Abzetdin Adamov's IT Blog

IT is about doing more with less!

Archive for October, 2011

Qafqaz University has applied for IISRC Consortium membership

Posted by Abzetdin Adamov on October 27, 2011

Scientific Conference on International Information Security - Opening Ceremony and Welcome Speech

Scientific Conference on International Information Security - Opening Ceremony and Welcome Speech

Scientific Conference on International Information Security has started its work in Changsha, China in 25 October and continue till 27 October. Representatives of many countries including Russia, United States, China, United Kingdom, Canada, Israel, etc. have came together to discuss existing Information Security Problems and try to find joint decisions acceptable for all sides.

Representatives of all participating countries show their concern about increasing cyber treats in Internet environment. All participants express understanding that regardless to technological and economical development no country alone can succeed in the war against cyber crime. It’s why International Information Security Research Consortium (IISRC) consortium is trying to convince more countries to join to convention on International Information Security. Actually any organization actively using cyberspace and concern about its security may apply for IISRC Consortium membership. Like so, during conference the application of world leading global online payment company PayPal was reviewed and accepted as a member of IISRC Consortium, moreover, Qafqaz University has officially applied for membership of the consortium.

It’s really facinating scientific event and good opportunity to meet people who have different views to the same problems, but at the same time common aims to make cyberspace more secure and sustainable as well. One of key issues conference stands on is discussion on common terminology for cyberspace security. There are so many ideas and different understandings on each terminology that it’s going to be problematic to come to agreement. At the same time, such discussion gives an opportunuty to escape unacceptable interpretations and get mature decision. Anyway, I think terminology should be kept as general and broad as possible escaping details, otherwise we will have more misundertandings that we have now.

Some evenets and workshops took place during conference days:

  • Opening Ceremony and Welcome Speech (Zhou Ji, President of Chinese Academy of Engineering – CAE)
  • Establishment of regulations on Internet conducts (Anatoly Streltsov – Director of Department of the Russian Security Council, Russia)
  • International Information Security. New Initiatives of Russia (Sherstuyk V.P., Director of Institute of Information Security Issues of Moscow State University, Russia)
  • Thoughts on Cyber Sovereignty and Scientific Problems of Internet Content Analyzing (Fang Binxing, Academician of CAE, China)
  • Cyber Security and International Cooperation (Nigel Inkster, Dicercor of the International Institute for Strategic Studies, UK)
  • International Information Security Reaserch Consortium (IISRC) Annual Plan for 2012 (Sherstuyk V.P., Russia)
  • PayPal company presented its vision of cyber security and answered to question what is PayPal’s contribution to Cyberspace Security (Andy Steingruebl, Senior Manager, PayPal, USA)
  • IISRC Membership Application Presentation by Qafqaz University (Adamov A.Z., Chair of Computer Engineering Department at Qafqaz University, Azerbaijan)
  • Workshop on Concept of Convention on International Information Security (Sherstuyk V.P., Russia)
  • Workshop on International Information Security Glossary (Karl F. Rauscher, Cheif Technology Officer, EastWest Institute , USA)
  • Workshop on Models on Escalation and De-escalation in Cyber Conflict (John Mallery, Research Scientist, MIT, USA)
Advertisements

Posted in Meetings with Colleagues | Leave a Comment »

AICT2011 International Conference concluded its work by Closing Ceremony at the Qafqaz University

Posted by Abzetdin Adamov on October 14, 2011

AICT2011 International Conference Opening Ceremony

AICT2011 International Conference Opening Ceremony

The 5th International Conference on “Application of Information and Communication Technologies AICT2011” has ended. We extend our sincere gratitude and appreciation to all attendees and presenters, for their invaluable contributions in making this event a great success.

We hope the past three days have been fruitful and that all attendees were able to make the most from the technical sessions. Wide range of keynote speeches, tutorials, and discussions, were presented with new ways to deal with some of the challenges in Application of ICT. We hope that each participant shared his experiences and expertise with other participants from near and far, and that a cordial relationship etablished among all attendees during the AICT2011 Conference will futher strengthen.

Through this Conference we have seen that the Application of ICT is vital for business, community and governments. The Application of ICT is the staff of effectiveness, the essential input and requirement of new digital century. We are sure, the lessons learnt during Conference will equip us to respond to the complexity of technical, technological and organizational challenges in the way of making our organizations compatible to requirements of ICT penetrition in the digital era.

On behalf the AICT2011 Conference Chairs and Co-chairs, Co-organizing Bodies and the rest of the Conference team and all Qafqaz University staff we owe much to our distinguished speakers and all participants and presenters who have taken time out of busy schedules to share their experience with us those days. For some of us, this has been an opportunity to meet with our old friends, for others, an opportunity to make new friends who are working on similar ICT area. We have had a chance to listen to some of the sessions over the past three days and was very pleased with the quality of the discussions that took place.

