew Chang
 
PPTX
Email security
kumarviji
 
PDF
Electronic Mail Security (University of Jeddah, Saudi Arabia)
IJCSIS Research Publications
 
PDF
A New Method to Stop Spam Emails in Sender Side
IDES Editor
 
PPTX
Sender Policy Framework (SPF): An Email Authentication Technique
HTS Hosting
 
PPTX
Email security
Baliram Yadav
 
PDF
Email security presentation
SubhradeepMaji
 
PPT
apsec SEPPmail Email Security Gateway
andreasschuster
 
PPTX
Electronic mail
Abid Fakhre Alam
 
PPT
Email
Roy Thomas
 
PDF
What You Don’t Know about Email Security Protocols_ Could Cost You Millions.pdf
CyberPro Magazine
 
KEY
David Troy - Presentation at Emerging Communications Conference & Awards (eCo...
eCommConf
 
PDF
Final year project report on Internet And Interanet Emailing server
sachin993
 
PPTX
Encrypted email hack2o presentation
Ann Treacy
 
Email security
SultanErbo
 
Security Services for E-mail in Network Security
chitram210
 
Network and Internet Security.pptx
Guna Dhondwad
 
Digital Certified Mail (PPT)
Matthew Chang
 
YosefGamble_Writing_Sample_Email_Security
Yosef Gamble
 
Jipdec 20131216-english
Kazunori Ando
 
Digital Certified Mail
Matthew Chang
 
Email security
kumarviji
 
Electronic Mail Security (University of Jeddah, Saudi Arabia)
IJCSIS Research Publications
 
A New Method to Stop Spam Emails in Sender Side
IDES Editor
 
Sender Policy Framework (SPF): An Email Authentication Technique
HTS Hosting
 
Email security
Baliram Yadav
 
Email security presentation
SubhradeepMaji
 
apsec SEPPmail Email Security Gateway
andreasschuster
 
Electronic mail
Abid Fakhre Alam
 
Email
Roy Thomas
 
What You Don’t Know about Email Security Protocols_ Could Cost You Millions.pdf
CyberPro Magazine
 
David Troy - Presentation at Emerging Communications Conference & Awards (eCo...
eCommConf
 
Final year project report on Internet And Interanet Emailing server
sachin993
 
Encrypted email hack2o presentation
Ann Treacy
 
Ad

More from webhostingguy (20)

PPT
File Upload
webhostingguy
 
PDF
Running and Developing Tests with the Apache::Test Framework
webhostingguy
 
PDF
MySQL and memcached Guide
webhostingguy
 
PPT
Novell® iChain® 2.3
webhostingguy
 
PDF
Load-balancing web servers Load-balancing web servers
webhostingguy
 
PDF
SQL Server 2008 Consolidation
webhostingguy
 
PDF
What is mod_perl?
webhostingguy
 
PDF
What is mod_perl?
webhostingguy
 
PDF
Master Service Agreement
webhostingguy
 
PPT
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
webhostingguy
 
PDF
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
webhostingguy
 
PPT
Web design for business.ppt
webhostingguy
 
PPS
Excel and SQL Quick Tricks for Merchandisers
webhostingguy
 
PDF
Reseller's Guide
webhostingguy
 
PDF
Installation of MySQL 5.1 Cluster Software on the Solaris 10 ...
webhostingguy
 
PDF
Getting Started Guide
webhostingguy
 
PDF
"BEST MONEY TV HOST" CONSUELO MACK Launches Fifth Season on ...
webhostingguy
 
PDF
Best Practises: Java OGSI Hosting Environment Design
webhostingguy
 
PDF
NGS
webhostingguy
 
PDF
Host Based Security Best Practices
webhostingguy
 
File Upload
webhostingguy
 
Running and Developing Tests with the Apache::Test Framework
webhostingguy
 
MySQL and memcached Guide
webhostingguy
 
Novell® iChain® 2.3
webhostingguy
 
Load-balancing web servers Load-balancing web servers
webhostingguy
 
SQL Server 2008 Consolidation
webhostingguy
 
What is mod_perl?
webhostingguy
 
What is mod_perl?
webhostingguy
 
Master Service Agreement
webhostingguy
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
webhostingguy
 
