A privacy protection and anti-spam model for network users

Transcription

1 A privacy protection and anti-spam model for network users Yuqiang Zhang ut.edu.cn Jingsha He Jing Xu cn Bin Zhao Abstract In recently network interaction, some sensitive information of users needs to inform the interactive party in order to ensure smooth interaction. Especially the address which network users commonly used must be provided to the interactive party nearly in all interactive processes. In this situation, many unsafe factors in network lead to leakage of user address easily, and cause a lot of problem which puzzle user frequently, affect mailbox's normal use, junk mail problem which need to be solved urgently is getting more and more serious. To solve the above problem, this paper present a new privacy protection model, this model keeps user's address as a secret information, through changing the interactive pattern, not only fundamentally prevents the leakage problem and protects user sensitive information, but also solves the junk mail problem from the source. Keywords- Network interaction; privacy protection; address; spam techniques and tools to search and obtain user's online information, user private information submitted online are easily leaked to third party, this will bring hidden safe problem to user. Once the information is obtained by the malicious side, will bring the severely injure or even the loss which will be unable to recall to the user. With the fast development in internet application, users' privacy protection question arouses people's universal interest; simultaneously the user also set a higher request to the individual privacy information's initiative domination. The privacy has three kind of basic shapes: Individual private affair, individual information, and individual domain. Individual information which uses in the network environment is one kind of privacy shape; it includes a very extremely wide scope, all the individual data of user contains in individual information. The mailbox address as the individual information is one kind of the user s privacy information, in current network interaction, users Ⅰ. INTRODUCTION address must be provided to the interactive party to begin an interaction. Along with the network development, the Many unsafe factors in network environment, network interactive pattern also becomes more such as the leakage in network transmission or and more complex; people are often forced to interactive party negligence in the management, supply their privacy or sensitive information to users' online information is accessed, stored, data the network interactive party to begin an mined, shared, manipulated, bought and sold, interaction. There are already plenty of analyzed, stolen or misused by countless * This work is supported by Beijing Natural Science Foundation (Grant No ),National Natural Science Foundation of (Grant No ),National High-tech R&D Program (863 Program) (Grant No. 2015AA017204). Shandong Natural Science Foundation (Grant No. ZR2013FQ024). ISBN:

2 corporate without users knowledge or consent. In these information, once commonly used mailbox address is divulged, has created junk mail being in flood in the network, brings the massive Trojan Horse, creates the subscriber's premises network information security problem, brings the puzzle which for the network user gets rid with difficulty. In this paper, we describe a new method for the protection of user privacy; the method is based on changing the pattern of internet interactive to protect users` address, uses a sub-mailbox address code to replace the commonly used mailbox address, the sub-mailbox address has the date of expiry and user can manage it flexibly. In this case, this model also has anti-spam function. The rest of paper is organized as follow. In the next section, we review some background information about the pattern of interaction between network users use their address in current network interactive, and describe the problem such as spam because of the network user s address leakage, and also summarize the existing solution technology as well as its existence deficiency. In section Ⅲ we describe our new privacy protection model in details, contains architecture and so an. In section Ⅳ we use an example to illustrate how our privacy protection model works. We conclude this paper in section Ⅴ which we also present our future works. Ⅱ BACKGROUD INFORMATION When users visit the website, the first time interacting with service site, they often need to register personal information to request website to provide the services or visit the Web site for more content. In these log-on messages, User s mailbox address information is very important one item[1]. The address be used to transmit the activated information about users new account number to user by website, or If the user and serves website to achieve a transaction, the address will be used to receive service information which provide by website. This facilitates the interaction between users and Web sites the mailbox address has also become alternately essential tool in network interaction. But present's interactive pattern is users just can provide their commonly used mailbox address directly for serves website, only then can the website send the service information Customized by user to the user` mailbox.[2-3] Not only the user's address for a Web site used, but also all the communication party, such as their classmates and friends or other interactive website use the same address to communicate with user. Due to many technical and administrative reasons, there are some unsafe factors in the network, User the real mailbox address which fills in each kind of service website is very easily gained by the malicious side. Once the user commonly used mailbox address reveals, the junk mail question is also following which influence user using commonly used mailbox normally[4]. Users can not change this status that commonly used address has been obtained by other independent party, and have no way to let their address information be secret again, also cannot afford to reject the spam by their selves, can only place hopes in the anti-spam technology on which the service provider adopts, or no longer uses this mailbox address to apply for a new one directly. These two methods have the flaw and the insufficiency, cannot fundamentally solve the problem from user angle. The first method about the technology that adopted by Service providers is the mainstream method of anti-spam. Filtration technology is its major technique[5-6], the filtering technology distinguished from the role including MAT filtration technology, MDA filtration technology and MIJA filtration technology; the filtering technology distinguished from the method are the key character-based filtering technology, based on the white list filtering, blacklist-based filtering technology, reverse DNS query technology, ISBN:

