A Practical Study of E-mail Communication through SMTP

Simple Mail Transfer Protocol (SMTP) is an application layer protocol for e-mail communication. It has been adopted as a standard by Internet Engineering Task Force (IETF). SMTP has set conversational and grammatical rules for exchanging messages between connected computers. It has evolved through several revisions and extensions since its formation by Jon Postel in 1981. In SMTP, the sender establishes a full-duplex transmission channel with a receiver. The receiver may be either the ultimate destination or an intermediate forwarding agent. SMTP commands are issued by the sender and are sent to the receiver, which responds to these commands through codes. Each SMTP session between the sender and the receiver consists of three phases namely: connection establishment, mail transactions and connection termination. This paper describes and illustrates the process of e-mail communication through SMTP by issuing the individual SMTP commands directly to transmit e-mail messages. It also describes individual SMTP commands and extensions with practical implementation using a Telnet client

Addressing the challenges of modern DNS:a comprehensive tutorial

The Domain Name System (DNS) plays a crucial role in connecting services and users on the Internet. Since its first specification, DNS has been extended in numerous documents to keep it fit for today’s challenges and demands. And these challenges are many. Revelations of snooping on DNS traffic led to changes to guarantee confidentiality of DNS queries. Attacks to forge DNS traffic led to changes to shore up the integrity of the DNS. Finally, denial-of-service attack on DNS operations have led to new DNS operations architectures. All of these developments make DNS a highly interesting, but also highly challenging research topic. This tutorial – aimed at graduate students and early-career researchers – provides a overview of the modern DNS, its ongoing development and its open challenges. This tutorial has four major contributions. We first provide a comprehensive overview of the DNS protocol. Then, we explain how DNS is deployed in practice. This lays the foundation for the third contribution: a review of the biggest challenges the modern DNS faces today and how they can be addressed. These challenges are (i) protecting the confidentiality and (ii) guaranteeing the integrity of the information provided in the DNS, (iii) ensuring the availability of the DNS infrastructure, and (iv) detecting and preventing attacks that make use of the DNS. Last, we discuss which challenges remain open, pointing the reader towards new research areas

Monocentric Cyberspace: The Primary Market for Internet Domain Names

Cyberspace is no different from traditional cities, at least in economic terms. Urban economics governs the creation of new space on the Internet and explains location choices and price gradients in virtual space. This study explores registration dynamics in the largest primary market for virtual space: Internet domain names. After developing a framework for domain registrations, it empirically tests whether domain registrations are constrained by the depletion of unregistered high quality domain names. Estimations based on registrations of COM domain names suggest that the number of domains expands substantially slower than the growth in overall demand for domain space. Supplying alternative domain extensions can relax the shortage in domains in the short term.My postdoctoral research project received substantial financial contributions by the Internet Corporation of Assigned Names and Numbers (ICANN).This is the final version of the article. It first appeared from Springer via http://dx.doi.org/10.1007/s11146-016-9547-

Understanding Flaws in the Deployment and Implementation of Web Encryption

In recent years, the web has switched from using the unencrypted HTTP protocol to using encrypted communications. Primarily, this resulted in increasing deployment of TLS to mitigate information leakage over the network. This development has led many web service operators to mistakenly think that migrating from HTTP to HTTPS will magically protect them from information leakage without any additional effort on their end to guar- antee the desired security properties. In reality, despite the fact that there exists enough infrastructure in place and the protocols have been “tested” (by virtue of being in wide, but not ubiquitous, use for many years), deploying HTTPS is a highly challenging task due to the technical complexity of its underlying protocols (i.e., HTTP, TLS) as well as the complexity of the TLS certificate ecosystem and this of popular client applications such as web browsers. For example, we found that many websites still avoid ubiquitous encryption and force only critical functionality and sensitive data access over encrypted connections while allowing more innocuous functionality to be accessed over HTTP. In practice, this approach is prone to flaws that can expose sensitive information or functionality to third parties. Thus, it is crucial for developers to verify the correctness of their deployments and implementations. In this dissertation, in an effort to improve users’ privacy, we highlight semantic flaws in the implementations of both web servers and clients, caused by the improper deployment of web encryption protocols. First, we conduct an in-depth assessment of major websites and explore what functionality and information is exposed to attackers that have hijacked a user’s HTTP cookies. We identify a recurring pattern across websites with partially de- ployed HTTPS, namely, that service personalization inadvertently results in the exposure of private information. The separation of functionality across multiple cookies with different scopes and inter-dependencies further complicates matters, as imprecise access control renders restricted account functionality accessible to non-secure cookies. Our cookie hijacking study reveals a number of severe flaws; for example, attackers can obtain the user’s saved address and visited websites from e.g., Google, Bing, and Yahoo allow attackers to extract the contact list and send emails from the user’s account. To estimate the extent of the threat, we run measurements on a university public wireless network for a period of 30 days and detect over 282K accounts exposing the cookies required for our hijacking attacks. Next, we explore and study security mechanisms purposed to eliminate this problem by enforcing encryption such as HSTS and HTTPS Everywhere. We evaluate each mechanism in terms of its adoption and effectiveness. We find that all mechanisms suffer from implementation flaws or deployment issues and argue that, as long as servers continue to not support ubiquitous encryption across their entire domain, no mechanism can effectively protect users from cookie hijacking and information leakage. Finally, as the security guarantees of TLS (in turn HTTPS), are critically dependent on the correct validation of X.509 server certificates, we study hostname verification, a critical component in the certificate validation process. We develop HVLearn, a novel testing framework to verify the correctness of hostname verification implementations and use HVLearn to analyze a number of popular TLS libraries and applications. To this end, we found 8 unique violations of the RFC specifications. Several of these violations are critical and can render the affected implementations vulnerable to man-in-the-middle attacks

