BUES:A Blockchain-Based Upgraded Email System

Dawei Xu,Fudong Wu,Liehuang Zhu,Ruiguang Li,Jiaqi Gao,Yijie She

1 School of Cyberspace Science and Technology,Beijing Institute of Technology,Beijing 100081,China

2 College of Cybersecurity,Changchun University,Changchun 130022,China

3 National Internet Emergency Center,Beijing 100081,China

*The corresponding author,email:liehuangz@bit.edu.cn

Abstract:This paper focuses on the improvement of traditional email system architecture with the help of blockchain technology in the existing network environment.The improved system architecture can better improve the security and stability of the system.The email content is extracted and stored in the blockchain network to achieve regulatory traceability between the email service provider and the higherlevel organization.In turn,A Blockchain-based Upgraded Email System(BUES)is proposed.The defects of the existing traditional email system are addressed.Firstly,the threat model of the traditional email system is analyzed,and solutions are proposed for various threats.Then a system architecture consisting of the blockchain network,email servers,and users are constructed.The implementation of BUES is carried out,and the related experimental process and algorithm steps are given.After the experimental analysis,it is shown that BUES can ensure the security,reliability,efficiency,and traceability of email transmission.

Keywords:blockchain;email service;chaincode;hyperledger fabric

I.INTRODUCTION

Nowadays,with the rapid development of the Internet,email has long become an irreplaceable way of communication on the network.From the early stages of SMTP and POP3 to the current stage of PGP is constantly updated.The importance of email speaks for itself.Most of the current network accounts are directly associated through the email system.A lot of sensitive identity information is bound to each other with personal emails,and even the verification codes are obtained through emails.But the security of email has not been well guaranteed,and it is still a remarkable target for hacker attacks.For individuals and enterprises,the mailbox is the weakest link in the network security link.All kinds of spam emails flood personal mailboxes and directly affect users’experience.

Although email communication has improved the user experience,there are still problems.For example,email lacks an authentication mechanism.Emails can often receive emails from forged senders.This has led to phishing,a form of hacking that has caused significant damage to users.According to a website survey report,one out of every 99 emails is a phishing email.Moreover,94%of the malware that web users are exposed to originates from the inbox[1].In recent years,due to the epidemic,most of the corporate offices have shifted online.The frequency of email use has also risen dramatically,and the frequency of employees clicking on malicious URLs in emails has tripled[2].Exacerbating the security threats faced by enterprises.In addition,the rapid development of decentralized structures and open-source applications has raised a high priority on privacy information.However,traditional email servers are controlled by major vendors,which is one of the main reasons for the leakage of personal privacy.Most of the account password databases were previously leaked out by email systems.Due to the different strategies of email service providers,there is a problem of email retention timeliness and traceability.It is also a challenge for enterprises to ensure“7×24”service on servers and to prevent data loss[3].In recent years,the term of network security has become very popular,and the security and reliability of email systems should be governed.How to solve the problems of phishing and spam emails has been a hot topic of discussion among researchers and technicians[4,5].

Since Satoshi Nakamoto’s Bitcoin white paper[6]was published in 2008,the core technology behind Bitcoin,blockchain,has also received a lot of attention.Traditional blockchain technology has been widely used in the digital currency space.Nowadays,the second generation blockchain,Ether[7],is a Turing-complete system,and the smart contract technology supported by it has made blockchain technology more than simply a digital currency.The consortium blockchain is a permission-based blockchain that is distinct from a public blockchain.It is a blockchain that runs among a set of known and identified participants.Fabric is one of the Hyperledger projects under the auspices of the Linux Foundation[8].Fabric is used in over 400 prototypes and uses cases across different industries.These use cases include,but are not limited to,areas such as dispute resolution,trade logistics,foreign exchange settlement,food safety,contract management,diamond sourcing,reward point management,low liquidity securities trading and settlement,identity management,and settlement via digital currencies[9–12].

