The existence of spam email has gone from a fairly small amounts of a few hundred in the late 1970’s to several billions per day in 2010. This continually growing problem is of great concern to both businesses and users alike.
One attempt to combat this problem comes with a spam filtering tool called TRAP. The primary design goal of TRAP is to enable tracking of the reputation of mail senders in a decentralized and distributed fashion.
In order for the tool to be useful, it is important that it does not have any security issues that will let a spammer bypass the protocol or gain a reputation that it should not have.As a piece of this puzzle, this thesis makes an analysis of TRAP’s protocol and design in order to find threats and vulnerabilies capable of bypassing the protocol safeguards.
Based on these threats we also evaluate possible mitigations both by analysis and simulation. We have found that although the protocol was not designed with regards to certain attacks on the system itself most of the attacks can be fairly easily stopped.
The analysis shows that by adding cryptographic defenses to the protocol a lot of the threats would be mitigated. In those cases where cryptography would not suffice it is generally down to sane design choices in the implementation as well as not always trusting that a node is being truthful and following protocol.
Source: Linköping University
Author: Jägenstedt, Gabriel