Professional Documents
Culture Documents
LITERATURE SURVEY
Abstract : In this project we have plan to implement a effective E-mail access using proxy server. Our application
provides E-mail access to user even though the user is blocked by the main server by eliminating the permission to
access the e-mail. Proxy server plays a vital role in our project. Our solution will remove the overhead of email access
to user and introduce a better way which does not lead to any destruction. Literature survey is mainly carried out in
order to analyze the background of the current project, which helps to find out flaws in the existing system & guides on
which unsolved problems can work out. So, the following topics not only illustrate the background of the project but
also uncover the problems and flaws which motivated to propose solutions and work on this project. A variety of
research has been done on power aware scheduling. Following section explores different references that discuss about
several topics related to power aware scheduling.
A proxy approach to e-mail security, A wide variety of electronic mail software is used to send messages across
the Internet. Two principal protocols Simple Mail Transfer Protocol (SMTP) and Post Office Protocol (POP) are
used to allow mail clients and servers running in extremely heterogeneous environments to communicate with each
other and thus send and receive e-mail. The one disadvantage of this heterogeneity is the amount of effort required to
add functionality to all these different pieces of software (and their frequent upgrades), particularly with complex
services such as security. Such services are only valuable when implemented in the majority of applications. An
alternative approach is to examine the protocols and data flow involved in communication between the mail clients and
servers. By modifying data as it passes between the two, a proxy can provide functionality to any application that uses
those protocols without requiring them to be separately upgraded. We describe the use of this approach to secure
electronic mail between sending and receiving hosts.
Author: Brown and C. R. Snow, A proxy approach to e-mail security,
Software: Practice and Experience, vol. 29, no. 12, pp. 10491060, Oct. 1999.]
Delegate: A Proxy based architecture for secure website access from an entrusted machine, Performing
sensitive online transactions using computers found in cyber cafes and public libraries is risky. The entrusted nature of
these machines creates a target rich environment. A simple keystroke logger, a common payload of many viruses,
records and transmits the secret information (e.g., passwords, credit card numbers, PIN numbers) entered into these
machines. In addition, sophisticated malware can hijack a users authenticated session to perform unauthorized
transactions masquerading as the user. This paper presents Delegate, a proxy-based architecture that enables a user to
access web sites without disclosing personal information to entrusted machines. Delegate enforces rules at the proxy to
detect and prevent session hijacking. This architecture leverages users trusted mobile devices, e.g., cell phones, and
requires no modification to web servers or the entrusted machines. Delegate is designed to provide a balance between
security and usability.
Author: R. Jammalamadaka, T. Van Der Horst, S. Mehrotra, K. Seamons, and N. Venka-subramanian,
Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine, 2006, pp. 57
66.
An Architecture for Secure m-Commerce Applications, As mobile communication technology evolves, more and
more features are available to users of mobile devices. The adoption of such features is rapid and the demand for more
capabilities is growing, especially with the development of the Internet of Things. One of the most challenging and
sensitive concepts used in the always connected mobile world is mobile commerce. Security for mobile financial
transactions is of extreme high concern. In this paper we describe the architecture of a secure m-commerce system
based on the concepts defined in the FP7 iCore project. We propose a framework that structures an m-commerce
system in objects with semantic searching capabilities to provide an efficient and secure handling of system resources
and transactions.
Author: Kounelis, G. Baldini, S. Muftic, and J. Loschner, An Architecture for Secure m-Commerce
Applications, in 2013 19th International Conference on Control Systems and Computer Science (CSCS), 2013,
pp. 519525.
A Novel Approach For Intranet Mailing For Providing User Authentication, With the explosion of the public
Internet and e-commerce, private computers, and computer networks, if not adequately secured, are increasingly
vulnerable to damaging attacks. Hackers, viruses, vindictive employees and even human error all represent clear and
present dangers to networks. Various antidotes that are in fact inextricable with security issues areCryptography,
Authentication, Integrity and Non Repudiation, Key Distribution and certification, Access control by implementing
Firewalls etc. The main idea of this paper is to overcome the PGPs(Pretty Good Privacy) main limitation of
incomplete non-repudiation Service, which increases the degree of security and efficiency of an email message
communication through NRR(Non-Repudiation of Receipt) and including PGPs original feature of NRO(Non-
Repudiation of Origin), and there it assures new security service of Mutual Non Repudiation (MNR).
Author: ASN Chakravarthy, A.S.S.D.Toyaza
Effectiveness And Limitations Of E-Mail Security Protocols, Simple Mail Transport Protocol is the most widely
adopted protocol for e-mail delivery. However, it lacks security features for privacy, authentication of sending party,
integrity of e-mail message, non repudiation and consistency of e-mail envelope. To make e-mail communication
secure and private, e-mail servers incorporate one or more security features using add-on security protocols. The add-
on security protocols provide a reasonable security but have several limitations. This paper discusses limitations of e-
mail security protocols, analyzes and evaluates their effectiveness in e-mail servers. It also proposes methods to
improve efficiency of e-mail servers in detecting spoofed e-mails from domains that do not follow any standard anti-
spoofing protocol. Further, it presents results of studies carried out to appraise e-mail user practice; knowledge of
security protocols and their confidence in e-mail system.