Library and Tools for Server-Side DNSSEC Implementation

Tato práce se zabývá analýzou současných open source řešení pro zabezpečení DNS zón pomocí technologie DNSSEC. Na základě provedené rešerše je navržena a implementována nová knihovna pro použití na autoritativních DNS serverech. Cílem knihovny je zachovat výhody stávajících řešení a vyřešit jejich nedostatky. Součástí návrhu je i sada nástrojů pro správu politiky a klíčů. Funkčnost vytvořené knihovny je ukázána na jejím použití v serveru Knot DNS.This thesis deals with currently available open-source solutions for securing DNS zones using the DNSSEC mechanism. Based on the findings, a new DNSSEC library for an authoritative name server is designed and implemented. The aim of the library is to keep the benefits of existing solutions and to eliminate their drawbacks. Also a set of utilities to manage keys and signing policy is proposed. The functionality of the library is demonstrated by it's use in the Knot DNS server.

Internet Domain Names: Background and Policy Issues

This report discusses the Domain Name System (DNS), which is the distributed set of databases residing in computers around the world that contain address numbers mapped to corresponding domain names, making it possible to send and receive messages and to access information from computers anywhere on the Internet

Internet Domain Names: Background and Policy Issues

This report discusses the Domain Name System (DNS), which is the distributed set of databases residing in computers around the world that contain address numbers mapped to corresponding domain names, making it possible to send and receive messages and to access information from computers anywhere on the Internet

Ochrana doménových jmen

Ochrana doménových mien Život každého z nás je v súčasnosti stále viac závislý od informácií, pričom ich najbežnejším zdrojom sa stáva internet. Jedným z hlavných aspektov, s ktorým sa užívateľ internetu musí vysporiadať, je doménové meno, teda internetová adresa. Napriek tomu je bežné, že užívatelia internetu nerozlišujú medzi pojmami internet, prehliadač, vyhľadávač, či webová stránka. Nie sú oboznámený ani s právnym a technickým konceptom doménových mien. Tie sú prideľované na základe pravidla "first come, first served" teda prednosť má ten, kto si doménové meno zaregistruje ako prvý. To z neho robí cenný artikel a teda aj častý predmet právnych sporov. Cieľom mojej práce je analýza možností ochrany doménových mien, v súvislosti s absenciou ich komplexnej právnej regulácie, čo je jav nie výnimočný len pre Český právny poriadok. Prvá kapitola práce sa zaoberá sieťou Internet a jej základnou infraštruktúrou. Dôraz je kladený na doménové mená, ich technické aspekty, hierarchickú štruktúru a typológiu. Nasledujúca kapitola uvádza najdôležitejšie organizácie zapojené do procesu tvorby pravidiel a postupov, ktoré slúžia na zaistenie spolupráce medzi inštitúciami poverenými dohľadom nad chodom siete Internet a správou registrácie zdrojov číselných adries a systému doménových mien. Kapitola taktiež...Protection of domain names Life nowadays is much more dependent on information and the most common source of them right now is Internet. One of the main aspects, that users of Internet have to deal with, is a domain names, as a website address. Nevertheless it's common, that users do not differentiate between internet, browser, search engine or web page, nor are familiar with the legal and technical concept of domain names. Domains are allocated according to a first come first serve basis and that makes them valuable article and thus subject of common legal disputes. The purpose of my thesis is to analyze ways of legal protection of domain names and the absence of its legal regulation, which is not unique for Czech legal system. First chapter of my thesis deals briefly with internet and its basic infrastructure, including internet protocol, with deeper focus on domain names, their technical aspects, hierarchical structure and typology. Next chapter mentions the main organizations involved in creating rules and policies for cooperation among institutions authorized to oversee internet and managing the registration of internet number resources and domain name system. This chapter includes the description of main characteristics for the process for resolution of disputes according to UDRP (Uniform...Department of Business LawKatedra obchodního právaPrávnická fakultaFaculty of La