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
webhostingguy
 
Web design for business.ppt
webhostingguy
 
Excel and SQL Quick Tricks for Merchandisers
webhostingguy
 
Reseller's Guide
webhostingguy
 
Installation of MySQL 5.1 Cluster Software on the Solaris 10 ...
webhostingguy
 
Getting Started Guide
webhostingguy
 
"BEST MONEY TV HOST" CONSUELO MACK Launches Fifth Season on ...
webhostingguy
 
Best Practises: Java OGSI Hosting Environment Design
webhostingguy
 
NGS
webhostingguy
 
Host Based Security Best Practices
webhostingguy
 

SureMail: Notification Overlay for Email Reliability

  • 1. SureMail: Notification Overlay for Email Reliability Sharad Agarwal & Venkat Padmanabhan Microsoft Research Dilip Antony Joseph UC Berkeley HotNets 2005
  • 2. Silent Email Loss Silent email loss: email “vanishes” without sender/recipient knowledge  missed opportunities, misunderstanding, or worse Nontrivial problem anecdotal evidence measurement studies 0.69% loss rate [LM 04] 0.1-5% loss rate [AB 05] commercial offerings to address the problem e.g., Pivotal Veracity, Zenprise
  • 3. HotNets air ticket confirmation “ We have sent it through again. If you do not receive it with in an hour or two, please let us know.” Funding proposal "No I never got and I never acked it… My last mail from you was [on] 3/10/2004.” IMC 2005 decision notification “ I recd reviews for one paper (#X) but not that of #Y.” IMAP server upgrade problems “ Some unanticipated migration problems occurred that may have caused some lost or delayed email.”
  • 4. Silent Email Loss Silent email loss: email “vanishes” without sender/recipient knowledge  missed opportunities, misunderstanding, or worse Nontrivial problem anecdotal evidence measurement studies 0.69% loss rate [Lang & Moors 2004] 0.1-5% loss rate [Afergan & Beverly 2005] commercial offerings to address the problem e.g., Pivotal Veracity, Zenprise
  • 5. Silent Email Loss Why email loss? spam filtering: big problem  aggressive filtering MS: 90% of emails discarded before hitting user mailboxes AOL: 100 emails per month to maintain IP white-listing server failures and upgrades SMTP is not end-to-end reliable (Non-)Delivery status notifications compounds spam problem raises privacy concerns So email loss is often silent
  • 6. Fixing the Problem Improve the email delivery infrastructure more reliable servers e.g., cluster-based (Porcupine [Saito ’00]) server-less systems e.g., DHT-based (POST [Mislove ’03]) total switchover might be risky “ Smarter” spam filtering moving target  mistakes inevitable non-content-based filtering still needed to cope with spam load
  • 7. SureMail SureMail addresses the problem from the outside add separate notification overlay email delivery infrastructure left undisturbed users can benefit without operator cooperation Design goals: minimize demands on infrastructure and users preserve asynchronous operation and privacy (no worse than it is today) maintain defenses against spam and viruses minimize overhead
  • 8. Basic Operation Sender S Recipient R Notification server Request lost message GetNotifications Missing Items Folder [S, H (M)]
  • 9. Notification Overlay Decentralized limited collusion among the constituent nodes Efficient notification server lookup e.g., R  H (R) in a DHT setup Agnostic to actual implementation end-host-based (e.g., always-on user desktops) infrastructure-based (e.g., “NX servers”)
  • 10. Challenges Privacy information about users’ email habits could be leaked Notification spam spammers can spoof notifications and burden users annoyance attacks discredit notifications in general Even the notification infrastructure isn’t trusted No universal PKI for email users
  • 11. SureMail Goals Protect the recipient’s identity attacker shouldn’t be able to retrieve R’s notifications or learn the volume of notifications intended for R Protect the sender’s identity attacker shouldn’t be able to learn S’s identity or monitor the volume of notifications posted by S Block notification spam attacker shouldn’t be able to spoof notifications
  • 12. Assumptions No email eavesdroppers privacy is moot otherwise Limited collusion among notification nodes needed only to avoid leaking notification volume info
  • 13. Key Mechanisms #1: Email-based handshake #2: Decoupled registration and notification #3: Email-based shared secret #4: Reply-based shared secret
