IDL - International Digital Library
Volume 1, Issue 1 IDL CODE: IDL0010
To Enhanced GMAIL Application using FTP & SMTP Proxy Server *Megha B.G
*Manasvinatesh
*Amrintaj
*Gagana H.S
meghabelur95@gmail.com AIT, VTU University
Manasvinatesh600@gmail.com AIT, VTU University
Amrintaj27h@gmail.com AIT, VTU University
gaganahs2016@gmail.com AIT, VTU University
Under the guidance: ** Dr. Pushpa Ravikumar HOD AIT, VTU University. LITERATURE SURVEY Abstract : In this project we have plan to implement a effective E-mail access using proxy server. Our application provides E-mail access to user even though the user is blocked by the main server by eliminating the permission to access the e-mail. Proxy server plays a vital role in our project. Our solution will remove the overhead of email access to user and introduce a better way which does not lead to any destruction. Literature survey is mainly carried out in order to analyze the background of the current project, which helps to find out flaws in the existing system & guides on which unsolved problems can work out. So, the following topics not only illustrate the background of the project but also uncover the problems and flaws which motivated to propose solutions and work on this project. A variety of research has been done on power aware scheduling. Following section explores different references that discuss about several topics related to power aware scheduling. “A proxy approach to e-mail security”, A wide variety of electronic mail software is used to send messages across the Internet. Two principal protocols – Simple Mail Transfer Protocol (SMTP) and Post Office Protocol (POP) – are used to allow mail clients and servers running in extremely heterogeneous environments to communicate with each other and thus send and receive e-mail. The one disadvantage of this heterogeneity is the amount of effort required to add functionality to all these different pieces of software (and their frequent upgrades), particularly with complex services such as security. Such services are only valuable when implemented in the majority of applications. An alternative approach is to examine the protocols and data flow involved in communication between the mail clients and servers. By modifying data as it passes between the two, a proxy can provide functionality to any application that uses those protocols without requiring them to be separately upgraded. We describe the use of this approach to secure electronic mail between sending and receiving hosts. Author: Brown and C. R. Snow, “A proxy approach to e-mail security,” Software: Practice and Experience, vol. 29, no. 12, pp. 1049–1060, Oct. 1999.] “Delegate: A Proxy based architecture for secure website access from an entrusted machine”, Performing sensitive online transactions using computers found in cyber cafes and public libraries is risky. The entrusted nature of these machines creates a target rich environment. A simple keystroke logger, a common payload of many viruses, records and transmits the secret information (e.g., passwords, credit card numbers, PIN numbers) entered into these machines. In addition, sophisticated malware can hijack a user’s authenticated session to perform unauthorized transactions masquerading as the user. This paper presents Delegate, a proxy-based architecture that enables a user to
International Digital Library
1
IDL - International Digital Library
Volume 1, Issue 1 IDL CODE: IDL0010
access web sites without disclosing personal information to entrusted machines. Delegate enforces rules at the proxy to detect and prevent session hijacking. This architecture leverages users’ trusted mobile devices, e.g., cell phones, and requires no modification to web servers or the entrusted machines. Delegate is designed to provide a balance between security and usability. Author: R. Jammalamadaka, T. Van Der Horst, S. Mehrotra, K. Seamons, and N. Venka-subramanian, “Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine,” 2006, pp. 57– 66. “An Architecture for Secure m-Commerce Applications”, As mobile communication technology evolves, more and more features are available to users of mobile devices. The adoption of such features is rapid and the demand for more capabilities is growing, especially with the development of the Internet of Things. One of the most challenging and sensitive concepts used in the always connected mobile world is mobile commerce. Security for mobile financial transactions is of extreme high concern. In this paper we describe the architecture of a secure m-commerce system based on the concepts defined in the FP7 iCore project. We propose a framework that structures an m-commerce system in objects with semantic searching capabilities to provide an efficient and secure handling of system resources and transactions. Author: Kounelis, G. Baldini, S. Muftic, and J. Loschner, “An Architecture for Secure m-Commerce Applications,” in 2013 19th International Conference on Control Systems and Computer Science (CSCS), 2013, pp. 519–525. “A Novel Approach For Intranet Mailing For Providing User