2024
Other
Open Access
SMTP smuggling
Gennai F.
Descrizione tecnica della vulnerabilità del sistema email Internet, denominata SMTP smuggling e resa pubblica in data 18 dicembre 2023 dalla società SEC Consult di Vienna.
Gennai F.
Descrizione tecnica della vulnerabilità del sistema email Internet, denominata SMTP smuggling e resa pubblica in data 18 dicembre 2023 dalla società SEC Consult di Vienna.
See at:
ISTI Repository 
| CNR ExploRA
2023
Report
Open Access
Definition of a new model of communication: Secure Application Email (SAE)
Gennai F., Sinibaldi F., Buzzi M., Martusciello L.
In this technical report, we define a Secure Application Email model and protocol that works on top of existing Internet email architecture that can be used in the development of new services with enanched security. The new Secure Application Email model could represent an evolution of the current Internet email model while keeping a deep level of interoperability between the two models.Source: ISTI Technical Report, ISTI-2023-TR/002, 2023
DOI: 10.32079/isti-tr-2023/002
Metrics:
Gennai F., Sinibaldi F., Buzzi M., Martusciello L.
In this technical report, we define a Secure Application Email model and protocol that works on top of existing Internet email architecture that can be used in the development of new services with enanched security. The new Secure Application Email model could represent an evolution of the current Internet email model while keeping a deep level of interoperability between the two models.Source: ISTI Technical Report, ISTI-2023-TR/002, 2023
DOI: 10.32079/isti-tr-2023/002
Metrics:
See at:
ISTI Repository | CNR ExploRA
2022
Report
Open Access
Analisi di particolari condizioni di insicurezza della REM (Registered EMail)
Martusciello L., Gennai F., Buzzi M.
Descrizione di una potenziale problematica di sicurezza nel funzionamento della REM (Registered Electronic Mail) e le relative deduzioni.Source: ISTI Technical Report, ISTI-2022-TR/003, pp.1–15, 2022
DOI: 10.32079/isti-tr-2022/003
Metrics:
Martusciello L., Gennai F., Buzzi M.
Descrizione di una potenziale problematica di sicurezza nel funzionamento della REM (Registered Electronic Mail) e le relative deduzioni.Source: ISTI Technical Report, ISTI-2022-TR/003, pp.1–15, 2022
DOI: 10.32079/isti-tr-2022/003
Metrics:
See at:
ISTI Repository | CNR ExploRA
2022
Report
Open Access
REgistered eMail (REM) analisi semantica dell'elemento UntrustedPathToRecipient
Martusciello L., Gennai F., Buzzi M.
Analisi di una particolare criticità presente nella specifica tecnica draft ETSI EN 119 532-4 V1.1.7 (2022 - 01), relativa alla fase di REM submission.Source: ISTI Technical Report, ISTI-2022-TR/006, pp.1–7, 2022
DOI: 10.32079/isti-tr-2022/006
Metrics:
Martusciello L., Gennai F., Buzzi M.
Analisi di una particolare criticità presente nella specifica tecnica draft ETSI EN 119 532-4 V1.1.7 (2022 - 01), relativa alla fase di REM submission.Source: ISTI Technical Report, ISTI-2022-TR/006, pp.1–7, 2022
DOI: 10.32079/isti-tr-2022/006
Metrics:
See at:
ISTI Repository | CNR ExploRA
2022
Report
Open Access
Interoperabilità dei sistemi di e-delivery conformi ai servizi di recapito certificato qualificato eIDAS. L'esperienza italiana e sue evoluzioni
Antolini A., Buzzi M., Gennai F., Mancinelli G, Martusciello L., Petrucci C., Reale R.
L'interoperabilità dei dati, nei servizi di e-delivery, è uno dei punti cruciali per lo sviluppo dell'economia e l'automazione dei processi. L'interoperabilità dei sistemi di e-delivery nell'Unione Europea è stata di recente definita dallo Standard Registered EMail (REM) che l'Italia ha deciso di implementare per la realizzazione dei servizi di messaggistica certificati e qualificati. In questo articolo introduciamo gli elementi che differenziano il nuovo standard REM dalla Posta Elettronica Certificata italiana, strumento di lavoro consolidato per professionisti e cittadini, evidenziando l'impatto di una migrazione verso tali sistemi.Source: ISTI Technical Report, ISTI-2022-TR/015, pp.1–9, 2022
DOI: 10.32079/isti-tr-2022/015
Metrics:
Antolini A., Buzzi M., Gennai F., Mancinelli G, Martusciello L., Petrucci C., Reale R.
