7,242 Hits in 6.2 sec

Cloudsweeper and data-centric security

Peter Snyder, Chris Kanich
2014 Computers & society  
This binary system amplifies the harm of giving access to an unauthorized individual and motivates system designers to strengthen access control mechanisms to the point where they become so strong as to  ...  Most security online is binary, where being authorized to access a system allows complete access to the requested resource.  ...  ACKNOWLEDGMENTS We would like to thank Brian Krebs for his feedback and publicity of the Cloudsweeper system.  ... 
doi:10.1145/2656870.2656872 fatcat:sze5g4jpbvhgtek263ybjrne7a

Secure Email Transmission Protocols – A New Architecture Design [article]

Gabriel Chen, Rick Wanner
2022 arXiv   pre-print
On top of the basic layer of SMTP, POP3, and IMAP protocols to send and retrieve emails, there are several other major security protocols used in current days to secure email transmission such as TLS/SSL  ...  We explore some new techniques and propose a new email transmission architecture using EEKS structure and Schnorr Signature to eliminate the usage of PGP/GPG for encryption while achieving Perfect Forward  ...  Acknowledgments We thank WiCyS (Women in Cybersecurity) for their generous support to this paper.  ... 
arXiv:2208.00388v1 fatcat:gvt752un2vgu3gqm7vmcbqj2na

On the Security of Practical Mail User Agents against Cache Side-Channel Attacks

Hodong Kim, Hyundo Yoon, Youngjoo Shin, Junbeom Hur
2020 Applied Sciences  
In order to demonstrate this, we implemented a cache side-channel attack on RSA in GnuPG and then conducted an evaluation of the vulnerability of 13 MUAs that support email encryption in Ubuntu 14.04,  ...  Mail user agent (MUA) programs provide an integrated interface for email services. Many MUAs support email encryption functionality to ensure the confidentiality of emails.  ...  It secures the content of emails using end-to-end encryption in the application layer independently of transport layer security (TLS).  ... 
doi:10.3390/app10113770 fatcat:tdwdlonz3ndpzd67tb3vk7mije

Why Joanie Can Encrypt

John S. Koh, Steven M. Bellovin, Jason Nieh
2019 Proceedings of the Fourteenth EuroSys Conference 2019 CD-ROM on ZZZ - EuroSys '19  
Email privacy is of crucial importance. Existing email encryption approaches are comprehensive but seldom used due to their complexity and inconvenience.  ...  Compromising an email account or server only provides access to encrypted emails.  ...  To mitigate the effects of short-term memory on survey results, we randomized the order of the email clients.  ... 
doi:10.1145/3302424.3303980 dblp:conf/eurosys/KohBN19 fatcat:fzh74pjxmbel3l7edc3r6szvkq

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Somorovsky, Juraj Ruhr University Bochum Schwenk
2018 Zenodo  
We describe novel attacks built upon a technique we call malleability gadgets to reveal the plaintext of encrypted emails.  ...  OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails.  ...  AES-SIV and our attack in general, Tobias Kappert for countless remarks regarding the deflate algorithm, and our anonymous reviewers for many insightful comments.  ... 
doi:10.5281/zenodo.2594632 fatcat:nqh6igyhpnhndi365qnjcfckve

Cloud Computing Security Services to Mitigate DDoS Attacks [chapter]

Akashdeep Bhardwaj, Sam Goundar
2020 Cloud Computing Security [Working Title]  
mitigate distributed denial of service attacks on cloud infrastructures.  ...  This chapter focuses on the challenges and risks faced in cloud security services in the areas which include identity access management, web security, email security, network security, encryption, information  ...  Moving on to further discuss encryption supposedly if data is not encrypted, spoofing attacks can take place.  ... 
doi:10.5772/intechopen.92683 fatcat:hawwsgmumnhvldxls5dbejbpou

A note on different types of ransomware attacks [article]

Mihail Anghel, Andrei Racautanu
2019 IACR Cryptology ePrint Archive  
Ransomware are malware whose purpose is to generate income for the attacker. The first of these malware made intense use of cryptography, specifically for file encryption.  ...  They encrypt some or most files on the computer before asking a ransom for the decryption.  ...  These rely on strategic reconnaissance of the end users, and are often reserved for more specific targeted attacks phishing emails -may be spam or specially crafted to specific an organization or industry  ... 
dblp:journals/iacr/AnghelR19 fatcat:i5py6kovzrgj7me4igsoldqeee

An Analysis of the ProtonMail Cryptographic Architecture [article]

Nadim Kobeissi
2018 IACR Cryptology ePrint Archive  
ProtonMail is an online email service that claims to offer end-to-end encryption such that "even [ProtonMail] cannot read and decrypt [user] emails."  ...  We find that for the majority of ProtonMail users, no end-to-end encryption guarantees have ever been provided by the ProtonMail service.  ...  Acknowledgements This paper is dedicated to music composer Toby Fox. We also thank Santiago Zanella-Béguelin for his insight.  ... 
dblp:journals/iacr/Kobeissi18a fatcat:zgngtvxxlrca7bijhig2xj5y4m