Authentication”, With the explosion of the public Internet and e-commerce, private computers, and computer networks, if not adequately secured, are increasingly vulnerable to damaging attacks. Hackers, viruses, vindictive employees and even human error all represent clear and present dangers to networks. Various antidotes that are in fact inextricable with security issues are–Cryptography, Authentication, Integrity and Non Repudiation, Key Distribution and certification, Access control by implementing Firewalls etc. The main idea of this paper is to overcome the PGP’s(Pretty Good Privacy) main limitation of incomplete non-repudiation Service, which increases the degree of security and efficiency of an email message communication through NRR(Non-Repudiation of Receipt) and including PGPs original feature of NRO(NonRepudiation of Origin), and there it assures new security service of Mutual Non Repudiation (MNR). Author: ASN Chakravarthy, A.S.S.D.Toyaza “Effectiveness And Limitations Of E-Mail Security Protocols”, Simple Mail Transport Protocol is the most widely adopted protocol for e-mail delivery. However, it lacks security features for privacy, authentication of sending party, integrity of e-mail message, non repudiation and consistency of e-mail envelope. To make e-mail communication secure and private, e-mail servers incorporate one or more security features using add-on security protocols. The addon security protocols provide a reasonable security but have several limitations. This paper discusses limitations of email security protocols, analyzes and evaluates their effectiveness in e-mail servers. It also proposes methods to improve efficiency of e-mail servers in detecting spoofed e-mails from domains that do not follow any standard antispoofing protocol. Further, it presents results of studies carried out to appraise e-mail user practice; knowledge of security protocols and their confidence in e-mail system. Author: M. Tariq Banday
International Digital Library
2
IDL - International Digital Library
Volume 1, Issue 1 IDL CODE: IDL0010
“CryptoNET: Design and implementation of the Secure Email System”, This paper describes the design and implementation of a secure, high assurance and very reliable Email system. The system handles standard Email security services - signing and encryption of Email letters and, in addition, provides a number of extended and innovative security features. These new features are: transparent handling of certificates, strong authentication between Secure Email client and Secure Email server, archiving and recovery of encrypted address books, simple and secure handling of cryptographic keys, security sessions management, tracking of Email letters using confirmation message, elimination of SPAM messages, prevention of fraudulent and infected attachments, and usage of smart cards. The system is structured in the form of security objects organized in the form of a large-scale security architecture based on proxy servers. The system uses hierarchical certification infrastructure for management and verification of certificates. Author: A. Ghafoor, S. Muftic, and G. Schmölzer, “CryptoNET: Design and implementa-tion of the Secure Email System,” in 2009 Proceedings of the 1st International Workshop on Security and Communication Networks (IWSCN), 2009, pp. 1–6. Google mail server Gmail is a free, advertising-supported email service provided by Google. Users may access Gmail as secure webmail, as well as via POP3 or IMAP4 protocols. Gmail started as an invitation-only beta release on April 1, 2004 and it became available to the general public on February 7, 2007, though still in beta status at that time. The service was upgraded from beta status on July 7, 2009, along with the rest of the Google Apps suite. With an initial storage capacity offer of 1 GB per user, Gmail significantly increased the webmail standard for free storage from the 2 to 4 MB its competitors such as Hotmail offered at that time. Individual Gmail messages, including attachments, may be up to 25 MB. Gmail has a search-oriented interface and a "conversation view" similar to an Internet forum. Gmail is noted by web developers for its pioneering use of Ajax. Gmail runs on Google GFE/2.0 on Linux. As of June 2012, it was the most widely used web-based email provider with over 425 million active users worldwide. According to a 2014 estimate, 60% of mid-sized US companies were using Gmail. In May 2014, Gmail became the first app on the Google Play Store to hit one billion installations on Android devices. At one time Gmail used an unencrypted connection to retrieve user data, encrypting only the connection used for the login page. However, by replacing the URL http://mail.google.com/mail/ with https://mail.google.com/mail/, users were able to force Gmail to use a secure connection, reducing the risk of third-party eavesdropping on user information, such as emails and contacts, which are transmitted in plaintext as JavaScript data in the page source code. Starting in July 2008, it was possible to configure Gmail for HTTPS access only