A privacy protection and anti-spam model for network users

Full text

(1)

*

This work is supported by Beijing Natural Science Foundation (Grant No. 4142008) ,National Natural Science

A privacy protection and anti-spam model for network users

Yuqiang Zhang School of Software Engineering Beijing University of Technology Beijing 100124, China yuqzhang@emails.bj ut.edu.cn Jingsha He School of Software Engineering Beijing University of Technology Beijing 100124, China jhe_bjut@163.com Jing Xu School of Software Engineering Beijing University of Technology Beijing 100124, China hxj@emails.bjut.edu. cn Bin Zhao School of Software Engineering Beijing University of Technology Beijing 100124, China hejs2004@163.com Abstract

In recently network interaction, some sensitive information of users needs to inform the interactive party in order to ensure smooth interaction. Especially the e-mail address which network users commonly used must be provided to the interactive party nearly in all interactive processes. In this situation, many unsafe factors in network lead to leakage of user e-mail address easily, and cause a lot of e-mail problem which puzzle user frequently, affect mailbox's normal use, junk mail problem which need to be solved urgently is getting more and more serious. To solve the above problem, this paper present a new privacy protection model, this model keeps user's email address as a secret information, through changing the interactive pattern, not only fundamentally prevents the email leakage problem and protects user sensitive information, but also solves the junk mail problem from the source.

Keywords- Network interaction; privacy protection;e-mail address; spam

Ⅰ. INTRODUCTION

Along with the network development, the network interactive pattern also becomes more and more complex; people are often forced to supply their privacy or sensitive information to the network interactive party to begin an interaction. There are already plenty of

techniques and tools to search and obtain user's online information, user private information submitted online are easily leaked to third party, this will bring hidden safe problem to user. Once the information is obtained by the malicious side, will bring the severely injure or even the loss which will be unable to recall to the user. With the fast development in internet application, users' privacy protection question arouses people's universal interest; simultaneously the user also set a higher request to the individual privacy information's initiative domination.

The privacy has three kind of basic shapes: Individual private affair, individual information, and individual domain. Individual information which uses in the network environment is one kind of privacy shape; it includes a very extremely wide scope, all the individual data of user contains in individual information.

The mailbox address as the individual information is one kind of the user’s privacy information, in current network interaction, users’ e-mail address must be provided to the interactive party to begin an interaction.

Many unsafe factors in network environment, such as the leakage in network transmission or interactive party negligence in the management, users' online information is accessed, stored, data mined, shared, manipulated, bought and sold, analyzed, stolen or misused by countless

(2)

corporate without users knowledge or consent. In these information, once commonly used mailbox address is divulged, has created junk mail being in flood in the network, brings the massive Trojan Horse, creates the subscriber's premises network information security problem, brings the puzzle which for the network user gets rid with difficulty.

In this paper, we describe a new method for the protection of user privacy; the method is based on changing the pattern of internet interactive to protect users` e-mail address, uses a sub-mailbox address code to replace the commonly used mailbox address, the sub-mailbox address has the date of expiry and user can manage it flexibly. In this case, this model also has anti-spam function.

The rest of paper is organized as follow. In the next section, we review some background information about the pattern of interaction between network users use their e-mail address in current network interactive, and describe the problem such as spam because of the network user’s email address leakage, and also summarize the existing solution technology as well as its existence deficiency. In section Ⅲ we describe our new privacy protection model in details, contains architecture and so an. In section Ⅳ we use an example to illustrate how our privacy protection model works. We conclude this paper in section Ⅴ which we also present our future works.

