Nurse, Jason R. C., Erola, Arnau, Goldsmith, Michael, Creese, Sadie (2015) Investigating the leakage of sensitive personal and organisational information in email headers. Journal of Internet Services and Information Security, 5 (1). pp. 70-84. ISSN 2182-2069. E-ISSN 2182-2077. (doi:10.22667/JISIS.2015.02.31.070) (KAR id:67510)
PDF
Publisher pdf
Language: English
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
|
|
Download this file (PDF/346kB) |
|
Request a format suitable for use with assistive technology e.g. a screenreader | |
Official URL: http://doi.org/10.22667/JISIS.2015.02.31.070 |
Abstract
Email is undoubtedly the most used communications mechanism in society today. Within business alone, it is estimated that 100 billion emails are sent and received daily across the world. While the security and privacy of email has been of concern to enterprises and individuals for decades, this has predominately been focused on protecting against malicious content in incoming emails and explicit data exfiltration, rather than inadvertent leaks in outgoing emails. In this paper, we consider this topic of outgoing emails and unintentional information leakage to better appreciate the security and privacy concerns related to the simple activity of sending an email. Specifically, our research seeks to investigate the extent to which potentially sensitive information could be leaked, in even blank emails, by considering the metadata that is a natural part of email headers. Through findings from a user-based experiment, we demonstrate that there is a noteworthy level of exposure of organisational and personal identity information, much of which can be further used by an attacker for reconnaissance or develop a more targeted and sophisticated attack.
Item Type: | Article |
---|---|
DOI/Identification number: | 10.22667/JISIS.2015.02.31.070 |
Subjects: |
Q Science T Technology |
Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
Depositing User: | Jason Nurse |
Date Deposited: | 02 Jul 2018 17:03 UTC |
Last Modified: | 05 Nov 2024 11:07 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/67510 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):