The main contributions of this research are as follows:(1)Improved the traditional email architecture by using Hyperledger Fabric as the upper layer supervision.A decentralized authorized email system structure is realized.The problem of email trustworthiness and traceability is solved.(2)The BUES CA model in which Fabric CA is combined with the email system and BUES Channel model in which multiple email service providers participate are proposed in the new architecture.(3)An email server authentication mechanism is proposed.It effectively reduces the impact of malicious servers on the whole system.(4)Implemented new functions on the email server:email digest extraction and blockchain communication interface,and tested their performance.Email messages are collected without affecting the normal operation of the email server.(5)Throughput testing of the blockchain network of BUES,which proves the feasibility and superiority of the overall solution.

The rest of the paper is structured as follows:Section II presents the technical background.Section III describes the related work.Section IV explains the BUES architecture model in detail.Section V is devoted to experiments and analysis.Section VI summarizes the whole paper.

II.BACKGROUND

2.1 Email Transmission Model

Today’s email systems consist mainly of servers and clients that rely on email protocols to communicate with each other.Email protocols belong to the application layer protocols of the TCP/IP protocol cluster(e.g.SMTP,ESMTP,POP,IMAP)and use voluntary industry standards.Different servers and clients may use different protocols to communicate with each other.The drawbacks of this traditional client/server architecture are prominent,as the data are stored on a central server.Once hacked,it is difficult for the central server to have a way to ensure the integrity and transparency of email data.There are also certain shortcomings in the trustworthiness and traceability services of emails.

The next step is to help the reader understand the workflow of the email transfer protocol by describing the process of one email transfer.First,a few concepts are introduced.

MUA(Mail User Agent):Usually the user uses a computer that cannot send emails directly and needs to help the user deliver emails through MUA,which is similar to an interface that provides convenient email functions for local users.It is usually an application,such as Outlook Express for Windows.

MTA(Mail Transfer Agent):It is responsible for helping users to send mail and is the main email server.

MDA(Mail Delivery Agent):Delivers emails to the user’s inbox,usually with other advanced features such as filtering.

Figure 1.Email transmission model.

As shown in Figure 1,Step1:The sender wants to send an email,first of all,he needs to use MUA to send it.Here MTA is the email service provider used by the user.For example,if the sender is using Google email,MTA is also the email server of Google Inc.If it is the MTA’s email,the MTA will send the email to the MDA for processing.Step3:If Step2 is not satisfied,the MTA will send the email to the next MTA according to the recipient’s address.Step4:Here the MTA will hand over the email to the MDA until the recipient initiates a request to the MTA through the MUA to check if there is an email.The MTA will check through the MDA and if there is an email,it will be sent to the user’s MUA.The protocols used in the email transmission process are POP3,IMAP,etc.The disadvantages of the traditional email model have been mentioned in Part I.In recent years,a number of solutions have emerged to modify the traditional model,and due to the constraints of this C/S architecture,most of the modifications are to provide an endto-end encryption service as a way to improve the security during transmission,such as PGP,PKI/CA,etc.[13].Although email service providers now offer a variety of programs or solutions to address the encryption problem,there is still no industry standard.Moreover,there are many security vulnerabilities in such schemes.The server-side security is not controllable and cannot provide a stable 24h service.In addition,data can be easily and permanently lost.The search for a new solution has been a hot research topic in recent years,and the emergence of blockchain has brought an opportunity to update the technology.Applying blockchain technology to the email transmission system is also a new attempt in the field of blockchain technology application.

2.2 Blockchain

Blockchain technology allows the construction of an immutable,distributed,secure,and publicly accessible repository(ledger)of data.It relies on a distributed consensus protocol to manage this repository in a distributed manner[14](e.g.,to decide which valid new data to add).Blockchain technology was first introduced to support cryptocurrency systems[15],when attention was still focused on the concept of”tokens”and the creation of various electronic cash systems became the norm.Later on,the birth of Ethernet introduced smart contracts on top of the original blockchain.It is an open-source,decentralized computing infrastructure with Turing-complete features,so it is often referred to as the”world computer”.Developers can use Ether to develop and build decentralized applications based on blockchain technology[16],which are also known as DAPPs[17].The emergence of Ether has also driven the whole blockchain toward industrialization and has gained significant achievements in the fields of the Internet of Things,finance,and public services[18,19].