  • 14. #1: Email-based handshake Goal: prevent hijacking of R’s identity Only R can receive emails sent to R One-time operation for initial registration Send email to R to establish registration secret shared with the notification overlay R can then use registration secret to authenticate itself to the notification overlay
  • 15. #2: Decoupled registration & notification Goal: prevent snooping on recipient identity Limited collusion among notification nodes Registration at D reg = H ( H (R)) Notification posted at D not = H (R) R contacts D not to retrieve notifications for H (R) D not can find D reg without knowing R Neither D not nor D reg can associate notifications with R, unless they collude
  • 16. #3: Email-based shared secret Goal: prevent snooping on sender identity Email M old from S to R in known only to S and R H (M old ) could serve as implicit identifier of S to R But it doesn’t quite serve as authenticator for S: D not knows H (M old ), so it could spoof notifications from S even other attackers could do so by first sending M spam purporting to be from S
  • 17. #4: Reply-based shared secret Goal: block spoofing of notifications Users rarely have conversation with spammers R remembers (hashes of) recent emails from S that it has replied to If S receives a reply to M old it had sent R, M old can serve as a shared secret between S and R S could use H 1 (M old ) as an implicit identifier… … and H 2 (M old ) as an authenticator Hard for a spammer (even D not ) to spoof
  • 18. Putting it all together Sender S Recipient R D reg = H ( H (R)) D not= H (R) Missing Items Folder Request lost message Register Verify GetNotifications H 1 (M) =H 1 (M old ) ,H 2 (M old )] [
  • 19. Other issues Reply-detection: “ in-reply-to” header may not always help indirect checks based on text similarity Reducing overhead: post notifications only for “important” emails hold off on posting notification in the hope of receiving an implicit ACK (reply) or NACK (bounce-back) First-time “legitimate” senders: they are indistinguishable from spammers Mobility: reply-based shared secret enables secure migration without state transfer
  • 20. Status Ongoing measurement experiment Design being refined Implementation in the works
  • 21. Discussion #1: Should the notification system be folded into the email infrastructure? Separation is advantageous: provides failure independence keeps the notification layer simple small, fixed format notifications don’t require the same kind of processing as virus-laden email provides engineering convenience
  • 22. Discussion #2: Is there a social benefit to silent email loss because of the plausible deniability it provides? Any such benefit is far outweighed by the costs Should cars be slightly unreliable because of the excuse it would give people when they miss an engagement? It is the asynchronous nature of email that is key
  • 23.  
  • 24. Anecdotes Funding proposal "No I never got and I never acked it… My last mail from you was [on] 3/10/2004.” Response to self-managing networks summit invitation "Yesterday's email did not bounce back, wonder where it is!” IMC 2005 decision notification “ I recd reviews for one paper (#X) but not that of #Y.” IMAP server upgrade problems “ Some unanticipated migration problems occurred that may have caused some lost or delayed email.”
  • 25. Basic Operation Senders post notifications to overlay, in addition to sending emails as usual Intended recipients periodically download notifications intended for them A notification without a matching email suggests possible email loss
  • 26. Putting it all together Registration: R contacts D reg = H ( H (R)) to register D reg sends R an email to set up registration secret Posting notifications: upon sending email M to R, S posts notification N to D not = H (R) N = [Encrypt( H 2 (M old ), H 1 (M)), H 1 (M old )]
  • 27. Putting it all together Retrieving notifications: R asks D not for the notifications corresponding to H (R) and presents evidence of registration secret D not contacts D reg to verify evidence, before returning the notifications to R R uses H 1 (M old ) to identify M old and compute the encryption key H 2 (M old ) R discards bogus notifications and checks for missing emails corresponding to the remaining notifications
  • 28. #1: Protecting the recipient’s identity Goal: only R should be able to retrieve notifications intended for it attackers shouldn’t be able to learn even the volume of notifications intended for R Key idea: Email-based handshake: prevents “hijacking” of R’s identity Decoupling registration from notification: prevents bad DHT node from associating notifications with R
