My Email Communications Security Assessment (MECSA): 2018 Results

This JRC technical report presents the results obtained by the My Email Communications Security Assessment (MECSA) tool. MECSA is an online1 tool developed by the Joint Research Centre to assess the security of email communications between email providers. Email communications continue to be one of the most widespread forms of digital communications with thousands of millions of emails exchanged on a daily basis. It is estimated that 72% of the European population use email either in mobile phones, tablets or computers. It is the means of digital communication used by most Europeans on a daily basis (Special Eurobarometer 462, 2017. Published July 2018.) MECSA is the outcome of our research on the security of email communications. It servers a triple purpose. Firstly, it allows us to monitor the adoption of modern email security standards in the current ecosystem of email providers, assessing their capability to protect the confidentiality, integrity and authenticity of the email exchange amongst them. Secondly, MECSA aims to become a one-stop shop for email users to receive an indication of the capability of their email providers to protect their email exchange in the communication with other providers of the ecosystem. Finally, MECSA aims to become a reference tool for professionals and a mean to promote the adoption of modern email security standards in Europe.JRC.E.3-Cyber and Digital Citizens' Securit

Distributed lightweight trust infrastructure with automatic validation for electronic transactions

The goal of the thesis is to address solution to security threats faced currently by the transactions among devices in Industry 4.0 network. In order to address the cyber threats a demo version of a distributed light weight trust infrastructure is designed and developed, which makes use of the existing Internet Domain Name System (DNS) and its global trust anchor. Since it has high scalability and eases the burden on relying parties, in turn allows for highly efficient queries to support individual trust decisions. In this demo version a standalone private DNS infrastructure including Top Level Domains has to be developed with Raspberry pi Cluster. Further, the Security of the DNS for the trust infrastructure is enhanced in this demo version by implementing DNSSEC and also DANE Protocol with TLSA Resource Records. It also includes the core functionality of the \gls{lightest} example: Developing Trust Lists, Trust Scheme Publication Authority [7]. In the thesis a demo version of distributed light weight trust infrastructure is developed and visualized practically by designing an infrastructure for validation and authentication of data in the Sensor network of an organization using a Raspberry pi Cluster and also the flexibility of the light weight infrastructure is discussed by considering four important scenarios which can overcome the issues of data authentication in current Industry 4.0 predictive maintenance system. Also two different applications of Block chain technology related to data authentication in Industry 4.0 is discussed. Based on one of the block chain application "the Block chain based PKI management system" an idea is proposed how this can be incorporated into an IOT sensor network for certificate validation. Finally the two technologies block chain and distributed light weight trust infrastructure using DNS are analyzed based on five parameters namely performance, maintainability, manageability, security and cost