Blockchain can be divided into public,consortium,and private blockchains according to the access mechanism.Among them,the public blockchain is the most decentralized,and anyone can join or exit the network anytime and anywhere without the control of institutions.Moreover,all information is open and transparent,and every transaction can be checked according to the blockchain.Private blockchain is the opposite of public blockchain,where the authority is often in the hands of an organization or an individual,and are often used in more scenarios within enterprises,so they are not introduced here.Consortium blockchain[20]have a degree of openness in between,and can be agreed upon by multiple institutions to maintain a coalition consensus protocol,with information only open to some members;the most famous one is the Hyperledger project initiated by IBM[21].

III.RELATED WORKS

This section discusses the existing works on the Email system transmission model and why it is necessary to redefine this classical problem for blockchains with new solutions.

Currently,the area of email security is a hot issue for research.A new encryption protocol is proposed in paper[22]that enables end-to-end encryption of emails.However,it incurs an additional 5 times of overhead for the email service provider.The paper[23]compares some common email encryption tools and presents their problems.The paper[24]proposes a new way of attacking end-to-end encrypted emails.And the results are verified by email providers after transmission.The widespread use of various cryptographic algorithms[25]has also led to an improvement in the security of email systems.However,it does not address the vulnerability and centralization of the email system itself.Encryption alone also makes it difficult to improve the trustworthiness,scalability,and traceability of the system.

Previous papers have also researched combining blockchain technology with email technology[26,27].They used blockchain to implement a new email delivery model.This solution subverts the existing traditional email system and is difficult to go for in reality.IPV6 is not popular now,mainly because the architecture of IPV4 has penetrated the whole internet.In the paper[28],the authors use smart contracts to replace existing email protocols and run on Ethereum.However,these studies suffer from the following drawbacks.

(1)Too much public:All information on the public blockchain is open and transparent.Any user or attacker can join or exit at any time,which can easily cause privacy leakage of users.It raises the risk of being attacked.

(2)Low data storage:There is a limit to the size of each block in the blockchain,and there would be a serious shortage of storage space if all email content was placed on the blockchain.

(3)Spending too much:after deploying a smart contract in Ether,the execution process generates a gas cost based on the resources consumed.the price of gas is closely related to the price of Ether,and sending emails as the price of Ether continues to rise generates significant overhead[29].

(4)Lower throughput:related to the size of the block.If each email has to initiates a transaction,it may cause network traffic congestion.

(5)Realistic scenario constraints:Today’s email systems are relatively mature.If disruption requires major changes,it is less feasible.

In this paper,we propose BUES on the existing email system combined with the consortium blockchain Hyperledger Fabric technology to address the problems of the existing email architecture.The premise is to solve all the existing security problems and reduce the resources required as much as possible.There are currently related studies that compare the difference between Ether and Hyperledger Fabric[30].Compared to the work of the above researchers,the advantages of BUES in this study,which uses the consortium blockchain as the underlying architecture,are as follows.

(1)The members involved in the consortium blockchain can be authorities or major email service providers.This not only weakens the centralization problem of service providers.It can enhance regulation while decentralizing their power.

(2)Improvements are made to the existing email system by adding a layer of the blockchain model.While ensuring the stable operation of the existing system,it additionally expands new types of functions.

(3)Consortium blockchain do not perform mining algorithms,and there is no token generation,which reduces the cost.

(4)The data of the consortium blockchain will not be public by default,unlike the public blockchain,only the alliance organization or members have the authority.It improves the security and confidentiality of the system.

(5)The higher performance of the consortium blockchain has a better chance of carrying the volume of requests for email services.

(6)Multiple authentication mechanisms to improve the security of the system.

IV.BUES ARCHITECTURE

This chapter will focus on the overall design model of BUES and some of its features.Section 4.1 provides an overview of the various parts of BUES and its operation process through the perspective of email.Section 4.2 introduces BUES starting from the overall architecture and describes the functions of its components in detail.Section 4.3 designs the email server authentication scheme for BUES.

4.1 BUES Email Transmission Process

In this paper,blockchain technology is introduced in the traditional email service system,and the whole transmission process is shown in Figure 2.The figure includes the following five roles,namely.

(1)Sender:The person who sends emails needs to register an account with the service provider and obtain a virtual identity(mailbox)and CA certificate.When there is a need to send emails,the main content of emails can be sent through the client software provided by the service provider.Or the email transmission can be done directly through the HTTPS service provided by the Web browser.

