On the security of a certified E-mail scheme

As a value-added service for standard e-mail systems, a certified e-mail scheme allows a sender to deliver a message to a receiver in a fair way in the sense that either the sender obtains a receipt from the receiver and the receiver accesses the content of the e-mail simultaneously, or neither party gets the expected item. In 2000, Ferrer-Gomila et al. [11] proposed a novel certified e-mail protocol. Their scheme is both efficient and optimistic, since it has only three steps and a trusted third party is not involved in normal cases. Later, Monteiro and Dahab [16] identified an attack on Ferrer-Gomila et al.'s scheme, and further presented a modified scheme. In this paper, we show that their improvement is still insecure by successfully identifying several weaknesses and security flaws. Our attacks also apply to Ferrer-Gomila et al.'s original scheme.