Una proposta per il servizio di Posta Elettronica del CNR

A proposal for the CNR electronic mail serviceUna proposta per la ristrutturazione del servizio di Posta Elettronica del CN

Attacking RO-PUFs with Enhanced Challenge-Response Pairs

This paper studies the security of Ring Oscillator Physically Unclonable Function (PUF) with Enhanced Challenge-Response Pairs as proposed by Delavar et al. We present an attack that can predict all PUF responses after querying the PUF with n+2 attacker-chosen queries. This result renders the proposed RO-PUF with Enhanced Challenge-Response Pairs inapt for most typical PUF use cases, including but not limited to all cases where an attacker has query access

EXPLORATION OF THE DESIGN OF A COMPLEX E-MAIL SYSTEM

The management of an Internet service involves a variety of aspects, ranging from the economic to the technical and organizational. Cost reduction, management simplification and improvement of service quality are the fundamental targets of every Internet service project. In geographically widespread organizations where numerous servers are used in order to implement distributed network services, both costs and human labor for maintenance and management are greatly multiplied. We believe that security and maintenance problems, and thus cost, could be reduced by transferring from a distributed to a centralized service. However, this choice would undermine the flexibility needed by local administrators in order to be able to administer their own services. This paper describes a hybrid service management model (partly centralized, partly distributed) and outlines the results we obtained by applying this model to the e-mail service of our organization

A security analysis of email communications

The objective of this report is to analyse the security and privacy risks of email communications and identify technical countermeasures capable of mitigating them effectively. In order to do so, the report analyses from a technical point of view the core set of communication protocols and standards that support email communications in order to identify and understand the existing security and privacy vulnerabilities. On the basis of this analysis, the report identifies and analyses technical countermeasures, in the form of newer standards, protocols and tools, aimed at ensuring a better protection of the security and privacy of email communications. The practical implementation of each countermeasure is evaluated in order to understand its limitations and identify potential technical and organisational constrains that could limit its effectiveness in practice. The outcome of the above mentioned analysis is a set of recommendations regarding technical and organisational measures that when combined properly have the potential of more effectively mitigating the privacy and security risks of today's email communications.JRC.G.6-Digital Citizen Securit

Your Vulnerability Disclosure Is Important To Us: An Analysis of Coordinated Vulnerability Disclosure Responses Using a Real Security Issue

It is a public secret that doing email securely is fraught with challenges. We found a vulnerability present at many email providers, allowing us to spoof email on behalf of many organisations. As email vulnerabilities are ten a penny, instead of focusing on yet another email vulnerability we ask a different question: how do organisations react to the disclosure of such a security issue in the wild? We specifically focus on organisations from the public and critical infrastructure sector who are required to respond to such notifications by law. We find that many organisations are difficult to reach when it concerns security issues, even if they have a security contact point. Additionally, our findings show that having policy in place improves the response and resolution rate, but that even with a policy in place, half of our reports remain unanswered and unsolved after 90~days. Based on these findings we provide recommendations to organisations and bodies such as ENISA to improve future coordinated vulnerability disclosure processes.Comment: 15 pages, 15 figure

Your Vulnerability Disclosure Is Important To Us: An Analysis of Coordinated Vulnerability Disclosure Responses Using a Real Security Issue

It is a public secret that doing email securely is fraught with challenges. We found a vulnerability present at many email providers, allowing us to spoof email on behalf of many organisations. As email vulnerabilities are ten a penny, instead of focusing on yet another email vulnerability we ask a different question: how do organisations react to the disclosure of such a security issue in the wild? We specifically focus on organisations from the public and critical infrastructure sector who are required to respond to such notifications by law. We find that many organisations are difficult to reach when it concerns security issues, even if they have a security contact point. Additionally, our findings show that having policy in place improves the response and resolution rate, but that even with a policy in place, half of our reports remain unanswered and unsolved after 90 days. Based on these findings we provide recommendations to organisations and bodies such as ENISA to improve future coordinated vulnerability disclosure processes

Electronic mail

Ovaj završni rad iskazuje cjelokupan sustav elektroničke pošte. Koristeći literaturu i RFC (Request for Comments) dokumente koji propisuju standarde za internetske entitete, opisana je elektronička poruka kao medij koji sadrži informaciju, protokoli koji služe za njezin prijenos i postupci za osiguravanje sigurnosti tijekom prijenosa. Elek- tronička je poruka sastavljena od niza ASCII znakova, a zahvaljujući MIME standardu, uz poruku je moguće priložiti i datoteku koja nije isključivo tekstualnog tipa. Elek- tronička poruka, nakon sto je sastavljena, pomocu SMTP protokola putuje do željene destinacije, a pri dolasku primateljev mail klijent ju dohvaća koristeći neki od protokola za dohvaćanje poruka. Praktični dio završnog rada sastoji se od implementacije programa koji šalje elek- troničku poruku.This bachelor's thesis presents the complete electronic mail system. By using available literature and RFC (Request for Comments) documents which prescribe standards for Internet related entities, the electronic mail is described as a medium that contains an information, transfer protocols and safe-keeping steps during transfer. Electronic message consists of sequences of ASCII characters, and thanks to MIME protocol, it is possible to attach a non-textual le to the message. When completed, electronic message travels to a certain destination via SMTP protocol, and then mail client access it with mail access protocols. The practical part contains the implementation of the program which sends an electronic message