3 rule-based filtering, content-based filtering technologies and other mail filtering technology. To some extent, these technologies effectively inhibited the spam[7], but spammers are constantly updated its anti-filtering technology to deceive filters, and these techniques is to control the spam received in the destination, cannot stop spam from the source. If user adopt another method that do not use the leakage address again, and apply a new one. This method seems simple and feasible, but When the user re-visit the website or the network interactions, the same problem will appear again, the new address have the same probability to be stolen by malicious party[8]. Second, the process of apply a new mailbox address is easily, but after that, Because users no longer use the old address, so all the user`s classmates, friends, commence partner or other interactive website who communicate with user use the old mailbox before can no longer contact with user use the old address again. Only to inform their new application's mailbox address to all good friends and correspondence partners one by one, and re-establish the new address book, users can use the new mailbox for normal daily communication. This work not only consuming time, very tedious, and often lead to some important communication party loses contact[9]. Therefore, in order to fundamentally solve the problem of the proliferation of spam, the most effective way is to put the user's address as privacy information to protect, not leaking to any network interaction side. Of course, to make sure that the network interaction can run smoothly, the users mailbox be protected in secret are meaningful. But the method about anti-spam which research from this source is very few now. This paper use a new method of privacy protection, regarding user s mailbox address as privacy information to effectively protect, using the address code substitute user's mailbox address and using technical measures to ensure that only the user and a particular interaction party can communicate by this address code. The users can freely flexible control the address code and independently distinct junk mail. Using this new model, users can easily find out the spam sender, effectively prevent from receiving spam and report the spammers promptly. Ⅲ. THE NEW MODEL OF PRIVACY PROTECTION In this section, we briefly introduce the working pattern of our new model different from the former network interactive, and present the key method be used in the new model. And then mainly describe the entity architecture and workflow about the new privacy model. A. Working Pattern and Method Be different with the traditional way, when users interacting with websites in our new model, users does not need to tell the interactive website their commonly used address directly, use a special and flexible address code replace the commonly used address. through this address code, the website who interact with the user can send the service information to user`s commonly used box. Using this method not only protect the user's address and complete the whole process of interactive services. address code is user-centered design, with temporary, management flexibility and other characteristics, sub-mailbox is the mailbox used by the user generated, user can replace the address used to send and receive mail. address code is user-centered design, with temporary, management flexibility and other characteristics. The address code is generated by the user`s commonly used mailbox, it can replace the commonly used mailbox to send and receive s. But it has a special-purpose characteristic, can be used as a temporary address, and it`s period of validity can be stetted freely by user, After ISBN:

4 address code expiration, the user commonly used mailbox address can be used normally. The working pattern show in figure 1 module to manage the address code, for example, modify the validity period, open or close the address code, or cancel the address code etc. verification module can verify the interactive party ID information, to decide receiving or reject the message. Figure 1 the working pattern of the model B. Interactive Entities This model has three main interaction entities: subject A - user, objects B - user interaction party and the mailbox server C. Subject A: The owner of privacy information, which sponsor the interactive process. Object B: The user`s interaction partner who requires users to provide the address to complete the interactive services. The mailbox server C: A server provides users with mail services and as the mailbox addresses privacy information providers for user. User's mailbox address as privacy information share with server, but object B is the mailbox address information irrelevant third party. As long as guaranteeing the interactive process complete smoothly, the user is unnecessary provide the real mailbox address to object B, C. Main Archtecture This main structure of the model contains four parts: generation, storage, management and verification module (as in figure 2). Generation modules based on users apply information to generate the address code. Storage module store address code and relevant information. Users through the management Figure 2 the main archtecture of the model Generation module (producer): This module including the user hands in the application in the commonly used mailbox. It generates the address code based on the information such as ID number of the interactive party, random number R,system time T and expiry date which is set depending on the situation about the interaction with the service website. Storage module (store): This module is used to store all the information of the address code after the address code and the related information have produced, and makes the new address code binding with the user`s commonly used mailbox, Enables the information which transmits through the address code to be possible received by the user`s commonly used mailbox smoothly. Management module (manager): this module is established for the user to manage the address code information. Through this module, the user may revise the address code information parameter according to different situation interacting with each website. Especially, when the user receives the junk mail, may adjust the sub-mailbox function parameter and the interactive pattern with the website through the administration module according to the special details. ISBN:

