PrivMail: A Privacy-Preserving Framework for Secure Emails

Emails have improved our workplace efficiency and communication. However, they are often processed unencrypted by mail servers, leaving them open to data breaches on a single service provider. Public-key based solutions for end-to-end secured email, such as Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME), are available but are not widely adopted due to usability obstacles and also hinder processing of encrypted emails. We propose PrivMail, a novel approach to secure emails using secret sharing methods. Our framework utilizes Secure Multi-Party Computation techniques to relay emails through multiple service providers, thereby preventing any of them from accessing the content in plaintext. Additionally, PrivMail supports private server-side email processing similar to IMAP SEARCH, and eliminates the need for cryptographic certificates, resulting in better usability than public-key based solutions. An important aspect of our framework is its capability to enable third-party searches on user emails while maintaining the privacy of both the email and the query used to conduct the search. We integrate PrivMail into the current email infrastructure and provide a Thunderbird plugin to enhance user-friendliness. To evaluate our solution, we benchmarked transfer and search operations using the Enron Email Dataset and demonstrate that PrivMail is an effective solution for enhancing email security

New Approaches to Mitigation of Malicious Traffic in VoIP Networks

Voice over IP (VoIP) telephony is becoming widespread in use, and is often integrated into computer networks. Because of this, malicious software threatens VoIP systems in the same way that traditional computer systems have been attacked by viruses, worms, and other automated agents. VoIP networks are a challenge to secure against such malware as much of the network intelligence is focused on the edge devices and access environment. This paper describes the design and implementation of a novel VoIP security architecture in which evaluation of, and mitigation against, malicious traffic is demonstrated by the use of virtual machines to emulate vulnerable clients and servers through the use of apparent attack vectors. This new architecture, which is part of an ongoing research project, establishes interaction between the VoIP backend and the end users, thus providing information about ongoing and unknown attacks to users

CERT strategy to deal with phishing attacks

Every day, internet thieves employ new ways to obtain personal identity people and get access to their personal information. Phishing is a somehow complex method that has recently been considered by internet thieves.The present study aims to explain phishing, and why an organization should deal with it and its challenges of providing. In addition, different kinds of this attack and classification of security approaches for organizational and lay users are addressed in this article. Finally, the CERT strategy is presented to deal with phishing and studying some anti-phishing

VoIP security - attacks and solutions

Voice over IP (VoIP) technology is being extensively and rapidly deployed. Flexibility and cost efficiency are the key factors luring enterprises to transition to VoIP. Some security problems may surface with the widespread deployment of VoIP. This article presents an overview of VoIP systems and its security issues. First, we briefly describe basic VoIP architecture and its fundamental differences compared to PSTN. Next, basic VoIP protocols used for signaling and media transport, as well as defense mechanisms are described. Finally, current and potential VoIP attacks along with the approaches that have been adopted to counter the attacks are discussed

Using a Certificate Public Key to Protect DKIM Public Key Spoofing

Brand Indicators for Message Identification (BIMI) is a standard that allows domain owners to coordinate with Mail User Agents (MUAs) to display brand-specific indicators or logos next to properly authenticated messages. A Verified Mark Certificate allows an email service to authenticate a logo, but currently BIMI is susceptible to DNS spoofing attacks. In this work, BIMI messages are protected from DNS spoofing by aligning the message’s DomainKeys Identified Mail (DKIM) public key with the public key associated with the VMC. The email service may validate the alignment between the keys as part of the authentication of the message. When the keys match, the email service may display the indicator or logo along with the message. When the keys do not match, the email service may reject the authentication and not display the logo or indicator

Сложность как граница управляемости сложной социотехнической системой

Выдвинута гипотеза существования зависимости информации о границах управляемости социотехнической системы от эффективности ее управления. Определены уровни описания социотехнической системы и причины повышения ее сложности. Описана модель социотехнической системы с точки зрения совокупности структур реализующих цели, технологий, факторов влияющих на функционирование.The article deals with a hypothesis of the existence depending information about the boundaries of socio-technical system of control on the effectiveness of its control. The author defines the levels of describing of socio-technical system and describes the reasons for increasing its complexity. The model of socio-technical system is made from the point of complex of structures realizing aims, technologies, factors which influence on the operation