IDL - International Digital Library Volume 1, Issue 1

IDL CODE: IDL0010

To Enhanced GMAIL Application using FTP & SMTP

Proxy Server

*Megha B.G *Manasvinatesh *Amrintaj *Gagana H.S

meghabelur95@gmail.com Manasvinatesh600@gmail.com Amrintaj27h@gmail.com gaganahs2016@gmail.com
AIT, VTU University AIT, VTU University AIT, VTU University AIT, VTU University

Under the guidance:

** Dr. Pushpa Ravikumar
HOD AIT,
VTU University.

LITERATURE SURVEY
Abstract : In this project we have plan to implement a effective E-mail access using proxy server. Our application
provides E-mail access to user even though the user is blocked by the main server by eliminating the permission to
access the e-mail. Proxy server plays a vital role in our project. Our solution will remove the overhead of email access
to user and introduce a better way which does not lead to any destruction. Literature survey is mainly carried out in
order to analyze the background of the current project, which helps to find out flaws in the existing system & guides on
which unsolved problems can work out. So, the following topics not only illustrate the background of the project but
also uncover the problems and flaws which motivated to propose solutions and work on this project. A variety of
research has been done on power aware scheduling. Following section explores different references that discuss about
several topics related to power aware scheduling.

A proxy approach to e-mail security, A wide variety of electronic mail software is used to send messages across
the Internet. Two principal protocols Simple Mail Transfer Protocol (SMTP) and Post Office Protocol (POP) are
used to allow mail clients and servers running in extremely heterogeneous environments to communicate with each
other and thus send and receive e-mail. The one disadvantage of this heterogeneity is the amount of effort required to
add functionality to all these different pieces of software (and their frequent upgrades), particularly with complex
services such as security. Such services are only valuable when implemented in the majority of applications. An
alternative approach is to examine the protocols and data flow involved in communication between the mail clients and
servers. By modifying data as it passes between the two, a proxy can provide functionality to any application that uses
those protocols without requiring them to be separately upgraded. We describe the use of this approach to secure
electronic mail between sending and receiving hosts.
Author: Brown and C. R. Snow, A proxy approach to e-mail security,
Software: Practice and Experience, vol. 29, no. 12, pp. 10491060, Oct. 1999.]

Delegate: A Proxy based architecture for secure website access from an entrusted machine, Performing
sensitive online transactions using computers found in cyber cafes and public libraries is risky. The entrusted nature of
these machines creates a target rich environment. A simple keystroke logger, a common payload of many viruses,
records and transmits the secret information (e.g., passwords, credit card numbers, PIN numbers) entered into these
machines. In addition, sophisticated malware can hijack a users authenticated session to perform unauthorized
transactions masquerading as the user. This paper presents Delegate, a proxy-based architecture that enables a user to

International Digital Library 1

IDL - International Digital Library Volume 1, Issue 1
IDL CODE: IDL0010

access web sites without disclosing personal information to entrusted machines. Delegate enforces rules at the proxy to
detect and prevent session hijacking. This architecture leverages users trusted mobile devices, e.g., cell phones, and
requires no modification to web servers or the entrusted machines. Delegate is designed to provide a balance between
security and usability.
Author: R. Jammalamadaka, T. Van Der Horst, S. Mehrotra, K. Seamons, and N. Venka-subramanian,
Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine, 2006, pp. 57
66.

An Architecture for Secure m-Commerce Applications, As mobile communication technology evolves, more and
more features are available to users of mobile devices. The adoption of such features is rapid and the demand for more
capabilities is growing, especially with the development of the Internet of Things. One of the most challenging and
sensitive concepts used in the always connected mobile world is mobile commerce. Security for mobile financial
transactions is of extreme high concern. In this paper we describe the architecture of a secure m-commerce system
based on the concepts defined in the FP7 iCore project. We propose a framework that structures an m-commerce
system in objects with semantic searching capabilities to provide an efficient and secure handling of system resources
and transactions.