5 Verification module (verifier): This module is used to verify the ID information of the sender who sends the through the address code to the user. If the sender`s ID information is the same with the ID information of interactive party which be stored during the address code generate, the will be accepted. Otherwise, the will be rejected. D. Workflow of the Model Implementation of the model took the following technical solutions, base on the anti-spam privacy protection methods. this method entire frame including the user`s commonly used mailbox, the mailbox server and other people or website interactive with user. the user`s commonly used mailbox is subject A, other people or website interactive with user is object B, the mailbox server is C. The method includes the following steps to achieve process: 1) When browses a service site object B and needs object B to provide the services, Subject A musts to fill out the registration information, and needs to supply the commonly used address in order to complete the interaction smoothly. In our new privacy protection model, subject A will do something follow and finish the registration. 2) Subject A login the mail server C and apply for a address code. according to object B 's address and random number and the current time of system, using algorithms SHA-1 to generate the message digest, and using algorithms RSA to digital signature, mail server C generate the address code. Simultaneously this mailbox address code will be bind with the commonly used mailbox of subject A by mail server C. In order to facilitate subject A to management the address code based on the situation in the process of the interaction with object B, all the information of the address code will be stored in the subject A`s commonly used mailbox. 3) Subject A obtains the mailbox address code which is generated by mail server C based on the information supplied by subject A, and can set the information of the address code initially: Establishment address code date of expiry, the short name for object B, the key words of Interactive service and other security parameters. 4) Subject A uses the new application address code to replace the commonly used mailbox address in registration information providing to object B, this address code is used just only for the interaction between A and B. 5) Object B use the address code interact with subject A. the letter transmits through the address is received by user`s commonly used mailbox which generate this address code, and subject A send the letter to object B also through the address code. In the object B receiver terminal, the received message shows that the sender address is address code not the subject A`s commonly used real address. Of course, to subject A the address code is transparent in the process of communications. 6) Because in the process of address code production contains ID information of object B, the mail service C can verify the ID information of the message sender who sends the message through the address code, if the ID information is consistent with the ID information of interactive party which be stored during the address code generate, the message will be received. Otherwise, the message will be rejected. Ⅳ CONCLUSION The merits of our privacy protection model and method are as follows: The real address information of user`s commonly used mailbox will not divulge for any other interactive sides. Users do not need to replace the mailbox frequently because of the mailbox address divulging question. The ISBN:

6 absolute safety of user`s commonly used mailbox address can guarantee normal communication between user and its good friends. Users can determine which messages are spam freely depending on their own preferences, and can set parameters of address code flexible depending on the Specific interactive situation. Users can clearly determine the source of the mailbox problem such as the spam mail generated, and take appropriate measures flexibly. In this model, the mailbox address code management is flexible, users may momentarily reduce, lengthen its date of expiry, or open, close, cancel its receiving and dispatching mail function and so on according to their own need. This mailbox address privacy protection method fundamentally solved the problem that user`s mailbox address is often obtained by the irrelevant side in the network causing a lot of mailbox problems to trouble the user. Because mailbox address's divulging creates the mailbox question has existed and urgently waits to be solved, but did not have a very good solution now, this article in view of these questions, proposed this privacy protection model. This privacy protection model is good at detecting and preventing spam and protecting the security and confidentiality of the user`s commonly used address as user`s sensitive and privacy information from source, has a very good use value and practical significance. In the later research, the privacy protection model we proposed in this paper needs to be further refined, the performance and functionality of the application of this model need to be in-depth analyzed. REFERENCES [1] Lai.G.H, Chen.C.M, Laih.C.S and Chen.T A collaborativeanti-spam system, Expert Systems with Applications, v 36, n 3PART 2, p , April 2009 [2] Liu.Y.Q, Cen.R.W, Zhang.M, Shao.P.M and Ru.LY IdentifyingWeb Spam with User Behavior Analysis, 4th InternationalWorkshop on Adversarial Information Retrieval on the Web(AIRWeb 2008), April 22April 22, 2008 [3] T. Burghardt, E. Buchmann, J. M uller, and K. B ohm, "Understanding user preferences and awareness: Privacy mechanisms in location-based services," In OnTheMove Conferences (OTM), [4] F. Xu, K.P. Chow, J.S. He, X. Wu, "Privacy Reference Monitor A Computer Model for Law Compliant Privacy Protection," Proc. The 15th International Conference on Parallel and Distributed Systems (ICPADS'09), ShenZhen,, Dec.8-11, [5] D. Warren and L. Brandeis, The Right to Privacy, Harvard LawRev., vol. 45, [6] Marsono.M.N, El.K,, M.W and Gebali.F A spam rejection schemeduring SMTP sessions based on layer-3 classification,journal of Network and Computer Applications, v 32, n 1, pp , January 2009 [7] Junejo.K.N; Karim.A: PSSF A Novel Statistical Approach forpersonalized Service-side Spam Filtering, Proc. theieee/wic/acm International Conference on Web Intelligence,2-5 November, 2007 [8] Shawkat.A, A.B.M., Yang.X Spam Classification Using AdaptiveBoosting Algorithm, Proc. 6th IEEE/ACIS InternationalConference on Computer and Information Science, ICIS 2007; [9] Li.K, Zhong.Z.Y, Ramaswamy.L Privacy-Aware CollaborativeSpam Filtering, IEEE Transactions on Parallel and DistributedSystems, v 20, n 5, p , 2009 ISBN: