Digital authentication for official bulk email
Slack, Andrew A.
Garfinkel, Simson L.
MetadataShow full item record
Official bulk email is an efficient tool for disseminating information to a wide audience. Its inherent efficiency, captive audience, and trust provide a dangerous attack vector for adversaries utilizing fraudulent email. Digital authentication can provide a layer of defense to official bulk email that, combined with other defensive countermeasures, will greatly reduce its vulnerabilities. The Department of Defense mandates that official emails, which contain hyperlinks, attachments, or instructions to recipients, must contain a digital signature, authenticating the source of the email, and ensuring the integrity of its contents. This policy, though used at some military installations, is not being applied to official bulk email at others due to administrative roadblocks in obtaining role-based certificates, and implementing an authentication policy with legacy email systems. This thesis identified administrative roadblocks in deploying digital authentication solutions within the Department of Defense, explored different technology options of a digital authentication solution for official bulk email, created a proof of concept solution using a Python proxy server and S/MIME, and looked at the most popular mail user agents to see how they interpret S/MIME digital signatures. Applying digital authentication to official bulk email will close a potentially critical vulnerability in the defense of DoD networks.
Approved for public release, distribution unlimited
Showing items related by title, author, creator and subject.
Katsis, Grigorios (Monterey, California. Naval Postgraduate School, 2007-06);A wide area network consisting of ballistic missile defense satellites and terrestrial nodes can be viewed as a hybrid, large-scale mobile wireless sensor network. Building on research in the areas of the wireless sensor ...
Coley, John A. (Monterey, California. Naval Postgraduate School, 1991-09);Access control of computing systems is considered a key issue among Information Systems managers. There are different methods available to computing systems to ensure a proper authentication of a user. Authentication mechanisms ...
Testing and evaluation of DynaSig Biometric pen in support of tactical military and law enforcement missions Odgers, Kenton M. (Monterey, California. Naval Postgraduate School, 2007-03);Existing access control methods depend on mechanicsms that can either be copied or stolen. From passwrods to identification cards, these forms of authentication are unique only while they remain in possession of the owner. ...