Analysis and improvement of fair certified e-mail delivery protocol B Changshe Ma T , Shiqun Li, Kefei Chen, Shengli Liu School of Computer, South China Normal University, Shipai, Guangzhou, 510631, China Received 27 January 2005; received in revised form 2 March 2005; accepted 6 March 2005 Available online 10 May 2005 Abstract Recently, Nenadic ´ et al. proposed a novel fair exchange protocol RSA-CEMD [A. Nenadic ´, N. Zhang, S. Barton. Fair certified e-mail delivery, Proceedings of the 9th ACM Symposium on Applied Computing (SAC 2004)-Computer Security Track, Nicosia, Cyprus, pp. 391–396, 2004] for certified e-mail delivery with an off-line and transparent trusted third party. The protocol provides non-repudiation of origin and non-repudiation of receipt security service to protect communicating parties from each other’s false denials that the e-mail has been sent and received. In this paper, we show that Nenadic ´’s protocol cannot achieve the claimed fairness. In the exchange protocol, the receiver can cheat the sender successfully by sending an invalid verifiable and recoverable encryption of signature (VRES) which can pass all the sender’s verifications, as the VRES scheme proposed in [A. Nenadic ´, N. Zhang, S. Barton. Fair certified e-mail delivery, Proceedings of the 9th ACM Symposium on Applied Computing (SAC 2004)-Computer Security Track, Nicosia, Cyprus, pp. 391–396, 2004] is inherently unrecoverable in some situations. In other words, there is always that the receiver can get the sender’s e-mail message while the sender cannot obtain receiver’s receipt. Furthermore, we propose a revised version of certified e-mail delivery protocol that preserves strong fairness while remaining optimistic. D 2005 Elsevier B.V. All rights reserved. Keywords: Certified e-mail; Fair exchange; Security; Verifiable and recoverable encryption; Digital signature 1. Introduction One of the most known and used applications of Internet is the e-mail [21]. This service allows users to exchange information in a quick and cheap way. Unfortunately the basic email protocol does not provide any security service. It is of significant importance to develop a reliable e-mail system that 0920-5489/$ - see front matter D 2005 Elsevier B.V. All rights reserved. doi:10.1016/j.csi.2005.03.002 B This work was partially supported under NFSC 60273049 and 60303026. T Corresponding author. E-mail addresses: mcs@cs.sjtu.edu.cn (C. Ma), sqli@cs.sjtu.edu.cn (S. Li), kf-chen@cs.sjtu.edu.cn (K. Chen), liu-sl@cs.sjtu.edu.cn (S. Liu). Computer Standards & Interfaces 28 (2006) 467 – 474 www.elsevier.com/locate/csi