Author: Kounelis, G. Baldini, S. Muftic, and J. Loschner, An Architecture for Secure m-Commerce
Applications, in 2013 19th International Conference on Control Systems and Computer Science (CSCS), 2013,
pp. 519525.

A Novel Approach For Intranet Mailing For Providing User Authentication, With the explosion of the public
Internet and e-commerce, private computers, and computer networks, if not adequately secured, are increasingly
vulnerable to damaging attacks. Hackers, viruses, vindictive employees and even human error all represent clear and
present dangers to networks. Various antidotes that are in fact inextricable with security issues areCryptography,
Authentication, Integrity and Non Repudiation, Key Distribution and certification, Access control by implementing
Firewalls etc. The main idea of this paper is to overcome the PGPs(Pretty Good Privacy) main limitation of
incomplete non-repudiation Service, which increases the degree of security and efficiency of an email message
communication through NRR(Non-Repudiation of Receipt) and including PGPs original feature of NRO(Non-
Repudiation of Origin), and there it assures new security service of Mutual Non Repudiation (MNR).
Author: ASN Chakravarthy, A.S.S.D.Toyaza

Effectiveness And Limitations Of E-Mail Security Protocols, Simple Mail Transport Protocol is the most widely
adopted protocol for e-mail delivery. However, it lacks security features for privacy, authentication of sending party,
integrity of e-mail message, non repudiation and consistency of e-mail envelope. To make e-mail communication
secure and private, e-mail servers incorporate one or more security features using add-on security protocols. The add-
on security protocols provide a reasonable security but have several limitations. This paper discusses limitations of e-
mail security protocols, analyzes and evaluates their effectiveness in e-mail servers. It also proposes methods to
improve efficiency of e-mail servers in detecting spoofed e-mails from domains that do not follow any standard anti-
spoofing protocol. Further, it presents results of studies carried out to appraise e-mail user practice; knowledge of
security protocols and their confidence in e-mail system.
Author: M. Tariq Banday

International Digital Library 2

IDL - International Digital Library Volume 1, Issue 1
IDL CODE: IDL0010

CryptoNET: Design and implementation of the Secure Email System, This paper describes the design and
implementation of a secure, high assurance and very reliable Email system. The system handles standard Email security
services - signing and encryption of Email letters and, in addition, provides a number of extended and innovative
security features. These new features are: transparent handling of certificates, strong authentication between Secure
Email client and Secure Email server, archiving and recovery of encrypted address books, simple and secure handling
of cryptographic keys, security sessions management, tracking of Email letters using confirmation message, elimination
of SPAM messages, prevention of fraudulent and infected attachments, and usage of smart cards. The system is
structured in the form of security objects organized in the form of a large-scale security architecture based on proxy
servers. The system uses hierarchical certification infrastructure for management and verification of certificates.
Author:
A. Ghafoor, S. Muftic, and G. Schmlzer, CryptoNET: Design and implementa-tion of the Secure Email
System, in 2009 Proceedings of the 1st International Workshop on Security and Communication Networks
(IWSCN), 2009, pp. 16.