Author: M. Tariq Banday
CryptoNET: Design and implementation of the Secure Email System, This paper describes the design and
implementation of a secure, high assurance and very reliable Email system. The system handles standard Email security
services - signing and encryption of Email letters and, in addition, provides a number of extended and innovative
security features. These new features are: transparent handling of certificates, strong authentication between Secure
Email client and Secure Email server, archiving and recovery of encrypted address books, simple and secure handling
of cryptographic keys, security sessions management, tracking of Email letters using confirmation message, elimination
of SPAM messages, prevention of fraudulent and infected attachments, and usage of smart cards. The system is
structured in the form of security objects organized in the form of a large-scale security architecture based on proxy
servers. The system uses hierarchical certification infrastructure for management and verification of certificates.
Author:
A. Ghafoor, S. Muftic, and G. Schmlzer, CryptoNET: Design and implementa-tion of the Secure Email
System, in 2009 Proceedings of the 1st International Workshop on Security and Communication Networks
(IWSCN), 2009, pp. 16.
Google's server and included all the Email contacts of the currently logged in user. The vulnerability was quickly
patched after the initial disclosure on the Internet.
Gmail offers spam filtering: the system automatically deletes messages marked as spam after 30 days. Users can
disable the spam-filtering system by creating a rule to make all messages skip the spam filter. POP3 users can only
check the Spam folder manually via the web interface, as only emails sent to the Inbox can be retrieved via POP3. This
is a technical limitation of POP3. In 2008, about 75% of email sent to Gmail accounts was filtered as spam. IP
addresses of webmail Gmail users are disguised in order to protect security, an early decision by Paul Buchheit. Gmail
automatically scans all incoming and outgoing e-mails for viruses in e-mail attachments. If a virus is found on an
attachment the reader is trying to open, Gmail will try to remove the virus and open the cleaned attachment. Gmail also
scans all outgoing attachments and will prevent the message from being sent if a virus is found. Gmail also does not
allow users to send or receive executable files or archives containing executable files.
On June 5, 2012, a new security feature was introduced to protect users from state-sponsored attacks. Whenever
Google analysis indicate that a government has attempted to compromise an account, Gmail will display a notice that
reads "Warning: We believe state-sponsored attackers may be trying to compromise your account or computer. Google
may terminate a Gmail account after nine months of inactivity (as of 2008). Other webmail services have different,
often shorter, times for marking an account as inactive. Yahoo! Mail deactivates dormant accounts after twelve months.
SMTP FUNDAMENTALS
SMTP is used as the common mechanism for transporting electronic mail among different hosts within the transmission
control protocol/Internet protocol (TCP/IP) suite. It is an application layer protocol. Under SMTP, a client SMTP
process opens a TCP connection to a server SMTP process on a remote host and attempts to send mail across the
connection. The server SMTP listens for a TCP connection on a specific port (25), and the client SMTP process
initiates a connection on that port (Cisco SMTP, 2005). When the TCP connection is successful, the two processes
execute a simple requestresponse dialogue, defined by the SMTP protocol (see RFC 821 for details), in which the
client process transmits the mail addresses of the originator and the recipient(s) for a message. When the server process
accepts these mail addresses, the client process transmits the e-mail instant message. The message must contain
amessage header and message text (body) formatted in accordance with RFC 822.
Mail that arrives via SMTP is forwarded to a remote server, or it is delivered to mailboxes on the local server. POP3 or
IMAP allow users download mail that is stored on the local server. Most mail programs such as Eudora allow the client
to specify both an SMTP server and a POP server. On UNIX-based systems, Sendmail is the most widely used SMTP
server for e-mail. Sendmail includes a POP3 server and also comes in a version forWindows NT (What is SMTP?,
2005). The MIME protocol defines the way files are attached to SMTP messages. Microsoft Outlook and
Netscape/Mozilla Communicator are the most popular mail-agent programs on Window-based systems. The X.400
International Telecommunication Union standard (Tanenbaum, 2003) that defines transfer protocols for sending
electronic mail between mail servers is used in Europe as an alternative to SMTP. Also, the message handling service
(MHS) developed by Novell is used for electronic mail on Netware networks (What is SMTP?, 2005).
References:
[1] I. Kounelis, J. Loschner, D. Shaw, and S. Scheer, Security of service requests for cloud based m-
commerce, in 2012 Proceedings of the 35th International Convention MIPRO, 2012, pp. 1479 1483.
[2] I. Brown and C. R. Snow, A proxy approach to e-mail security, Software: Practice and
Experience, vol. 29, no. 12, pp. 10491060, Oct. 1999.
[3] R. Jammalamadaka, T. Van Der Horst, S. Mehrotra, K. Seamons, and N. Venka subramanian, Delegate:
A Proxy Based Architecture for Secure Website Access from an Untrusted Machine, 2006, pp. 5766.
[4] A. Ghafoor, S. Muftic, and G. Schmlzer, CryptoNET: Design and implementa-tion of the Secure
Email System, in 2009 Proceedings of the 1st International Workshop on Security and Communication
Networks (IWSCN), 2009, pp. 16.
[5] M. Bishop, Computer security : art and science. Boston: Addison-Wesley, 2003.
[6] I. Kounelis, G. Baldini, S. Muftic, and J. Loschner, An Architecture for Secure m Commerce
Applications, in 2013 19th International Conference on Control Systems and Computer Science (CSCS),
2013, pp. 519525.
[9] Kounelis, G. Baldini, S. Muftic, and J. Loschner, An Architecture for Secure m-Commerce
Applications, in 2013 19 th International Conference on Control Systems and Computer Science (CSCS),
2013, pp. 519525.