Skip to main content

Security Tool 3 (Email Application) - Group C

 

3.1         Background Subtopic

Electronic mail, commonly shortened to “email,” is a communication method that uses electronic devices to deliver messages across computer networks. "Email" refers to both the delivery system and individual messages that are sent and received.

Email has existed in some form since the 1970s, when programmer Ray Tomlinson created a way to transmit messages between computer systems on the Advanced Research Projects Agency Network (ARPANET). Modern forms of email became available for widespread public use with the development of email client software (e.g. Outlook) and web browsers, the latter of which enables users to send and receive messages over the Internet using web-based email clients (e.g. Gmail).

Gmail is a free web-based email service provided by Google. It allows users to send and receive e-mail over the Internet. It provides 15 GB of storage which is shared across Gmail, Google Drive, and Google Photos for each Google account. It also automatically organizes successively related messages into a conversational thread. Gmail, otherwise known as Google Mail, can be accessed from a personal computer, tablet or any Android or iOS device easily with internet connection.

3.2         Installation and demo manual

From Gmail website, click compose to write a new email.

Click the “Confidential mode” icon below.

Set the expiration date.

 Click Send Button to send email.


 The recipient can view the message before the expiration date expires.

 Options to copy, paste, download, print, and forward the message text and attachments will be disabled.

3.3         CIA (Confidentiality, Integrity, and Availability)

Confidentiality

To access emails, users are required to input valid email and password to login into Gmail. Besides, users can also enable 2-step verification to strengthen authentication security, users will need to enter a code that Google will send you via text or voice message upon signing in. This prevents other people to access our own email. Besides, it can protect Gmail messages with confidential mode. Confidential mode lets users set a message expiration date, revoke message access at any time, require a verification code by text to open messages. Confidential mode helps prevent recipients from accidentally sharing messages. Confidential mode messages don't have options to forward, copy, print, or download messages or attachments but it can't prevent recipients from taking screenshots or photos of messages or attachments. Recipients can also use malicious software applications to copy or download messages and attachments.

Integrity

Gmail has two type of encryption which are TLS and S/MIME. TLS or Transport Layer Security as an industry standard for email encryption. When users send an email, users’ browser contact’s Google’s server to establish a secure connection. User’s message is encrypted (encoded) and then decrypted (decoded) several times, passing through Google’s servers until it reaches user’s recipient. S/MIME is end to end encryption but it does not apply to free account. S/MIME encrypts all outgoing messages if we have the recipient's public key. Only the recipient with the corresponding private key can decrypt this message. This prevents encrypted email to be read and modify by other people including email server Google.

 

Availability

Gmail is a web-based email service for every user. It is accessible in multiple platforms including windows, IOS and Android anywhere, anytime with internet connection. Users can read, respond to, and search Gmail messages even when users aren't connected to the Internet. When users send emails offline, email goes into a new "Outbox" folder and gets sent as soon as users go back online. 


Comments

Post a Comment

Popular posts from this blog

Security Tool 1 (Encryption Tools) - Group C

       1.0      Background of Encryption Tools Encryption is a protection method that uses an internet-based algorithm key to obscure data from any unverified viewers. Encryption tools change the data during transfer so that individuals who see the data afterward can't understand or access it without the key. Once the data arrives at an intended destination, you can also use tools to decode messages so they're readable again. For the encryption tool “LastPass”, it used to secure an account begins the moment it’s created. When a user creates their master password, it’s used to generate a unique encryption key, even when enabling passwordless login. The master password and the encryption key are never sent to or shared with LastPass. 1.1             Installation and demo manual Get LastPass for free at the official website https://www.lastpass.com/ Create an Account Add LastPass Chrome Extension Dashboard of LastPass. Try import password to LastPass. Select google chrome icon
Post a Comment
Read more

Analysis On CIA Between The Selected Tools - Group C

  LastPass (Encryption Tool) Mini Tool (Data Recovery Tool) Email (Email Application) Confidentiality LastPass’s user are protected through LastPass’ zero-knowledge security model. Zero-knowledge means that no one has access to user decrypted Master Password, vault, or vault data except the account owner. To ensure that only authorized access is granted to user vault, we use industry-standard mechanisms, such as AES-256 encryption and PBKDF2 hashing plus salting, to keep user Master Password safe. This is an industry standard that all password managers should adhere to. MiniTool Power Data Recovery cannot just simply recover the disks or files that is encrypted with data protection feature such as BitLocker. Only the user knows or possess the password for the BitLocker encryption. This is to ensure that only the users of that particular drive or files can have access and recovers the lost f
Post a Comment
Read more