  • 29. #1: Protecting the recipient’s identity Registration: R contacts D reg = H ( H (R)) to register D reg sends R an email to set up a shared secret Posting notifications: Upon sending email M to R, S posts notification N = [ H (M),S] to D not = H (R) Retrieving notifications: R presents an authenticator to D not and asks for the notifications corresponding to H (R) D not contacts D reg to verify the authenticator, before returning the notifications R checks if emails are missing and presents the corresponding S to the user
  • 30. SureMail Goals #1: protecting the recipient’s identity #2: protecting the sender’s identity #3: blocking notification spam
  • 31. #2: protecting the sender’s identity Goal: attackers shouldn’t be able to learn S’s identity or monitor the volume of notifications posted by S clearly N = [ H (M),S] won’t do Key idea: email-based shared secret assuming no eavesdroppers, an email M old from S to R in known only to S and R so H (M old ) could serve as an authenticator and identifier of S to R
  • 32. #2: protecting the sender’s identity Posting notifications: S’s identity is made implicit in the notification N = [ H (M), H (M old )] Retrieving notifications: R stores hashes of emails received (recently) from various senders it searches for H (M old ) to identify S if H (M old ) can’t be found, the notification is ignored
  • 33. SureMail Goals #1: protecting the recipient’s identity #2: protecting the sender’s identity #3: blocking notification spam
  • 34. #3: blocking notification spam Goal: prevent spammers from posting bogus notifications and burdening users with false reports of email loss A malicious DHT node could itself be a spammer
  • 35. #3: blocking notification spam Current scheme is vulnerable to attack Easy for malicious DHT node D not to generate spam: D not has ready access to H (M old ) it could spam R with bogus notifications purporting to be from S Another spammer (say X) could also do so: X sends R a message M spam purporting to be from S X can then use H (M spam ) as the implicit identifier in notifications R may assume it is really missing an email from S Spammer gain indirectly by annoying R and S, thereby discrediting notifications in general
  • 36. #3: blocking notification spam Key idea: reply-based shared secret users rarely engage in conversations with spammers so if S receives a reply to a message M old that it had sent R, S could use H (M old ) as an implicit identifier hard for a spammer to spoof the identifier special construction to prevent spoofing by D not Notification format: N = [Encrypt( H ”(M old ), H (M)), H (M old )] R uses H (M old ) to identify M old and compute the encryption key H ”(M old )
  • 37. PKI-based Design R ↔ D A : RegisterRecipient(R,A) S ↔ D N : PostNotification( H (R),N) N = [ H (M), TTL, E (R pb ,S), Sg (S pv , H (M),TTL)] R ↔ D N : CheckNotification( H (R),A) D N : find D A = H ( H (R)) D N ↔ D A : AuthenticateRequest( H (R),A) D N ↔ R: ReturnNotifications() R: identify notifications corresponding to missing email and notify user if S is trusted
  • 38. Notation Sender S Recipient R Message M Notification N Crypto operations: H : hash(…) Sg : sign(key,…) E : encrypt(key,…)
  • 39. Overhead duplication of effort with respect to email delivery #3: preserve privacy of email content attacker shouldn’t be able to learn email content
  • 40. Silent Email Loss Silent email loss is a non-negligible problem silent loss = no notification to sender or recipient imposes significant cost, degrades user experience Several causes spam filtering MS IT: 90% of emails discarded off the bat failures and upgrades Measurement studies 0.5-1.0% silent loss ([Lang ’04], [Afergan ’05]) ongoing measurement study at MSR quantify email delays & loss across ~25 domains
  • 41. SureMail Overview SureMail adds separate notification system orthogonal to email delivery infrastructure email is still subject to checking by spam filters, virus scanners doesn’t create backdoor for malware bounds worst case performance Asynchronous operation senders post notifications = hash(message) recipients check for them preserves the privacy of email (unlike read receipts)
  • 42. SureMail Design Reply-based shared secret A sends an email M to B (A  B) B replies to A’s email (B  A) A uses hash(M) to “prove” to B that it is legitimate shared secret is continually refreshed Reply-based shared secret helps: avoid burdening users with notification spam maintain privacy of notifications