(2)Receiver:Email recipient,same as sender.Need to obtain an identity for receiving email content.

(3)Email Server:An email server deployed by an email service provider to provide services to both senders and receivers.It manages and maintains the incoming email messages and connects to the blockchain network.

(4)Blockchain Network:A decentralized network in which nodes provided by service providers are deployed.Nodes are the basic components of the network.Due to the different functions,they hold different jobs.Nodes maintain ledgers and smart contracts on them.And the data is exchanged with the outside of the network or between the nodes through smart contracts.Only connection communication is done with email servers.

(5)Supervisor:The supervisor acts as a service provider or a higher authority.It can supervise the blockchain network and provide a guarantee for the stability of the network.It can also avoid attacks from malicious nodes or users.It is possible to conditionally trace the emails when there is a need.The trustworthiness of the email system is ensured.

The above provides a general introduction to the roles in the overall system,and here the system execution process will be analyzed specifically from the email transmission flow,as seen in Figure 2,with the following steps.

Figure 2.Email transfer flow.

Step 1:The sender registers through the email server.It is necessary to submit relevant personal information,including user name,identity information,etc.After obtaining an account,you can send emails through the services provided by email service providers.

Step 2:When the email server receives the registration message or email from the sender,it will perform email digest extraction.After that,it will be submitted through the interface provided by the blockchain node.The blockchain node will perform the bookkeeping operation on the data submitted by the email server.

Step 3:After the email server submits the email digest message to the blockchain node.The email will be forwarded according to the destination address of the email.It may pass through one or more email servers in the middle of the process.

Step 4:After the above process,the emails will be delivered to the recipient’s mailbox.Here,the traditional email transfer protocol is used,and the recipient can get the email on the email server through the email transfer protocol.

Step 5:After receiving the email,the user can verify the authenticity of the email.After sending the”verify”action to the email server,the email server will send a request to the blockchain system to get the verification result.

Step 6:The regulator can conditionally call part of the book data in the node through the interface provided by the smart contract.Thus,the regulation of the email system is achieved.At the same time,the email service provider also ensures the privacy of the business data.This ledger data will not be made public as in the case of public blockchains.Blockchain network nodes are not in direct contact with the user layer and are hidden in the network avoiding a large number of cyberattacks.

4.2 BUES Framework

As shown in Figure 3,the BUES proposed in this paper can be divided into multiple layers.First,the client layer consists of registered users and unregistered users.Users can access the server layer through a browser or a client program.Secondly,the server layer consists of a set of email servers that provide services normally.The email servers mainly provide email transmission services for the user layer.The servers that join BUES can expand their functions to provide authentication services for users while providing email transmission services.And use the email digest extraction function to generate email digests.Communicate with the interface provided by the blockchain network for submitting email digests with the authentication service.Newly registered users can register their accounts and obtain the corresponding CA certificates and keys through the authentication service provided by the email server.The authentication services of the email server are mainly provided by the CA authorities of the corresponding email service providers in the blockchain network[31].Finally,the blockchain network layer uses the consortium blockchain Hyperledger Fabric.The blockchain network includes multiple email service providers or regulators.They are free to form federations and interact with the ledger data via Channel.Each organization is required to maintain one or more Peer nodes.In a Hyperledger Fabric network,nodes maintain ledgers and Chaincode(smart contract).The nodes provide interfaces through the Chaincode to open up server-level access to the blockchain network.The entire BUES architecture split is described in detail below in conjunction with the corresponding service sections.

4.2.1 BUES CA Authentication System

In BUES,a multi-level CA authentication system is used to ensure the reliability of the client-server identity and to enable encrypted transmission of messages.To make the identity verifiable,it is necessary to go through a trusted authority CA.As shown in Figure 4,an email server needs to register with the Fabric CA of its organization to become a valid member of the system,as this ensures that the server is reliable.The application certificate information includes the organization where it is located,the server’s information,and related attributes.Once the verification is successful,the CA of the organization where the server is located(that is,the ROOT CA in the CA chain)will sign the server certificate.At the same time,a message is returned from the Fabric CA to the Server,including a signed certificate and a public-private key pair.The key is used to encrypt the message content and the digital signature.In addition,the Fabric CA records all registered server names.This design avoids multiple duplicate applications and provides a basis for certificate revocation.

