Request for Comments: 5616

Streaming Internet Messaging Attachments This document describes a method for streaming multimedia attachments received by a resource- and/or network-constrained device from an IMAP server. It allows such clients, which often have limits in storage space and bandwidth, to play video and audio email content. The document describes a profile for making use of the URLAUTHauthorize

Multi-Media Mail in heterogeneous Networks

The MIME approach seems to be the most reasonable effort for allowing the sending and receiving of multimedia messages using standard Internet mail transport facilities. Providing new header fields, such as MIME-Version, Content-Type, and Content- Transfer-Encoding, it is now possible to include various kinds of information types, e.g. audio, images, richtext, or video, into a RFC 822-conformant mail. Making use of these headers, it is possible to fully describe an attached body part, so that a receiving mail user agent is able to display it without any loss of information. Additionally, the definition of the "multipart" and "message" content types allows the creation of hierarchical structured mails, e.g. a message containing two alternative parts of information, one that can be shown using a simple ASCII-terminal, the other to be displayed on a multimedia workstation. Allowing the definition of bilaterally defined content types and providing a standardized means of establishing new content types prevent MIME from being a one-way road and supply mechanisms to extend MIME for future use

Design and Implementation of Network Transfer Protocol for Big Genomic Data

Genomic data is growing exponentially due to next generation sequencing technologies (NGS) and their ability to produce massive amounts of data in a short time. NGS technologies generate big genomic data that needs to be exchanged between different locations efficiently and reliably. The current network transfer protocols rely on Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) protocols, ignoring data size and type. Universal application layer protocols such as HTTP are designed for wide variety of data types and are not particularly efficient for genomic data. Therefore, we present a new data-aware transfer protocol for genomic-data that increases network throughput and reduces latency, called Genomic Text Transfer Protocol (GTTP). In this paper, we design and implement a new network transfer protocol for big genomic DNA dataset that relies on the Hypertext Transfer Protocol (HTTP). Modification to content-encoding of HTTP has been done that would transfer big genomic DNA datasets using machine-to-machine (M2M) and client(s)-server topologies. Our results show that our modification to HTTP reduces the transmitted data by 75% of original data and still be able to regenerate the data at the client side for bioinformatics analysis. Consequently, the transfer of data using GTTP is shown to be much faster (about 8 times faster than HTTP) when compared with regular HTTP

Analyzing practical communication security of Android vendor applications

The development of mobile devices and the new personalized services have gone to the point, where users do not alone control their data. While the devices are in constant communication with the cloud services the user’s data and the data of the user move ever more to the services providers’ cloud services. Little is known about how and how well service providers protect the users’ information. The work studies two biggest western Android based ecosystems, Google’s and Amazon’s, own applications’ practical security in the communication process. The aim is to identify all mechanisms used to protect the information that is communicated with the Android device. The study used one device from Amazon and Google, and the application market was chosen from both service providers for in-depth study. The applications were selected on the basis that they must provide same service in order to make the comparison possible. In practice, the applications and devices were studied by performing active and passive Man-in-the-middle (MITM) attacks in network laboratory. The communications were intercepted and analysed afterwards. Both vendors relied heavily on SSL/TLS protocol. Also in common was the usage, roles and acquirement of authorization tokens. Amazon’s client applications were noticed to use digital signatures. The biggest difference between the market applications was that Google required authentication when buying an application, while Amazon did not require it. During the same authentication Google sent user’s password in plaintext inside the TLS connection. During the less frequently happening registration of the user’s Google account to the device the user’s password is sent instead encrypted inside the TLS connection. An active MITM attack was performed on the Google device and account to demonstrate what the attacker can do in practice, when SSL/TLS connection is compromised. With manipulating traffic and intercepting authorization tokens the attacker is able to spy the victim and access to nearly all the victim’s Google data for the present. In addition, the attacker can “force” the victim to register herself again to the Android device and the attacker can use the victim’s intercepted encrypted password to add the victim’s Google account to her own device