SoK: Securing Email – A Stakeholder-Based Analysis (Extended Version) [article]

Jeremy Clark, P.C. van Oorschot, Scott Ruoti, Kent Seamons, Daniel Zappala
2021 arXiv   pre-print
We begin by identifying a variety of stakeholders who have an interest in the current email system and in efforts to provide secure solutions.  ...  We then use the tussle among stakeholders to explain the evolution of fragmented secure email solutions undertaken by industry, academia, and independent developers.  ...  Another issue that is highly relevant to enterprises is mitigating carefully targeted social engineering attacks against its employees, often conducted through email. 3.2.1 End-to-end encryption and  ... 
arXiv:1804.07706v3 fatcat:wbocbmeetve6vfkt3fzayjcelq

A Socio-technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks

Hardeep Singh, Dean Sittig
2016 Applied Clinical Informatics  
Similar to approaches to address other complex socio-technical health IT challenges, the responsibility of preventing, mitigating, and recovering from these attacks is shared between health IT professionals  ...  A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks.  ...  State of the Art / Best Practice Paper Sittig DF, Singh H. A Socio-technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks  ... 
doi:10.4338/aci-2016-04-soa-0064 pmid:27437066 pmcid:PMC4941865 fatcat:yujlaz5v3fbhnnnvwo3idm6pte

Stenog-Shell Framework for Anonymous File Exchange

Talal Noor, Mohammad Hweidi, Ahmed Mohiuddin, Damith Ranasinghe
2010 Journal of Ubiquitous Systems and Pervasive Networks  
Most previous work has focused on mitigating external attacks on data communication by improving data encryption and integrity techniques.  ...  In this paper, we present a novel anonymization-based framework (Stenog-Shell) that focuses on internal attacks on breached emails and stolen removable storage devices (i.e., the attacks from the insiders  ...  Scenarios One of the popular mechanisms for file exchange is email due to its user-friendly nature; where users can attach files to an email message.  ... 
doi:10.5383/juspn.01.01.002 dblp:journals/juspn/NoorHMR10 fatcat:6lbl2x5f5ff23lfu4bhrk5h35e

Understanding the Evolution of Ransomware: Paradigm Shifts in Attack Structures

Aaron Zimba, Mumbi Chishimba
2019 International Journal of Computer Network and Information Security  
We propose a ransomware categorization framework that classifies the virulence of a given ransomware based on a proposed classification algorithm that is based on data deletion and file encryption attack  ...  We evaluate our modeling approach with a WannaCry attack use case and suggest mitigation strategies and recommend best practices based on these models.  ...  In the case of the latter, it is very difficult to mitigate the attack since there are no residual encryption essentials on the victim. CAT5 represents the current generation of ransomware.  ... 
doi:10.5815/ijcnis.2019.01.03 fatcat:nejwhbc3jja5hkqu3ucchmrqde

LEAP: A Next-Generation Client VPN and Encrypted Email Provider [chapter]

Elijah Sparrow, Harry Halpin, Kali Kaneko, Ruben Pollan
2016 Lecture Notes in Computer Science  
As demonstrated by the revelations of Edward Snowden on the extent of pervasive surveillance, one pressing danger is in the vast predominance of unencrypted messages, due to the influence of the centralizing  ...  We present the threat model and architectural design of the LEAP platform and client applications, which currently provisions opportunistic email encryption combined with a VPN tunnel and cross-device  ...  of having end-to-end encrypted email. 7 Strangely enough, other services such as Protonmail 8 seem to be repeating this flawed model for encrypted messaging.  ... 
doi:10.1007/978-3-319-48965-0_11 fatcat:d2aljluvc5fr7oop3lmgqnghme


Peter Snyder, Chris Kanich
2013 Proceedings of the 2013 ACM workshop on Cloud computing security workshop - CCSW '13  
Cloudsweeper gives users the opportunity to remove or "lock up" sensitive, unexpected, and rarely used information to mitigate the risks of cloud storage accounts without sacrificing the benefits of cloud  ...  Cloud based storage accounts like web email are compromised on a daily basis. At the same time, billions of Internet users store private information in these accounts.  ...  ACKNOWLEDGEMENTS We would like to thank Brian Krebs for his feedback and publicity of the Cloudsweeper system.  ... 
doi:10.1145/2517488.2517495 dblp:conf/ccs/SnyderK13 fatcat:eza5aufu25hh5lm6czsjjk4zg4

User-visible cryptography in email and web scenarios

Phil Brooke, Richard Paige
2015 Information and Computer Security  
Mitigations One typical way to mitigate confidentiality risks is through opportunistic encryption (Garfinkel, 2003b) .  ...  experienced at using email, yet only one-third of them were able to use PGP 5.0 to correctly sign and encrypt an email message when given 90 minutes in which to do so".  ... 
doi:10.1108/ics-07-2013-0054 fatcat:wtnxkreq3fcnlbmznig7rii5im
« Previous Showing results 1 — 15 out of 7,242 results