Figure 3.BUES architecture.

Figure 4.BUES CA authentication diagram.

Once the email server is registered as a valid member of Fabric CA,it can provide registration-related services to clients.When a user sends a registration message,the server will query the local database to determine whether it has been registered.If it is not registered,the client’s certificate will be signed according to the above operation,and then the server will act as Fabric CA in relation to the client.After signing the client’s certificate,the server will write the relevant information of the user into the database.At this point,the client obtains the certificate and considers the counterpart providing services for itself to be trustworthy.This constitutes a certificate”chain of trust”,and Fabric CA acts as ROOT CA in the whole chain to guarantee the identity of the server in the organization,and Server CA acts as Intermediate CA to guarantee the identity of the client.This structure not only enables CAs to ensure security but also expands their functions,limiting the exposure of ROOT CAs without affecting the trust system.If the ROOT CA is compromised,the entire trust chain will be compromised.And it is the Intermediate CA that is compromised,and the ROOT CA can also take relevant measures to revoke the Intermediate CA certificate.

The traditional encryption and authentication problems are solved when the Client obtains the certificate and key.The sender needs to use the private key for signing and the public key for encryption when sending emails.When the receiver receives the email,it needs to use the sender’s public key to verify the identity.The uniqueness of the private key leads to an identity that cannot be forged and improves the trustworthiness of the email system.The authenticity of the information is also ensured when the information is stored in the blockchain.It is more valuable in the future for traceability,verification,and data analysis.

4.2.2 BUES Interaction Flow

In the Fabric network,each organization has independent nodes with CA authorities,maintains the same ledger,and communicates with other organizations through demand.The CA authority of each organization manages the identity information of organization members,issues CA certificates,and other functions.Nodes,as the main components of the blockchain network,can be classified into two categories based on their functions as follows.

Peer nodes:usually store key data in the network and execute specific programs.The stored data includes ledger and Chaincode(smart contract),and the executed procedures include endorsement as well as Chaincode.A Peer node can store multiple books and Chaincodes,and can also execute different endorsement strategies.

Order node:Sort node management is responsible for channel creation,channel configuration update,and other operations.Processes transaction message requests submitted by clients.Order the transactions and pack them into new blocks according to the rules.Submits the ledger and maintains the channel ledger data.Provide Broadcast transaction broadcast service,Order consensus sorting service,Deliver block distribution service,etc.For nodes across the network.Usually,Hyperledger Fabric starts up with the Order sorting node first.After creating the system channel to provide normal services,then start the Peer node to enter a normal working state.

The Chaincode is the core that enables the communication between the email server and the blockchain nodes.It is a lightweight piece of executable code that can be deployed in advance in the nodes for transaction processing.

The BUES proposed in this paper,the flow of interaction between the server and the blockchain network is shown in Figure 5.

First,when the server receives an incoming email from the client,it verifies the identity of the sender.After the authentication is passed,the email is processed and an email digest is generated.The email digest includes sender,recipient,server information,timestamp,and email type.Once the email digest is generated,it is submitted to the Peer node connected to it via Application.When the Peer node receives the electronic digest,it performs an endorsement policy to endorse the email digest[32].The endorsement policy is used in how the Fabric network decides whether the email digest can be properly endorsed.When a Peer node receives an email digest,it invokes the associated Chaincode for the email digest to verify the validity of the email.The endorsement policy of this system is as follows.

Endorsement policy:

i.The current endorsement node and the node of the organization that the Email Server belongs to must sign.

ii.Nodes of the recipient’s organization do not participate in the policy.

With the above endorsement policy,the endorsement node will package the passed email digest and return it to the Email Server.Email Server will then submit the received response to the Order node.

Figure 5.BUES interaction flow.

The Order provides sorting services for Fabric.It is responsible for ordering the email digests sent by the servers of different email service providers.In the current version,Order is mainly implemented by Raft[33].Raft is a new consensus mechanism that is different from Pow,Pos with high power consumption[34].Raft is a consensus protocol that does not require a mining mechanism to achieve low power consumption.It also has linear complexity and is highly efficient.This system also uses Raft as a consensus algorithm for the sorting operation of email digests.

