Identifying and Addressing Rogue Servers in Countering Internet Email Misuse

摘要

Digital forensics is important in solving Internet security problems. However, in terms of improving security, its usefulness may have been hampered by the limitation of law enforcement and by a distrust, anti-establishment sentiment in the Internet. For digital forensics to work with (not against) security measures, a check and balance mechanism is needed. We have proposed a trust management framework that incorporates accountability to be such a mechanism. It is for servers in the Internet to set their security goals beyond protecting themselves, and to augment their services with accountability. Users or peer servers who trust and use a service shall be protected, and governed, not by their or even the server's own security measures, but by the collectively established accountability. To address email misuse this way, we have considered facilitating digital forensics in two requirements of accountability, namely, identification and attestation. We also considered how the authorization and retribution requirements of accountability can work with digital forensics to deter and provide a recourse to fix wrongdoing, to achieve the goal of accountability, hence security. In this paper, we analyze an email trace to show that unilateral identifying and addressing in countering email misuse such as spam are coarse and the effectiveness is greatly limited by the human-shield effects, i.e., we have to accept more spam in order to avoid collateral damages. However, by making trust and accountability explicit, some of those mixed senders (servers sent both ham and spam) can be rehabilitated to change behavior. With a proper trust and interaction mechanism aiming to achieve the readiness for e-discovery, we believe legitimate mail servers will distinguish themselves in upholding accountability. We can then bilaterally and multilaterally further identify and address those rogue servers.