through the Settings - this prevented any insecure access via HTTP. POP3 and IMAP access uses Transport Layer Security, or TLS. At present Gmail now defaults to a secure HTTPS connection. Although email clients such as Mozilla Thunderbird use TLS when sending email, it is not used when the email is sent from the Gmail servers to the destination domain's mail exchangers, unless supported, so at some stage the user's email message may still be transmitted in unencrypted plain text. On March 20, 2014, Google announced the implementation of an enhancement of the overall security of Gmail in response to the Edward Snowden privacy revelations in 2013. An encrypted HTTPS connection will be used for the sending and receipt of all Gmail emails, and "every single email message you send or receive—100% of them—is encrypted while moving internally" through the corporation's systems. Around 2007, Gmail had severe security issues which allowed a full account compromise via Cross-site scripting vulnerabilities affecting the google.com homepage or information disclosure through a file which was stored on
International Digital Library
3
IDL - International Digital Library
Volume 1, Issue 1 IDL CODE: IDL0010
Google's server and included all the Email contacts of the currently logged in user. The vulnerability was quickly patched after the initial disclosure on the Internet. Gmail offers spam filtering: the system automatically deletes messages marked as spam after 30 days. Users can disable the spam-filtering system by creating a rule to make all messages skip the spam filter. POP3 users can only check the Spam folder manually via the web interface, as only emails sent to the Inbox can be retrieved via POP3. This is a technical limitation of POP3. In 2008, about 75% of email sent to Gmail accounts was filtered as spam. IP addresses of webmail Gmail users are disguised in order to protect security, an early decision by Paul Buchheit. Gmail automatically scans all incoming and outgoing e-mails for viruses in e-mail attachments. If a virus is found on an attachment the reader is trying to open, Gmail will try to remove the virus and open the cleaned attachment. Gmail also scans all outgoing attachments and will prevent the message from being sent if a virus is found. Gmail also does not allow users to send or receive executable files or archives containing executable files. On June 5, 2012, a new security feature was introduced to protect users from state-sponsored attacks. Whenever Google analysis indicate that a government has attempted to compromise an account, Gmail will display a notice that reads "Warning: We believe state-sponsored attackers may be trying to compromise your account or computer. Google may terminate a Gmail account after nine months of inactivity (as of 2008). Other webmail services have different, often shorter, times for marking an account as inactive. Yahoo! Mail deactivates dormant accounts after twelve months.
Ftp and Proxy Server A computer that can act on the behalf of other computers to request content from the Internet or an intranet. Proxy Server is placed between a user's machine and the Internet. It can act as a firewall to provide protection and as a cache area to speed up Web page display. A firewall mechanism that replaces the IP address of a host on the internal (protected) network with its own IP address for all traffic passing through it. A software agent that acts on behalf of a user, typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination. Proxy servers have two main purposes: • Improve Performance: Proxy servers can dramatically improve performance for groups of users. This is because it saves the results of all requests for a certain amount of time. proxy server is often on the same network as the user, this is a much faster operation. Real proxy servers support hundreds or thousands of users. • Filter Requests: Proxy servers can also be used to filter requests. Simple Mail Transfer Protocol Electronic mail (e-mail) is one of the most popular network services nowadays. Most e-mail systems that send mail over the Internet use simple mail transfer protocol (SMTP) to send messages from one server to another. The messages can then be retrieved with an e-mail client using either post office protocol (POP) or Internet message access protocol (IMAP). SMTP is also generally used to send messages from a mail client to a mail server in “hostbased” (or Unixbased) mail systems, where a simple mbox utility might be on the same system [or via Network File System (NFS) provided by Novell] for access without POP or IMAP. This chapter describes the fundamentals of SMTP, elements of its client–server architecture (user agent, mail transfer agent, ports), request–response mechanism, commands, mail transfer phases, SMTP messages, multipurpose internet mail extensions (MIME) for non-ASCII (American Standard Code for Information Interchange) data, e-mail delivery cases, mail access protocols (POP3and IMAP4), SMTP software, vulnerability and security issues, standards, associations, and organizations.