The special credit goes to our sponsors Azercell, Akkord Companies Group, Ericsson, Microsoft, Sinam, Nurgun Group and DNS Computer, without their support this event wouldn’t take place. We wish them all the success in their work. On behalf of Rector of Qafqaz University and Steering Committee, we express our deep gratitude to the Institute of Electrical and Electronics Engineers, TIKA – Turkish International Cooperation and Development Agency, Baku State University, Institute of Information Technologies of Azerbaijan National Academy of Science, UNESCO Institute for Information Technologies in Education, Tashkent University of Information Technologies for their deep contribution and support.

We also express our gratitude to all members of the Organizing Committee and all staff of Qafqaz University extending exceptional hospitality to the delegates and maintaining high standards of arrangement for various events of the Conference. We would especially like to thank the rector of Qafqaz University Professor Ahmet Sanic for his unrestricted support during all stages making this Conference success.

We, at Qafqaz University, look forward to further building partnerships with attendees and their organizations. I hope that all of us will continue what we have started here these days.

Posted in Meetings with Colleagues | Leave a Comment »

Internet Technologies in Depth. The Technique of Spam Recognition Based on Header Investigating

Posted by Abzetdin Adamov on October 4, 2011

Abstract – E-mail is most effective business and personal communication tool. The popularity, openness and wide availability of this Internet service makes it attractive for advertising of products and services by sending unsolicited e-mails (Spam). The goal of paper is to offer a comprehensive and usable technique to recognize spam that helps to detect and protect users from junk email, fraudulent e-mail threats and viruses. While widespread methods are complex and expensive, proposed technique is based on header investigating without additional tools and hard processing.

Keywords – Internet technologies, e-mail architecture, spam, spam recognition

INTERNET MESSAGE AS COMMUNICATION TOOL AND SPAM

The asynchronous nature of e-mail provides convenience and more effective use of time for communication participants. In contrast to immediate communication means like telephone, email is deferred type of communication. So, instead of immediate reaction, recipients now have the comfort to read, interpret and react on received information later, or do nothing if no action is required [1].

Because of mentioned and other advantages of email communication, the popularity of email as the  communication means for business and personal use has risen steadily over the last decade. The following Figure 1. shows rising popularity of the email communication over the last years and some prediction for future.

Email using progress by years

HOW EMAIL DELIVERY WORKS

 The email delivery is a whole process of massage transfer from the source to the destination. The Figure 3. shows this process in detail. Let see the process step by step:

  1. Using email agent the sender is submitted email for smith@b.com.
  2. The SMTP service of the mail server received sender’s message resolves the email domain “b.com”. To do so the mail server using DNS service (see DNS resolving at [4]) asks the NS server of b.com for the MX record. The MX record specifies the mail server, which is destined to gets all emails with domain name b.com.  The name of such a male server is in our example is mail.b.com.
  3. Email is routed to the receiver’s mail server mail.b.com.
  4. The SMTP service of mail.b.com places the email into recipient’s mailbox “smith” in the mail store.
  5. The recipient checks for email for user smith@b.com using the POP3 service of his email agent. To be able to access to mailbox user has to pass authentication process of the POP3 service.
  6. If the authentication module accepts eligibility of the user, the email is downloaded to the user’s email agent.
Detailed structure of email delivery

Detailed structure of email delivery

THE INTERNET MASSAGE (EMAIL) FORMAT

The first Internet message standard was described by [5] in 1977, which was renewed by [6] in 1982 had been using for almost twenty years. The newest email standard is described in [7] was published in 2008.

According to the last standard the Internet message (or email) consists of an envelope and content (for further more information see [8]). This is illustrated in Figure 4. “a”. The envelope, which is part of SMTP protocol, can be viewed as container of message and has information about from whom the message originated (sender) and to whom it is destined (recipient or list of recipients). The existence of sender’s information is necessary to be able to send back the error message if the message delivery is failed. The envelope is a temporary container created by source mail server just before passing the message to the destination mail server, as is shown in Figure 4. “b”. By the time a message has been delivered to a recipient’s mailbox there is no envelope.

Email format and envelope concept

Email format and envelope concept

EMAIL HEADER INVESTIGATING AND SPAM RECOGNITION

The content of email includes header fields and message body. The meaning of the header fields is to provide receiver’s email agent with descriptive information about message, such as sender, receiver, date, subject, etc. The header block contains several textual lines each of which presents syntax: “header title: value” (look at Figure 4. “a”). The body separated from header fields by empty line, contains textual information the sender is sending to the recipient. The primary header fields specified by [7] (RFC 5322) are shown in Table 1.