Google mail server

Gmail is a free, advertising-supported email service provided by Google. Users may access Gmail as secure webmail,
as well as via POP3 or IMAP4 protocols. Gmail started as an invitation-only beta release on April 1, 2004 and it
became available to the general public on February 7, 2007, though still in beta status at that time. The service was
upgraded from beta status on July 7, 2009, along with the rest of the Google Apps suite.
With an initial storage capacity offer of 1 GB per user, Gmail significantly increased the webmail standard for free
storage from the 2 to 4 MB its competitors such as Hotmail offered at that time. Individual Gmail messages, including
attachments, may be up to 25 MB. Gmail has a search-oriented interface and a "conversation view" similar to an
Internet forum. Gmail is noted by web developers for its pioneering use of Ajax. Gmail runs on Google GFE/2.0 on
Linux. As of June 2012, it was the most widely used web-based email provider with over 425 million active users
worldwide. According to a 2014 estimate, 60% of mid-sized US companies were using Gmail. In May 2014, Gmail
became the first app on the Google Play Store to hit one billion installations on Android devices.
At one time Gmail used an unencrypted connection to retrieve user data, encrypting only the connection used for the
login page. However, by replacing the URL http://mail.google.com/mail/ with https://mail.google.com/mail/, users
were able to force Gmail to use a secure connection, reducing the risk of third-party eavesdropping on user information,
such as emails and contacts, which are transmitted in plaintext as JavaScript data in the page source code. Starting in
July 2008, it was possible to configure Gmail for HTTPS access only through the Settings - this prevented any insecure
access via HTTP. POP3 and IMAP access uses Transport Layer Security, or TLS. At present Gmail now defaults to a
secure HTTPS connection.
Although email clients such as Mozilla Thunderbird use TLS when sending email, it is not used when the email is sent
from the Gmail servers to the destination domain's mail exchangers, unless supported, so at some stage the user's email
message may still be transmitted in unencrypted plain text. On March 20, 2014, Google announced the implementation
of an enhancement of the overall security of Gmail in response to the Edward Snowden privacy revelations in 2013. An
encrypted HTTPS connection will be used for the sending and receipt of all Gmail emails, and "every single email
message you send or receive100% of themis encrypted while moving internally" through the corporation's
systems.
Around 2007, Gmail had severe security issues which allowed a full account compromise via Cross-site scripting
vulnerabilities affecting the google.com homepage or information disclosure through a file which was stored on

International Digital Library 3

IDL - International Digital Library Volume 1, Issue 1
IDL CODE: IDL0010

Google's server and included all the Email contacts of the currently logged in user. The vulnerability was quickly
patched after the initial disclosure on the Internet.
Gmail offers spam filtering: the system automatically deletes messages marked as spam after 30 days. Users can
disable the spam-filtering system by creating a rule to make all messages skip the spam filter. POP3 users can only
check the Spam folder manually via the web interface, as only emails sent to the Inbox can be retrieved via POP3. This
is a technical limitation of POP3. In 2008, about 75% of email sent to Gmail accounts was filtered as spam. IP
addresses of webmail Gmail users are disguised in order to protect security, an early decision by Paul Buchheit. Gmail
automatically scans all incoming and outgoing e-mails for viruses in e-mail attachments. If a virus is found on an
attachment the reader is trying to open, Gmail will try to remove the virus and open the cleaned attachment. Gmail also
scans all outgoing attachments and will prevent the message from being sent if a virus is found. Gmail also does not
allow users to send or receive executable files or archives containing executable files.
On June 5, 2012, a new security feature was introduced to protect users from state-sponsored attacks. Whenever
Google analysis indicate that a government has attempted to compromise an account, Gmail will display a notice that
reads "Warning: We believe state-sponsored attackers may be trying to compromise your account or computer. Google
may terminate a Gmail account after nine months of inactivity (as of 2008). Other webmail services have different,
often shorter, times for marking an account as inactive. Yahoo! Mail deactivates dormant accounts after twelve months.

Ftp and Proxy Server

A computer that can act on the behalf of other computers to request content from the Internet or an intranet. Proxy
Server is placed between a user's machine and the Internet. It can act as a firewall to provide protection and as a cache
area to speed up Web page display. A firewall mechanism that replaces the IP address of a host on the internal
(protected) network with its own IP address for all traffic passing through it. A software agent that acts on behalf of a
user, typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address
is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the
user to a remote destination.
Proxy servers have two main purposes:
Improve Performance: Proxy servers can dramatically improve performance for groups of users. This is because it
saves the results of all requests for a certain amount of time. proxy server is often on the same network as the user, this
is a much faster operation. Real proxy servers support hundreds or thousands of users.
Filter Requests: Proxy servers can also be used to filter requests.