ⅡBACKGROUDINFORMATION

When users visit the website, the first time interacting with service site, they often need to register personal information to request website to provide the services or visit the Web site for more content. In these log-on messages, User’s mailbox address information is very important one item[1]. The email address be used to transmit the activated information about users new account number to user by website, or If the user and serves website to achieve a transaction, the email address will be used to receive service

information which provide by website. This facilitates the interaction between users and Web sites the mailbox address has also become alternately essential tool in network interaction. But present's interactive pattern is users just can provide their commonly used mailbox address directly for serves website, only then can the website send the service information Customized by user to the user` mailbox.[2-3]

Not only the user's email address for a Web site used, but also all the communication party, such as their classmates and friends or other interactive website use the same email address to communicate with user. Due to many technical and administrative reasons, there are some unsafe factors in the network, User the real mailbox address which fills in each kind of service website is very easily gained by the malicious side. Once the user commonly used mailbox address reveals, the junk mail question is also following which influence user using commonly used mailbox normally[4]. Users can not change this status that commonly used email address has been obtained by other independent party, and have no way to let their email address information be secret again, also cannot afford to reject the spam by their selves, can only place hopes in the anti-spam technology on which the service provider adopts, or no longer uses this mailbox address to apply for a new one directly. These two methods have the flaw and the insufficiency, cannot fundamentally solve the problem from user angle.

The first method about the technology that adopted by Service providers is the mainstream method of anti-spam. Filtration technology is its major technique[5-6], the filtering technology distinguished from the role including MAT filtration technology, MDA filtration technology and MIJA filtration technology; the filtering technology distinguished from the method are the key character-based filtering technology, based on the white list filtering, blacklist-based filtering technology, reverse DNS query technology,

(3)

rule-based filtering, content-based filtering technologies and other mail filtering technology. To some extent, these technologies effectively inhibited the spam[7], but spammers are constantly updated its anti-filtering technology to deceive filters, and these techniques is to control the spam received in the destination, cannot stop spam from the source.

If user adopt another method that do not use the leakage email address again, and apply a new one. This method seems simple and feasible, but When the user re-visit the website or the network interactions, the same problem will appear again, the new email address have the same probability to be stolen by malicious party[8]. Second, the process of apply a new mailbox address is easily, but after that, Because users no longer use the old email address, so all the user`s classmates, friends, commence partner or other interactive website who communicate with user use the old mailbox before can no longer contact with user use the old email address again. Only to inform their new application's mailbox address to all good friends and correspondence partners one by one, and re-establish the new address book, users can use the new mailbox for normal daily communication. This work not only consuming time, very tedious, and often lead to some important communication party loses contact[9]. Therefore, in order to fundamentally solve the problem of the proliferation of spam, the most effective way is to put the user's email address as privacy information to protect, not leaking to any network interaction side. Of course, to make sure that the network interaction can run smoothly, the users mailbox be protected in secret are meaningful. But the method about anti-spam which research from this source is very few now.

This paper use a new method of privacy protection, regarding user’s mailbox address as privacy information to effectively protect, using the e-mail address code substitute user's mailbox address and using technical measures to ensure that only the user and a particular interaction

party can communicate by this e-mail address code. The users can freely flexible control the e-mail address code and independently distinct junk mail. Using this new model, users can easily find out the spam sender, effectively prevent from receiving spam and report the spammers promptly.

Ⅲ.THE NEW MODEL OF PRIVACY PROTECTION

In this section, we briefly introduce the working pattern of our new model different from the former network interactive, and present the key method be used in the new model. And then mainly describe the entity architecture and workflow about the new privacy model.

A. Working Pattern and Method

Be different with the traditional way, when users interacting with websites in our new model, users does not need to tell the interactive website their commonly used e-mail address directly, use a special and flexible e-mail address code replace the commonly used e-mail address. through this e-mail address code, the website who interact with the user can send the service information to user`s commonly used e-mail box. Using this method not only protect the user's email address and complete the whole process of interactive services.

Email address code is user-centered design, with temporary, management flexibility and other characteristics, sub-mailbox is the mailbox used by the user generated, user can replace the email address used to send and receive mail. Email address code is user-centered design, with temporary, management flexibility and other characteristics. The email address code is generated by the user`s commonly used mailbox, it can replace the commonly used mailbox to send and receive emails. But it has a special-purpose characteristic, can be used as a temporary email address, and it`s period of validity can be stetted freely by user, After email

(4)

address code expiration, the user commonly used mailbox address can be used normally.