Order node packages the sorted email digests into blocks and distributes them to Peer nodes in the network through Gossip protocol[35].Gossip protocol is now widely used in P2P technology and blockchain technology.The process in BUES is initiated by Order nodes.When an Order node has an email digest that needs to be updated into the network,it randomly selects surrounding neighboring nodes to broadcast the message.The nodes that receive the message also repeat the process until eventually,all the nodes in the network receive the message.The process is shown in Figure 5.This process may take some time.Since there is no guarantee that all nodes will receive the message at some point,but theoretically all nodes will eventually receive the message,it is a final consistency protocol.Peer nodes,upon receiving the packaged block,verify the block and write it to the ledger,and update the world state.At this point,the email digest is permanently stored in the blockchain network,and it is easy to query,analyze,and supervise these email transmission processes.

4.2.3 BUES Channel

The introduction of Channel in BUES is mainly based on two reasons:(i)Due to the different organizational structures nowadays have different business scenario constraints[36].Such as several intra-enterprise email communications,email communications between schools,email communications between higher management and lower-level departments,etc.This scenario does not want to have a third party involved in the situation.(ii)A Channel is a private communication”subnet”established between two or more email service providers.Each transaction on the network is executed on the established Channel and is not visible to the other organizations.Third parties are also unaware that other organizations have joined certain Channels,thus ensuring that the entire ledger is private.It also ensures the privacy of several organizations sending emails to each other to avoid damage caused by competitors getting access to critical information.

BUES Channel(BC)can be created at any time in the network and each BC contains Email Service Provider(ESP),Peer Node of ESP,Shared Ledger,Order Node & Contract Program.The email digest of each of these ESPs is propagated in the designated BC,and the propagated transactions must be authenticated with the authorization of each part.Among them,ESP and Peer nodes can belong to multiple BCs at the same time.BCs can separate different ledgers through consensus codes,ESP identifiers,and Gossip propagation protocols.The BC mechanism also represents the potential for future development of BUES.

4.3 Email Server Authentication Scheme

Email server access to the blockchain network is equivalent to an untrustworthy unit,so a consensus mechanism needs to be designed to unify the authentication of email servers in the blockchain network.This solution can effectively prevent the damage of malicious email servers and reduce the risk of email servers being attacked.And the digital certificate can also be withdrawn by stopping the service to that server after being attacked.The scheme mainly includes email server(ES),service provider(SP),and consensus node(CN).SP is mainly responsible for initialization of system parameters and registration of ES.ES submits its information to SP,SP verifies its authenticity,and completes registration.CN uses blockchain technology to authenticate the identity information of the server.Finally,CN broadcasts the result to complete the verification of ES by the blockchain network.

The main elements of the scheme are explained below.The scheme consists of three parts:ES initialization phase,ES registration phase,and ES authentication phase.First,the system needs to be initialized.The basic profile in the network is obtained,and the corresponding algorithm and key are selected.Before generating a message interaction with the ES,it is necessary to ensure that the ES is registered.Both tasks are done by the SP.The CN will decide whether to add the ES to the trusted server of the blockchain-based on the consensus result.As shown in Algorithm 1.

After completing the steps of Algorithm 1,the SP acts as a client of the CN.The CN verifies that consensus can be reached by using the consensus algorithm in the blockchain.If the CN believes that the ES is trustworthy,the ES will be granted a digital signature.Otherwise,they will refuse to provide service for that ES.Since traditional consensus algorithms have problems such as low consensus efficiency and wasted arithmetic power.Therefore,we choose to use the PBFT consensus algorithm[37,38]here to improve the authentication efficiency.

V.EXPERIMENTAL

In this chapter,we will focus on showing the process and results of BUES implementation.Section 5.1 deploys the email server manually and implements the related functions on the email server.The focus was added on the email digest extraction method.The performance of the email digest extraction algorithm is tested and the analysis of the results is completed.Deployment design of nodes,code in Fabric network in section 5.2.Stress testing of the whole blockchain network is performed.In section 5.3,the overall feasibility of BUES is explained in detail and the comparison results are given.Section 5.4 presents the flaws and shortcomings of BUES.

