Abstract
When sending highly confidential information by e-mail, there is a method of attaching a ZIP file encrypted with a password to the e-mail, and then sending the password for decryption separately by e-mail, which is the same channel. We named this method “Ostrich ZIP”. While Ostrich ZIP method is used to protect information through encryption and to prevent misdirection, its meaning is sometimes questioned. However, it is difficult to say that these discussions have been organized. In this paper, the advantages, disadvantages, and threats of Ostrich ZIP are summarized based on these discussions, and the current situation is clarified by surveying the environment related to Ostrich ZIP. In addition, we construct an information leakage event model for file sharing when sending and receiving e-mails, and evaluate and discuss the information leakage risk of ostrich ZIP and alternative measures based on the model. Finally, the background of the use of the ostrich ZIP is discussed from institutional and other perspectives, adding another perspective along with the information leakage risk results. This paper will be provided as a comprehensive risk assessment of the ostrich ZIP.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
The PrivacyMark is a reputable privacy-centric certification in Japan. https://privacymark.org/.
References
KImura, T.: Thinking about secure file sending and receiving between organizations - what is the purpose of encrypted ZIP? Internet Week 2016. https://www.nic.ad.jp/ja/materials/iw/2016/proceedings/t17/t17-kimura.pdf (2016). (Japanese)
Nomura, Y.: Do you really need encryption on that email? Okayama Information and Communication Technology Study Group. https://www.slideshare.net/nomlab/ss-85329306 (2017). (Japanese)
Sawatari, A.: Work Game - Is that “natural" necessary nowadays? Gijutsu-Hyohron (2019). (Japanese)
Uehara, T.: Why do we attach zip files with passwords to emails? Column No. 595, Institute of Digital Forensics (2019). https://digitalforensic.jp/2019/12/23/column595/ (Japanese)
@hashcat (2019). https://twitter.com/hashcat/status/1129441728761610242
JIPDEC PrivacyMark Promotion Center: Guidelines for the implementation of personal information protection management systems based on JIS Q 15001:2006. JSA Press (2010). (Japanese)
Uchikawa, K.: Guidebook for Implementing and Implementing a Personal Information Protection Management System for JIS Q 15001:2017. JSA Press (2018). (Japanese)
Ogawa, D.: I’ll send you the password after that. Why it’s not used at all in the U.S. and Europe, ITmedia Enterprise (2015). https://www.itmedia.co.jp/enterprise/articles/1509/18/news016.html
@matthew\_d\_green. https://twitter.com/matthew_d_green/status/1141430884459044864
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Nakayama, M., Kanaoka, A. (2021). Risk Assessment of “Ostrich ZIP”. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2021. Lecture Notes in Computer Science(), vol 12788. Springer, Cham. https://doi.org/10.1007/978-3-030-77392-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-77392-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-77391-5
Online ISBN: 978-3-030-77392-2
eBook Packages: Computer ScienceComputer Science (R0)