Simple Mail Transfer Protocol

Electronic mail (e-mail) is one of the most popular network services nowadays. Most e-mail systems that send mail
over the Internet use simple mail transfer protocol (SMTP) to send messages from one server to another. The messages
can then be retrieved with an e-mail client using either post office protocol (POP) or Internet message access protocol
(IMAP). SMTP is also generally used to send messages from a mail client to a mail server in hostbased (or Unix-
based) mail systems, where a simple mbox utility might be on the same system [or via Network File System (NFS)
provided by Novell] for access without POP or IMAP. This chapter describes the fundamentals of SMTP, elements of
its clientserver architecture (user agent, mail transfer agent, ports), requestresponse mechanism, commands, mail
transfer phases, SMTP messages, multipurpose internet mail extensions (MIME) for non-ASCII (American Standard
Code for Information Interchange) data, e-mail delivery cases, mail access protocols (POP3and IMAP4), SMTP
software, vulnerability and security issues, standards, associations, and organizations.

International Digital Library 4

IDL - International Digital Library Volume 1, Issue 1
IDL CODE: IDL0010

SMTP FUNDAMENTALS
SMTP is used as the common mechanism for transporting electronic mail among different hosts within the transmission
control protocol/Internet protocol (TCP/IP) suite. It is an application layer protocol. Under SMTP, a client SMTP
process opens a TCP connection to a server SMTP process on a remote host and attempts to send mail across the
connection. The server SMTP listens for a TCP connection on a specific port (25), and the client SMTP process
initiates a connection on that port (Cisco SMTP, 2005). When the TCP connection is successful, the two processes
execute a simple requestresponse dialogue, defined by the SMTP protocol (see RFC 821 for details), in which the
client process transmits the mail addresses of the originator and the recipient(s) for a message. When the server process
accepts these mail addresses, the client process transmits the e-mail instant message. The message must contain
amessage header and message text (body) formatted in accordance with RFC 822.
Mail that arrives via SMTP is forwarded to a remote server, or it is delivered to mailboxes on the local server. POP3 or
IMAP allow users download mail that is stored on the local server. Most mail programs such as Eudora allow the client
to specify both an SMTP server and a POP server. On UNIX-based systems, Sendmail is the most widely used SMTP
server for e-mail. Sendmail includes a POP3 server and also comes in a version forWindows NT (What is SMTP?,
2005). The MIME protocol defines the way files are attached to SMTP messages. Microsoft Outlook and
Netscape/Mozilla Communicator are the most popular mail-agent programs on Window-based systems. The X.400
International Telecommunication Union standard (Tanenbaum, 2003) that defines transfer protocols for sending
electronic mail between mail servers is used in Europe as an alternative to SMTP. Also, the message handling service
(MHS) developed by Novell is used for electronic mail on Netware networks (What is SMTP?, 2005).

References:

[1] I. Kounelis, J. Loschner, D. Shaw, and S. Scheer, Security of service requests for cloud based m-
commerce, in 2012 Proceedings of the 35th International Convention MIPRO, 2012, pp. 1479 1483.

[2] I. Brown and C. R. Snow, A proxy approach to e-mail security, Software: Practice and
Experience, vol. 29, no. 12, pp. 10491060, Oct. 1999.

[3] R. Jammalamadaka, T. Van Der Horst, S. Mehrotra, K. Seamons, and N. Venka subramanian, Delegate:
A Proxy Based Architecture for Secure Website Access from an Untrusted Machine, 2006, pp. 5766.

[4] A. Ghafoor, S. Muftic, and G. Schmlzer, CryptoNET: Design and implementa-tion of the Secure
Email System, in 2009 Proceedings of the 1st International Workshop on Security and Communication
Networks (IWSCN), 2009, pp. 16.

[5] M. Bishop, Computer security : art and science. Boston: Addison-Wesley, 2003.

[6] I. Kounelis, G. Baldini, S. Muftic, and J. Loschner, An Architecture for Secure m Commerce
Applications, in 2013 19th International Conference on Control Systems and Computer Science (CSCS),
2013, pp. 519525.

[7] SETECS, Inc., OneSDK Java Security Platform

[8] SETECS, Inc., OnePKI Public Key Infrastructure

[9] Kounelis, G. Baldini, S. Muftic, and J. Loschner, An Architecture for Secure m-Commerce
Applications, in 2013 19 th International Conference on Control Systems and Computer Science (CSCS),
2013, pp. 519525.

International Digital Library 5