Perfect-Mail: A Secure E-mail Protocol with Perfect Forward Secrecy

With the rapid development of Internet, e-mail has become an essential communication tool. But, the security of e-mail communications is an important issue. Recently, Chen et al. [6] proposed a new protocol of wide use for e-mail. Chen et al. claimed that the proposed protocol is skillfully designed to achieve perfect forward secrecy and end to end security as well as to satisfy the requirements of confidentiality, origin, integrity and easy key management. But, in this paper, we show that Chen et al.’s protocol suffers from the e-mail server impersonation attack, mail content confidentiality attack and replay attack. Moreover, we give an improvement on Chen et al.’s protocol to overcome its security weaknesses, and propose the perfect-mail, a secure e-mail protocol with perfect forward secrecy. It is concluded by analysis that the improved protocol provides the perfect forward secrecy and resists replay attack, impersonation attack, and mail content confidentiality attack. But the communication cost of improved protocol is equal to that of Chen et al.’s protocol, and the computing cost of improved protocol is only added by two signature verification.