5.1 Email Digest Extraction

To simulate a traditional email server,we developed a set of simple models using JAVA.First,the email server code is deployed in the cloud.The local machine uses an email generator to send emails to the server built in the cloud.Thus,the real network environment is simulated as much as possible,which is affected by network latency,transmission delay,etc.It makes the experimental data more reliable.

In the model of BUES,the email server extracts a digest of the email when it receives an email from a user.Algorithm 2 shows the process of implementing this algorithm.It divides the set E of emails,by whether it has the identifierFiinto setEdand setEf.So that it performs different operations onEdandEfrespectively.

For Algorithm 2 we are implementing it by using an additional interface on the email server.The functionality can be turned off or on at any time.When the function is turned on,only additional operations such as judgment and key information extraction are needed.Algorithm 2 works in synchronous mode.While the email server is processing the data in setEf,it can also perform normal forwarding operations on the data in setEf.The email digestDerecords the sender,receiver,timestamp,email server,and email type information.Sender and receiver are the basic attributes of an email,which are indispensable for the BUES system.A mapping relationship can be constructed using these two fields to provide a basis for traceability work.Meanwhile,the email address of the malicious email user can be obtained through further analysis possibly.The signature of the email server can clarify the generation of eachDereflecting those email servers doing more work in the whole system.Email type information is used as a reserved field.

Figure 6.Email forwarding experimental.

In the 200 rounds of email forwarding experiments,we will use a control variable approach.Group experiments will be conducted using the same emails,the same email server with or without the email digest extraction feature enabled.The horizontal axis of the graph indicates the number of incoming and processing forwarded emails,and the vertical axis indicates the time spent.To improve accuracy,the data for each of these experiments is plotted by taking the mean value from 10 experiments.

From Figure 6,we can see that the performance of BUES Email Server and Email Server is similar when the number of emails is low.The latency of the BUES Email Server increases slowly at a higher number of emails.As the email forwarding latency generated by this experiment has three components:propagation latency,transmission latency,and processing latency.We process the data in the experiment by using Equation(1):

The processing delay was extracted separately.Then the two sets of data are weighted and averaged.The processing latency in the two data sets is compared separately for the same number of routinely forwarded emails and the email forwarding latency values.As shown in Table 1.

Under conventional conditions,the additional delay of the BUES system occupies about 1% compared tothe delay of the whole network.This is shown in Figure 7.Although it may cost higher latency during peak times when the number of emails is higher.But the functionality and security provided by BUES are more meaningful.The small amount of resource consumption is also justified.The improvement in machine performance also reduces the processing time of the email digest extraction algorithm.

Table 1.Latency data of different systems.

Figure 7.Channel created.

5.2 Fabric Network Testing

BUES using Fabric version 1.4,is running on an Ubuntu 20.04 system.The network environment is deployed in container Docker version 20.10.2.Here we will build a Fabric network with four Order nodes and three email service providers,where each email service provider has two Peer nodes.After defining the organizational structure of the network,we design the execution process of the nodes in the network.Algorithm 3 gives the process of processing Email digest by Fabric.It involves an endorsement phase and a submission phase.Before the commit phase,some email digests are packaged by Order nodes to form new blocks.Each block is broadcast to the corresponding node.Finally,the generated blocks are stored in a nonmodifiable ledger with the received blocks and hence are non-repudiation.

Figure 8.BUES blockchain throughput.

With the environment built and the code written above.The email server extracts and sends the content of the email digest by calling the algorithm,and finally stores it in the shared ledger of the blockchain.By querying the shared ledger,operations such as trustworthiness verification and traceability of emails can be realized.After completing the design of the blockchain system,we conducted a stress test on its performance.The number of responses of the blockchain system was tested using different numbers of requests in the same time.The results are shown in Figure 8.

As can be seen from Figure 8,the throughput of the blockchain network system reaches a maximum value of about 180/s when the number of requests is about 280/s.The efficiency of the system is affected when the number of requests is too large exceeding the threshold value of the system.So that the throughput decreases.The results show that the network initially built using Fabric already has a certain performance to serve the email server to serve.Compared to the throughput of Bitcoin and Ethereum systems(Bitcoin 6tx/s,Ethereum limited by gas),BUES has a greater advantage.

