This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Security is most essential for electronic mail, now a days financial and business, Military and Navy and many more Industries are using Emails as a communication through. Electronic mail is also known as e-mail, it is digital communication technique which will send a Digital message to one or more receivers. While retaining its original usage as a means of communication between two individuals, it is increasingly being used for business communication. Modern email system operates through internet and computer networks. Earlier days email system requires both receiver and author online in same time. Today email system can store and forward model. The key to the popularity of email lies in its ability to change the way people communicate, do business, work, socialize, access services and information. Email along with the internet continues to grow in terms of size, processing power and functionalities making it the most rapidly expanding technological innovation in the history of mankind (Schreiber, H. 2001). In email system consist three components the message Envelope, the message Header, the message Body. In modern email system we can attach multimedia documents with text document it's because of Multi internet Extension (MIME) system. The emails were attacked by attackers regularly for security
In this project objectives are as follows:
To overcome the security problems by using this proposed system, the proposed system is new security system using XML web server. With this new technology we can send and receive confidential data secure, so for the security purpose this project will solve hacking problems and safety. By this proposed system we can avoid email threats and ethical hackings and we can keep our emails in xml format. In this proposal explain section wise the section 1 contains back-round of an email system and present applications and techniques. The section 2 contains proposed system and explanation about the process of the system and requirements and flow of project.
2. Email as communication:
First developed in the 1970's it is highly confidential the initial functionality of the Email is to send basic text messages, but now its usage extended to include a whole host of possibilities. The sensitive information is sent through email with lots of security. It is used for delivering authorizations for bank transactions and credit cards, sending digitized signatures approvals, purchasing goods and services on the internet. The modern email services mostly increases privacy and security of the application, and now a days for private companies the Email authentication is necessary within their organization. Email is the formal way to communicate with the people. (Callas, J., et al. 1998).
2.1 Email Threats:
When the Email was first started it was in a common way of messaging the friends but whenever it was used as various applications such as business applications, the main problem is hacking. By this hacking the organization is losing its security, money, data and it is totally becoming an informal way. When we are delivering a message between clients, It will involve routing across several independent servers, routers etc. When an email is actually hacked into and a content has been destroyed then it includes use of special software called sniffers that actually sniff out the contents of email message.
There are several methods by which email attacks can take place. Fake emails are used to cheat people into revealing personal details such as credit card numbers, due to lack of proper authentication mechanisms. This data is then collected and used to perpetrate malicious attacks (Lee, B., et al. 2001). Man in the Middle attacks is a form of network attack, where a malicious entity hacks into lines of communication between end users and monitors messages that pass between them. Session Hijacking occurs when these entities control the flow of communication itself. When an email is actually hacked into and its contents siphoned off Eavesdropping occurs. This includes use of special software called sniffers that actually "sniff" out the contents of email messages. Diddling is a form of attack when the contents of the mail are altered as it transits between nodes. Dictionary attacks occur when an attackers uses a whole host of possible passwords to hack into email accounts. Denial of Service attacks occur when the attacker uses a very large number of emails ( more than a million at times) to flood network systems with requests that result in system blockage. This results in denial of network services to legitimate users (Lee, B., et al. 2001).
Since it has limitations and attacks, but email communication still continues to be widely used because it is relatively inexpensive.
3. Security Features of an Email System:
3.1Usability: This is most important of all four criterion of a secure email system. In general a secure email system uses a regular familiar email as far as possible. It can be derived by improvements on current email technologies. These technologies should simplify and reduce steps for operations, if the operation is reduced so that the user can learn something new.
3.2 Confidentiality: This email system is safe where the content will send from source to destination in correct way i.e, it will send to the real receivers but not to any other users. In this system the data will be confidential and secure.
3.3 Integrity: This email system will prevent the actual message which is being modified through unauthorized access during its deliver.
3.4 Authentication: This authentication system is mostly used and will result in an increased measure of trust and confidence among the users. Each and every organization has the authentication. (Tracy, M. 2007).
4. Basic Email Security Technology:
Cryptography: These systems will protect email communication from third party and enabling systems to overcome the harmful influence.( Sirin, E., et. 2004).
Digital Signatures: This is an electrical signature, it will demonstrate the message whether it was sent to the worthy user. Digital Signatures are easier then the cryptography.
Encryption, Key Generation & Decryption:
In general encryption we adding or changing some content to the file, but in email its process is to change the content of the mail so that it cannot be read by the unauthorized users and it is a security system. Decryption is the process to remove the content in this email only the end user (or) receiver can change the content (or) data in the mail.
The word key is used in the email to both for encryption and decryption of the content (or) data in the mails.
4.1Disadvanteges of Present Email System:
It can be seen from the previous section that emails are a very popular form of communication but they subject to various threats. There exist various security measures to counter these threats. However while these methods using cryptographic encryptions as their bases have succeeded in preserving the integrity and confidentiality of mails, the usability criterion has not yet been successfully answered (Selkirk, A. 2001).