TABLE I

INTERNET MESSAGE HEADER FIELDS

Header Description
From: The name and email address of the message originator
Date: The local date and time when the message was written or sent
Message-ID: Machine readable unique identifier generated by mail server; designated to prevent multiple delivery, and to use as reference in In-Reply-To
In-Reply-To: Used for reply messages only, and contain Message-ID of the  original message(s), creating relational tree of messages
To: Email address(es) of the primary recipient(s)
Cc: Email address(es) of the secondary recipient(s). Generally, used to indicate recipients whose don’t have immediate relation to the matter, however should be informed
Bcc: Same as Cc, but hidden from recipients. SMTP removes this header field before delivering of the message
Subject: Textual human readable summary of message
Content Type: MIME type of the message content, designed for email agent to display message properly
Received: Contain information about all mail servers that were involved in the message delivery
References: Like In-Reply-To uses Message-ID(s), but designed to identify a thread of correspondence
Keywords: Keywords specified by sender
Reply-To: Email address should be used when recipient replies to message
Return-Path: This header indicates the email address of message’s sender. The value of this header has to be same as “From” address of the SMTP Envelope
Delivered-To: The email address of recipient
Sender: Actual sender of the message (generally, used address listed in the From)

The level of importance of each header field in message formation is different. For example, any internet message must include From: and Date: fields, and should include Message-ID: and In-Reply-To:. The rest of fields are optional or are managed automatically by mail servers. The one of the most important headers Received: is deserved to be reviewed in more detailed way. This header significantly simplifies the fight against spam and spammers. When we receive unsolicited bulk email, our email agent program normally shows only the standard To:, From:, Subject:, and Date: headers, as for any other email. At the same time, the From: address may appear to be from someone we well know, or from some organization whose name we respect or trust. In reality these spoofed messages do not originate from the address that appears in the From: header. To see the real address message was sent from, it is necessary to control Received: filed, which tells us the route the message took when it was sent to us.

Now we will try to understand how to find original source of the suspicion email through investigating the email header. To do so, firstly we need to be able to see the full email header. Generally, all email client programs (even webmail services like Gmail, Yahoo, etc.) have appropriate function to display full header of any message in your inbox. Let see the header of message I have received recently is shown in Figure 5.

Delivered-To: my.address@gmail.com
Return-Path: <SRS0=M78ycc=RT=p3slh174.shr.phx3.secureserver.net= lindaadleen2@qafqaz.edu.az>
Received: ……………………
Received: by 10.220.162.197 with SMTP id w5cs344529vcx;Sun, 17 Oct 2010 05:24:20 -0700 (PDT)
Received: from bosmailscan05.eigbox.net ([10.20.15.5])by bosmailout03.eigbox.net with esmtp (Exim) id 1P7SHj-0007rH-Qyfor http://www.adamov@gmail.com; Sun, 17 Oct 2010 08:24:19 -0400
Received: from p3slh174.shr.phx3.secureserver.net (localhost.localdomain [127.0.0.1])by p3slh174.shr.phx3.secureserver.net (8.12.11.20060308/8.12.11) with ESMTP id o9HCOF7n030063for <aict2011@qafqaz.edu.az>; Sun, 17 Oct 2010 05:24:15 -0700
Received: (from lindaadleen2@localhost)by p3slh174.shr.phx3.secureserver.net (8.12.11.20060308/8.12.11/Submit) id o9HCOEvK030054; Sun, 17 Oct 2010 05:24:14 -0700 Date: Sun, 17 Oct 2010 05:24:14 -0700
Message-Id: <201010171224.o9HCOEvK030054@p3slh174.shr.phx3. secureserver.net>
To: aict2011@qafqaz.edu.az
Subject: xxxxxxxxxxxxxxxxx!!!!!
From: vangelis@mail.ru

The header has been slightly modified by removing most eleven Receive: fields. The Receive: headers appear in reverse order. So, the first Receive: header from bottom (see line 7) presents the original source of the message. The line “from lindaadleen2@localhost” shows information about computer the message was sent from. Probably, spammer uses SMTP service installed on his computer in order to send bulk mail. The next line shows the name of the first mail server involved in delivery process “p3slh174.shr.phx3.secureserver.net”, the exact date and time of receiving, and unique id assigned by server to this message. The id is unique for particular mail server and can be used for tracking of the message. The two headers To: (see line 9) indicates to whom the message is sent and Delivered-To: (see line 1) indicates by who it is received, are supposed to be same. Furthermore, other two headers From: (see line 11) and Return-Path: (see line 2) are also supposed to be same. The fact that they are not same testifies the spam nature of the message.

Posted in Administration and System Design | Leave a Comment »