L'interoperabilità dei dati, nei servizi di e-delivery, è uno dei punti cruciali per lo sviluppo dell'economia e l'automazione dei processi. L'interoperabilità dei sistemi di e-delivery nell'Unione Europea è stata di recente definita dallo Standard Registered EMail (REM) che l'Italia ha deciso di implementare per la realizzazione dei servizi di messaggistica certificati e qualificati. In questo articolo introduciamo gli elementi che differenziano il nuovo standard REM dalla Posta Elettronica Certificata italiana, strumento di lavoro consolidato per professionisti e cittadini, evidenziando l'impatto di una migrazione verso tali sistemi.Source: ISTI Technical Report, ISTI-2022-TR/015, pp.1–9, 2022
DOI: 10.32079/isti-tr-2022/015
Metrics:
See at:
ISTI Repository | CNR ExploRA
2022
Report
Open Access
Considerazioni derivanti dall'analisi di alcune tipologie di test di interoperabilità REM a favore delle attività di sviluppo di una piattaforma REM
Gennai F., Martusciello L.
Nell'ambito dell'accordo di collaborazione scientifica ISTI-Agid si è evidenziata la necessità di definire una suite di test di interoperabilità tra gestori REM e la piattaforma di riferimento REM-ISTI. Questo documento intende richiamare l'attenzione sul comportamento che un server REM può avere durante la ricezione di un Dispatch proveniente da un altro server REM e suggerire alcune tra le possibili soluzioni.Source: ISTI Technical Report, ISTI-2022-TR/014, 2022
DOI: 10.32079/isti-tr-2022/014
Metrics:
Gennai F., Martusciello L.
Nell'ambito dell'accordo di collaborazione scientifica ISTI-Agid si è evidenziata la necessità di definire una suite di test di interoperabilità tra gestori REM e la piattaforma di riferimento REM-ISTI. Questo documento intende richiamare l'attenzione sul comportamento che un server REM può avere durante la ricezione di un Dispatch proveniente da un altro server REM e suggerire alcune tra le possibili soluzioni.Source: ISTI Technical Report, ISTI-2022-TR/014, 2022
DOI: 10.32079/isti-tr-2022/014
Metrics:
See at:
ISTI Repository | CNR ExploRA
2022
Conference article
Open Access
From national certified email systems to European registered email systems: a case study
Buzzi M., Gennai F., Martusciello L., Antolini A., Mancinelli G., Petrucci C., Reale R.
Since 2006 the European Union has addressed the problem of the interoperability of Certified eMail Systems of Member States, in order to promote data and document exchange among Member States and to foster economic growth, as well as simplify administrative tasks within the Digital Single Market. In the last twenty years EU Member States introduced their own national certified email systems such as Posta Elettronica Certificata (PEC) in Italy, but cross-border interoperability is still lacking. In 2019, ETSI defined the Registered EMail (REM) Specifications. This implies migrating from the current EU national certified email system to the new REM architecture. This paper discusses how the Italian government is approaching this transition process, presenting the main differences between the national certified email system (PEC) and the REM. Based on the experience gained, a few suggestions are proposed for policy makers who need to address similar challenges.Source: ICEGOV 2022 - 15th International Conference on Theory and Practice of Electronic Governance, pp. 538–541, Guimarães, Portugal, 04-07/10/2022
DOI: 10.1145/3560107.3560256
Metrics:
Buzzi M., Gennai F., Martusciello L., Antolini A., Mancinelli G., Petrucci C., Reale R.
Since 2006 the European Union has addressed the problem of the interoperability of Certified eMail Systems of Member States, in order to promote data and document exchange among Member States and to foster economic growth, as well as simplify administrative tasks within the Digital Single Market. In the last twenty years EU Member States introduced their own national certified email systems such as Posta Elettronica Certificata (PEC) in Italy, but cross-border interoperability is still lacking. In 2019, ETSI defined the Registered EMail (REM) Specifications. This implies migrating from the current EU national certified email system to the new REM architecture. This paper discusses how the Italian government is approaching this transition process, presenting the main differences between the national certified email system (PEC) and the REM. Based on the experience gained, a few suggestions are proposed for policy makers who need to address similar challenges.Source: ICEGOV 2022 - 15th International Conference on Theory and Practice of Electronic Governance, pp. 538–541, Guimarães, Portugal, 04-07/10/2022
DOI: 10.1145/3560107.3560256
Metrics:
See at:
ISTI Repository | dl.acm.org 
| CNR ExploRA
2018
Conference article
Open Access
How blind people can manage a remote control system: a case study
Buzzi M., Gennai F., Leporini B.