The working pattern show in figure 1

Figure 1 the working pattern of the model B. Interactive Entities

This model has three main interaction entities: subject A - user, objects B - user interaction party and the mailbox server C.

Subject A: The owner of privacy information, which sponsor the interactive process.

Object B: The user`s interaction partner who requires users to provide the e-mail address to complete the interactive services.

The mailbox server C: A server provides users with mail services and as the mailbox addresses privacy information providers for user. User's mailbox address as privacy information share with server, but object B is the mailbox address information irrelevant third party. As long as guaranteeing the interactive process complete smoothly, the user is unnecessary provide the real mailbox address to object B,

C. Main Archtecture

This main structure of the model contains four parts: generation, storage, management and verification module (as in figure 2). Generation modules based on users apply information to generate the e-mail address code. Storage module store e-mail address code and relevant information. Users through the management

module to manage the e-mail address code, for example, modify the validity period, open or close the e-mail address code, or cancel the e-mail address code etc. verification module can verify the interactive party ID information, to decide receiving or reject the message.

Figure 2 the main archtecture of the model Generation module (producer): This module including the user hands in the application in the commonly used mailbox. It generates the e-mail address code based on the information such as ID number of the interactive party, random number R ,system time T and expiry date which is set depending on the situation about the interaction with the service website.

Storage module (store): This module is used to store all the information of the e-mail address code after the e-mail address code and the related information have produced, and makes the new e-mail address code binding with the user`s commonly used mailbox, Enables the information which transmits through thee-mail address code to be possible received by the user`s commonly used mailbox smoothly.

Management module (manager): this module is established for the user to manage the e-mail address code information. Through this module, the user may revise the e-mail address code information parameter according to different situation interacting with each website. Especially, when the user receives the junk mail, may adjust the sub-mailbox function parameter and the interactive pattern with the website through the administration module according to the special details.

(5)

Verification module (verifier): This module is used to verify the ID information of the email sender who sends the email through the e-mail address code to the user. If the sender`s ID information is the same with the ID information of interactive party which be stored during the e-mail address code generate, the email will be accepted. Otherwise, the email will be rejected.

D. Workflow of the Model

Implementation of the model took the following technical solutions, base on the anti-spam privacy protection methods. this method entire frame including the user`s commonly used mailbox, the mailbox server and other people or website interactive with user. the user`s commonly used mailbox is subject A, other people or website interactive with user is object B, the mailbox server is C. The method includes the following steps to achieve process:

1) When browses a service site object B and needs object B to provide the services, Subject A musts to fill out the registration information, and needs to supply the commonly used e-mail address in order to complete the interaction smoothly.

In our new privacy protection model, subject A will do something follow and finish the registration.

2) Subject A login the mail server C and apply for a e-mail address code. according to object B 's email address and random number and the current time of system, using algorithms SHA-1 to generate the message digest, and using algorithms RSA to digital signature, mail server C generate the e-mail address code.

Simultaneously this mailbox address code will be bind with the commonly used mailbox of subject A by mail server C. In order to facilitate subject A to management the e-mail address code based on the situation in the process of the interaction with object B, all the information of the e-mail address code will be stored in the subject A`s commonly used mailbox.

3) Subject A obtains the mailbox address code which is generated by mail server C based on the information supplied by subject A, and can set the information of the e-mail address code initially: Establishment e-mail address code date of expiry, the short name for object B, the key words of Interactive service and other security parameters.

4) Subject A uses the new application E-mail address code to replace the commonly used mailbox address in registration information providing to object B, this e-mail address code is used just only for the interaction between A and B.

5) Object B use the e-mail address code interact with subject A. the letter transmits through the e-mail address is received by user`s commonly used mailbox which generate this e-mail address code, and subject A send the letter to object B also through the e-mail address code. In the object B receiver terminal, the received message shows that the sender address is e-mail address code not the subject A`s commonly used e-mail real address. Of course, to subject A the e-mail address code is transparent in the process of communications.

