Abstract
Convergence among industries has made network data loss prevention (DLP) more important, in that in the IT-convergence environment, web mail is utilized as a means of information delivery. The web mail used in various industries has two facets: convenience for information transfer, and vulnerability to leakage of confidential information. Monitoring blocking and logging of web mail are a few of the major security methods that have been employed for prevention of such leakage. However, application of HTTP over SSL (HTTPs) to web mail systems such as Gmail has revealed the limitations of existing web mail security methods in controlling web mail. Most importantly, the existing method cannot control encrypted contents of web mail. In this paper, we propose a method that controls HTTPs web mail contents by using a proxy server and distributing the secure socket layer (SSL) certificate to user’ s PC. The proxy server plays the Certificate Authority role between the users’ PCs and the web mail server, distributing its own SSL certificates to the users’ PCs. The SSL certificate is the key to encryption and decryption of HTTPs web mail contents. Using the protocol derived in the present study, HTTPs web mail contents can be controlled as an effect of content-awareness. Network DLP is effected by monitoring, blocking and logging suspicious mail contents using HTTPs.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Adelsbach, A., Gajek, S., & Schwenk, J. (2005). Visual spoofing of SSL protected web sites and effective countermeasures. In Proceedings of ISPEC2005 (Vol. 3439, pp. 204–217), LNCS.
Andreeva E., Mennink B., Preneel B. (2010) Security properties of domain extenders for cryptographic hash functions. Journal of Information Processing Systems 6(4): 453–480
Callegati F. (2009) Man-in-the-middle attack to the HTTPs protocol. Security & Privacy 7(1): 78–81
Cheng B., Chen H., Tseng R. (2010) Quality assurance evidence collection model for MSN forensics. Journal of Intelligent Manufacturing 21(5): 613–622
Dierks, T., & Rescorla, E. (2006). The TLS protocol Version 1.1, RFC4346. http://wiki.ietf.org/html/rfc4346. Accessed on May 15, 2012.
Fossi, M., Egan G., Johnson, E., & Mark, T. (2010). Symantec internet security threat report trends for 2010, White paper, Symantec Corporation.
Hsu, P.-H., Tang, W., Tsai, C., & Cheng, B.-C. (2011). Two-layer security scheme for AMI system in Taiwan. ISPAW, 105–110.
Imani M., Taheri M., Naderi M. (2010) Security enhanced routing protocol for ad hoc networks. Journal of Convergence 1(1): 43–48
Kryvinska N., Van Thanh D., Strauss C. (2011) Integrated management platform for seamless services provisioning in converged network. International Journal of Information Technology, Communications and Convergence 1(1): 77–91
Ling A., Masao M. (2011) Selection of model in developing information security criteria for smart grid security system. Journal of Convergence 2(1): 39–46
Newton C. W., Arockiam L. (2011) A novel prediction technique to improve quality of service (QoS) for heterogeneous data traffic. Journal of Intelligent Manufacturing 22(6): 867–872
Oppliger, R., & Gajek, S. (2005). Effective protection against phishing and web spoofing. In Proceedings of CMS 2005, (Vol. 3677, pp. 32–41), LNCS.
Oppliger R., Hauser R., Basin D. (2006) SSL/TLS session-aware user authentication. Computer Communication 29(12): 2238–2246
Oppliger R., Hauser R., Basin D. (2008) SSL/TLS session-aware user authentication revisited. Computers & Security 27(3–4): 64–70
Ornaghi A., Valleri M. (2003) Man in the middle attacks demos, the scenario server client attacker. Blackhat Conference 3: 1–33
OWASP (2009). The Open Web Application Security Project. http://www.owasp.org. Accessed on May 15, 2012.
Voss M., Whipple J., Closs D. (2009) The role of strategic security: Internal and external security measures with security performance implications. Transportation Journal 48(2): 5–23
Ward B., Purwin C., Supior J., Volonino L. (2009) Recognizing the impact of E-Discovery amendments on electronic records management. Information Systems Management 26(4): 350–356
Xia, H., & Brustonlini, J. (2005). Hardening Web browers against man in the middle and eavesdropping attacks. In Proceeding on WWW ’05 proceedings of the 14th international conference on World Wide Web, ACM (pp. 489–498).
Xie B., Kumar A., Zhao D., Reddy R., He B. (2011) On secure communication in integrated heterogeneous wireless networks. International Journal of Information Technology, Communications and Convergence 1(1): 4–23
Yilek, S., Rescorla, E., Enright, B., & Savage, S. (2008). When private keys are public: Results from the 2008 Debian Open SSL vulnerability. In IMC’09 proceedings of the 9th ACM SIGCOMM conference on internet measurement confernece (pp. 15–17).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hong, Y.R., Kim, D. Content-based control of HTTPs mail for implementation of IT-convergence security environment. J Intell Manuf 25, 231–239 (2014). https://doi.org/10.1007/s10845-012-0666-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10845-012-0666-1