4.2 Email Security Applications
The applications that use the above technology are described below:
The earliest technology to be developed in the early eighties to secure emails was X.509. This technology uses a set of identity certificates that validate the user to the recipient. These certificates contain digital signatures that validate the sender to the receiver. The main disadvantage of this method is that it offers no protection to the mail as it transits between the sender and the receivers and cannot prevent against tampering. It also requires an element of trust between the parties in each other identity certificate generation techniques (Housley, R. 1999).
4.2.2 PKI - Public Key Infrastructure
This form of communication uses the base form of cryptography. It uses a pair of encryption keys. A public key which generates the encrypted message sent to the client and a private key also sent to the client separately for decoding the message. Public Key Infrastructure is also known as asymmetric cryptography. The time taken for the whole process of encryption, key generation and decryption are the main disadvantages of this PKI (Anon, 2009).
4.2.3 Privacy Enhanced Mail (PEM)
PEM was first devised in 1989 as a set of standards that enhance the security features of emails and is derived from X.509 technology. These include signature and encryption standards for regular emails based on public key encryption techniques using the RSA algorithm. This technique utilizes two protection features. (1) Signed Emails and (2) Signed & Encrypted Emails. The keys utilized by these technologies are placed in digital certificates generated by a trusted certifying authority (CA). The key itself was placed in another certificate and both sent to the recipient. However, there was only one trusted root Certificate Authority for generating all the certificates. The key would be used to open the digitally signed email and access it. This method while offering reasonable security to the mail as it transits between users is cumbersome to deploy. It violates the cardinal "easy of use" principle in securing emails (Horrocks & Sattler, 2009).
4.2.4 PGP (Pretty Good Privacy) Mail
First introduced in 1991, PGP is an elementary message signing, sealing and key management system (Fensel, D. & Bussler, C. 2002). While the PEM utilized a single trusted certificate issuing authority, PGP mails utilize certificates from many authorities who however have to be verified as being trustworthy by both sender and receivers. The message is encrypted and decrypted using public keys. While this increased speed of operations, it suffered from ambiguities due to lack of universal acceptance. Moreover since it was not integrated with major email programs such as Microsoft, its usage was limited. While the message itself is secure, the headers such as to, date and subject features could not be secured. Thus a mail could be potentially recorded as spam in its header which would be dumped by the recipient. Regular Outlook fails to check if headers are tampered with. The only email client that in part has the ability to detect possible tempering is the Mozilla Thunderbird which however is not as widely used as Microsoft Outlook (Callas, J., et al. 1998).
4.2.5 Secure Socket Layer (SSL) Connections
Computers communicates with through transport layer also called ad network protocols(Chester, c,2001). These protocols speed up operations; ensure security and preserver message formats. SSL Connections utilize the Secure Socket Layer to transmit messages between the senders and the receivers. In this format there is no need for encryption or key generation and the message is transmitted as it is to the recipient since the SSL channel is considered to be safe. This channel also prevents unauthorized access. However the increasing incidents of malicious attacks being perpetrated through network protocols has rendered this method susceptible to attacks(McGrath, S. 2003). A provision has to be incorporated for encrypting messages sent through SSL as well. The application transmits data through the Secure Socket layer conduit which itself uses the default TCP/IP port 443.
5. Technical Requirements
Operating System:- Windows 2000 / Windows XP / Window Vista
Development End (Programming Languages):- C# .net using Asp.net Framework
Database Server: - SQL Server 2008
Web browser:- Internet Explorer 5.0 onward
Web Server :- IIS server
AES Encryption Algorithm
RAM:- 512 MB
6 PROPOSED PROCESS
Sending XML Email Process:
The proposed technique uses the .Net and XML.
The first step involves composing an email using outlook. The mail is then sent to the XML web service through .net.
The Web Service Encrypts the Mail.
Using X.509 certificate the mail is digitally signed and email is then sent through the server
Client Email Application
Plain text/ Readable mail
.Net & XML
Fig a. Sending XML Mail
Receiving xml email process:
The encrypted email is then downloaded from Outlook by the recipient application.
XML Service decrypts the email and also verifies the digital signature.
The decrypted mail is converted into plain text which is readable and then displayed on the monitor for the recipient to read.
Client Email Application
.Net & XML
Plain text/ Readable mail
Fig b. Receiving XML Mail
This XML format web server will protect the header part, the most widely used email mechanisms to provide authentication, message integrity, and data confidentiality are PGP mail and S/MIME. Pretty Good Privacy (PGP) is an encrypted standard that is employed for encryption of email; however, by using it only email content can be encrypted, while headers that comprise email addresses and subject of the email may get the security risks (Anon, 2009). Secure / Multi-purpose Internet Mail Extensions (S/MIME) is an industry standard that is used for enabling public key encryption and signing of MIME encapsulated email. It's a standard format for SMTP email, in which characteristic of message like rich text, attachments and message bodies including manifold parts where the emails are safe by employing wrappers are allowed. In this, it is must for each and every header to be presented in the outer header and it is not protected, this one is the only disadvantage of this strategy. Only the inner header of the wrapped messages is protected (Anon, 2009).