More and more users are suffering from email-based phishing attacks over the past years. Despite the use of various technologies for anti-phishing, phishing is still one of most serious attacks against Internet users. Email phishing attacks fabricate the email’s origin. Unfortunately, current email server systems can not authenticate the genuineness of in-coming emails. In this paper, we present a novel antiphishing mechanism: Signed Email for Anti-Phishing (SEFAP), designed to automatically identify an email’s origin to mitigate email phishing attacks. The SEFAP system is an extendable secure cryptographic system that accommodates multiple signature schemes. SEFAP can adopt any signature scheme which has two properties: Identity-based and repudiability. Identity-based property removes the unrealistic full PKI infrastructure deployment requirement and the repudiability property protects sender’s privacy. We describe how to integrate the SEFAP system into a standard SMTP server. We also proposed an efficient implementation based on a novel ID-based ring signature scheme.
Available at: http://works.bepress.com/ymu/1/