5.3 System Analysis

In today’s email system architecture,different email service providers are responsible for the security and reliability of their email servers and email users.In case of an attack,a large amount of private user data can be leaked and email data can be corrupted or lost.In this regard,blockchain can hide the core data of major vendors in the blockchain network behind the email servers.The consortium blockchain has a welldefined access mechanism by the participants,so it is less likely to be subject to cyber-attacks.The CA mechanism in Fabric also provides a trust model between users,servers,and blockchain nodes.It circumvents the attack method of identity forgery.For email tampering,since the email server will query and verify the altered emails before the recipient receives them,emails that do not pass the verification will be processed by the email server.This approach greatly improves the trustworthiness of emails.In contrast,in today’s email systems,it is often difficult for users to distinguish the true trustworthiness of emails.The email server authentication scheme proposed in this system also circumvents the damage caused by malicious servers.The harm of phishing emails is avoided from both the server-side and the client-side.

The system proposed in this paper is designed with minimal impact on the current email system.The blockchain network is combined with real email service scenarios through Chaincode.It improves the extensibility of the traditional email system and can add some advanced functions or perform data analysis in the blockchain network.The BUES Channel feature also enables private email communication between multiple organizations.It is also possible to expand the business and improve the functions in the blockchain network.Compared with the public blockchain,its scalability decreases as the number of nodes increases.In contrast,the consortium blockchain in BUES contains only the members of the federations.Network participants can be decided by the members of the coalition.

Compared with public blockchains,consortium blockchains are characterized by low cost and high efficiency[39].In terms of efficiency,consortium blockchains can provide low latency and high throughput[40,41].There are now some studies on the performance of consortium blockchains based on the performance of Fabric networks up to 20,000 transactions per second[42].In terms of consensus,an email server authentication scheme is used in this paper.It is higher than the public blockchain in terms of scalability and efficiency.But it is inferior to the public blockchain in terms of fault tolerance.However,the entities in the consortium blockchain are all internal members of the federations and have a high degree of trustworthiness.Public blockchains have nodes that access the network and exit unconditionally anytime and anywhere.In this respect,the consortium blockchain makes up for the deficiency in fault tolerance.As shown in Table 2,the proposed BUES is compared with the traditional email service system and public blockchain in all aspects.

5.4 Limitations and Prospects

In BUES,there are some shortcomings as follows.

(1)The fields in the email digest need to be improved.For example,the email type,a field in the email digest,may be given more meaning at a later stage.By identifying the specific feature values of emails,deep learning is applied to classify them.This paper is about classifying spam emails by deep learning[43].Later,more advanced Ordering algorithms can be applied to email digests in this field.

(2)The reward and punishment mechanism in the system is yet to be designed[44,45].When the blockchain identifies a malicious email or even a malicious user,the relevant treatment should be dealt with.There should be a synchronized notification mechanism based on the existing email system so that the email server can avoid serving malicious users or imposing penalties.Warnings for users who send malicious emails.

(3)Not considering more business expansion.For many email service providers,the email system may be only one of the businesses.As the business expands new business scenarios may also emerge.In this case,further improvements are needed according to differ-ent practical situations.

Table 2.System comparison analysis.

VI.CONCLUSION

In this paper,blockchain technology is introduced on top of the traditional email service system.A blockchain-based upgraded email system(BUES)is proposed.The design of BUES not only considers the security of each entity in the system but also considers the realistic business scenarios of email services.The blockchain operation is performed for the transmission of emails while the system is guaranteed to be reliable.A new model of traceable emails is demonstrated for regulators and email service providers.At the same time,the authorized access feature of the consortium blockchain is utilized:on the one hand,the privacy of user data is protected.On the other hand,the degree of email service centering is reduced due to multiple trusted organizations or email service providers inside the network.A consensus mechanism for email server identity authentication is also implemented on this basis based on this application scenario.In future work,we will study more data storage on the blockchain and analyze the data.Improve the identification of emails and further improve the efficiency of the system.Based on this,further attempts will be made to study the use of blockchain for covert email communication between multiple organizations.To provide a more secure and efficient service for enterprise email communication systems.

ACKNOWLEDGEMENT

This research was supported by the China Mobile Research Foundation of the Ministry of Education(No.MCM20180401).State Administration of Science,Technology and Industry for National Defence,PRC(NO.JCKY2020602B008).