6) Because in the process of e-mail address code production contains ID information of object B, the mail service C can verify the ID information of the message sender who sends the message through the e-mail address code, if the ID information is consistent with the ID information of interactive party which be stored during the e-mail address code generate, the message will be received. Otherwise, the message will be rejected.

Ⅳ CONCLUSION

The merits of our privacy protection model and method are as follows:

The real address information of user`s commonly used mailbox will not divulge for any other interactive sides. Users do not need to replace the mailbox frequently because of the mailbox address divulging question. The

(6)

absolute safety of user`s commonly used mailbox address can guarantee normal communication between user and its good friends.

Users can determine which messages

are spam freely depending on their own preferences, and can set parameters of e-mail address code flexible depending on the Specific interactive situation.

Users can clearly determine the source

of the mailbox problem such as the spam mail generated, and take appropriate measures flexibly.

In this model , the mailbox address

code management is flexible, users may momentarily reduce, lengthen its date of expiry, or open, close, cancel its receiving and dispatching mail function and so on according to their own need.

This mailbox address privacy protection method fundamentally solved the problem that user`s mailbox address is often obtained by the irrelevant side in the network causing a lot of mailbox problems to trouble the user. Because mailbox address's divulging creates the mailbox question has existed and urgently waits to be solved, but did not have a very good solution now, this article in view of these questions, proposed this privacy protection model. This privacy protection model is good at detecting and preventing spam and protecting the security and confidentiality of the user`s commonly used email address as user`s sensitive and privacy information from source, has a very good use

value and practical significance. In the later research, the privacy protection model we proposed in this paper needs to be further refined, the performance and functionality of the application of this model need to be in-depth analyzed.

REFERENCES

[1] Lai.G.H, Chen.C.M, Laih.C.S and Chen.T”A

collaborativeanti-spam system”, Expert Systems with Applications, v 36, n 3PART 2, p 6645-6653, April 2009

[2] Liu.Y.Q, Cen.R.W, Zhang.M, Shao.P.M and

Ru.LY“IdentifyingWeb Spam with User Behavior Analysis”, 4th InternationalWorkshop on Adversarial Information Retrieval on the Web(AIRWeb 2008), April 22April 22, 2008

[3] T. Burghardt, E. Buchmann, J. M¨uller, and K. B¨ohm,

"Understanding user preferences and awareness: Privacy mechanisms in location-based services," In OnTheMove Conferences (OTM), 2009.

[4] F. Xu, K.P. Chow, J.S. He, X. Wu, "Privacy Reference

Monitor –A Computer Model for Law Compliant Privacy Protection," Proc. The 15th International Conference on Parallel and Distributed Systems (ICPADS'09), ShenZhen,China, Dec.8-11, 2009.

[5] D. Warren and L. Brandeis, “The Right to Privacy,”

Harvard LawRev., vol. 45, 1890.

[6] Marsono.M.N, El.K,, M.W and Gebali.F”A spam

rejection schemeduring SMTP sessions based on layer-3 e-mail classification”,Journal of Network and Computer Applications, v 32, n 1, pp.236-257, January 2009

[7] Junejo.K.N; Karim.A: PSSF”A Novel Statistical

Approach forPersonalized Service-side Spam Filtering, Proc. theIEEE/WIC/ACM International Conference on Web Intelligence,2-5 November, 2007

[8] Shawkat.A, A.B.M., Yang.X” Spam Classification

Using AdaptiveBoosting Algorithm”, Proc. 6th IEEE/ACIS InternationalConference on Computer and Information Science, ICIS 2007;

[9] Li.K, Zhong.Z.Y, Ramaswamy.L”Privacy-Aware

CollaborativeSpam Filtering”, IEEE Transactions on Parallel and DistributedSystems, v 20, n 5, p 725-739, 2009

Figure

Updating...

References

Updating...

Related subjects :