International Digital Library
4
IDL - International Digital Library
Volume 1, Issue 1 IDL CODE: IDL0010
SMTP FUNDAMENTALS SMTP is used as the common mechanism for transporting electronic mail among different hosts within the transmission control protocol/Internet protocol (TCP/IP) suite. It is an application layer protocol. Under SMTP, a client SMTP process opens a TCP connection to a server SMTP process on a remote host and attempts to send mail across the connection. The server SMTP listens for a TCP connection on a specific port (25), and the client SMTP process initiates a connection on that port (Cisco SMTP, 2005). When the TCP connection is successful, the two processes execute a simple request–response dialogue, defined by the SMTP protocol (see RFC 821 for details), in which the client process transmits the mail addresses of the originator and the recipient(s) for a message. When the server process accepts these mail addresses, the client process transmits the e-mail instant message. The message must contain amessage header and message text (“body”) formatted in accordance with RFC 822. Mail that arrives via SMTP is forwarded to a remote server, or it is delivered to mailboxes on the local server. POP3 or IMAP allow users download mail that is stored on the local server. Most mail programs such as Eudora allow the client to specify both an SMTP server and a POP server. On UNIX-based systems, Sendmail is the most widely used SMTP server for e-mail. Sendmail includes a POP3 server and also comes in a version forWindows NT (“What is SMTP?”, 2005). The MIME protocol defines the way files are attached to SMTP messages. Microsoft Outlook and Netscape/Mozilla Communicator are the most popular mail-agent programs on Window-based systems. The X.400 International Telecommunication Union standard (Tanenbaum, 2003) that defines transfer protocols for sending electronic mail between mail servers is used in Europe as an alternative to SMTP. Also, the message handling service (MHS) developed by Novell is used for electronic mail on Netware networks (“What is SMTP?”, 2005).
References: [1] I. Kounelis, J. Loschner, D. Shaw, and S. Scheer, “Security of service requests for cloud based mcommerce,” in 2012 Proceedings of the 35th International Convention MIPRO, 2012, pp. 1479 –1483. [2] I. Brown and C. R. Snow, “A proxy approach to e-mail security,” Software: Practice and Experience, vol. 29, no. 12, pp. 1049–1060, Oct. 1999. [3] R. Jammalamadaka, T. Van Der Horst, S. Mehrotra, K. Seamons, and N. Venka subramanian, Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine,” 2006, pp. 57–66. [4] A. Ghafoor, S. Muftic, and G. Schmölzer, “CryptoNET: Design and implementa-tion of the Secure Email System,” in 2009 Proceedings of the 1st International Workshop on Security and Communication Networks (IWSCN), 2009, pp. 1–6. [5] M. Bishop, Computer security : art and science. Boston: Addison-Wesley, 2003. [6] I. Kounelis, G. Baldini, S. Muftic, and J. Loschner, “An Architecture for Secure m Commerce Applications,” in 2013 19th International Conference on Control Systems and Computer Science (CSCS), 2013, pp. 519–525. [7] SETECS, Inc., “OneSDK™ – Java Security Platform” [8] SETECS, Inc., “OnePKI™ – Public Key Infrastructure” [9] Kounelis, G. Baldini, S. Muftic, and J. Loschner, “An Architecture for Secure m-Commerce Applications,” in 2013 19 th International Conference on Control Systems and Computer Science (CSCS), 2013, pp. 519–525.
International Digital Library
5