Remote Control Systems (RCSs) are increasingly being installed in homes and offices. Technology evolves very rapidly and sensors and devices are becoming smaller, smarter and more powerful. Mobile and Web apps are commonly used to remotely configure and control devices. Home control is especially valuable for blind people, since they can benefit from technology to control and turn on/off devices autonomously. Remote control can offer meaningful support, especially when devices are not directly accessible (e.g,. thermostat to manage heating temperature). Therefore, if RCS interfaces are not accessible via screen reader, blind users may miss a great opportunity to achieve greater autonomy at home. This paper investigates the accessibility of the web user interfaces offered by RCSs for blind people. To do this, the Fibaro, a popular Remote Control System, was tested as a case study by analyzing the interaction via screen reader. Results indicate that accessibility and especially usability need to be improved to make interaction easier and more satisfying for blind people. To this aim, some suggestions are offered to aid developers in designing more accessible RCS user interfaces.Source: GOODTECHS 2017 - International Conference on Smart Objects and Technologies for Social Good, pp. 71–81, Pisa, Italy, 29-30 November 2017
DOI: 10.1007/978-3-319-76111-4_8
Metrics:
Buzzi M., Gennai F., Leporini B.
Remote Control Systems (RCSs) are increasingly being installed in homes and offices. Technology evolves very rapidly and sensors and devices are becoming smaller, smarter and more powerful. Mobile and Web apps are commonly used to remotely configure and control devices. Home control is especially valuable for blind people, since they can benefit from technology to control and turn on/off devices autonomously. Remote control can offer meaningful support, especially when devices are not directly accessible (e.g,. thermostat to manage heating temperature). Therefore, if RCS interfaces are not accessible via screen reader, blind users may miss a great opportunity to achieve greater autonomy at home. This paper investigates the accessibility of the web user interfaces offered by RCSs for blind people. To do this, the Fibaro, a popular Remote Control System, was tested as a case study by analyzing the interaction via screen reader. Results indicate that accessibility and especially usability need to be improved to make interaction easier and more satisfying for blind people. To this aim, some suggestions are offered to aid developers in designing more accessible RCS user interfaces.Source: GOODTECHS 2017 - International Conference on Smart Objects and Technologies for Social Good, pp. 71–81, Pisa, Italy, 29-30 November 2017
DOI: 10.1007/978-3-319-76111-4_8
Metrics:
See at:
ISTI Repository | doi.org | link.springer.com | CNR ExploRA
2018
Other
Restricted
Regolamento utilizzo dei sistemi informatici, rete telematica e sicurezza Istituto di Scienza e Tecnologie dell'informazione "A. Faedo"
Deluca R., Diciotti R., Fantini E., Gennai F., Piccioli T.
Regolamento interno diretto ad evitare che comportamenti inconsapevoli possano innescare problemi o minacce alla sicurezza nel trattamento dei dati personali.
Deluca R., Diciotti R., Fantini E., Gennai F., Piccioli T.
Regolamento interno diretto ad evitare che comportamenti inconsapevoli possano innescare problemi o minacce alla sicurezza nel trattamento dei dati personali.
See at:
regolamento.isti.cnr.it | CNR ExploRA
2018
Software
Unknown
RemoveDisplay
Gennai F.
RemoveDisplay is a software that implements a PMDF channel to remove the "display name" from the header of an email. It is a powerful anti phishing solution that permits to display the true From field of an email in the user email client. The "display name" is the component of the email header From field that is typically displayed by the email clients. The phishing emails are composed by inserting a fake display name (for example the name of known delivery companies). When the recipient opens the email it will see such a "display name", but not the email from address. RemoveDisplay forces the client to display the from address instead of the display name that has been removed.
Gennai F.
RemoveDisplay is a software that implements a PMDF channel to remove the "display name" from the header of an email. It is a powerful anti phishing solution that permits to display the true From field of an email in the user email client. The "display name" is the component of the email header From field that is typically displayed by the email clients. The phishing emails are composed by inserting a fake display name (for example the name of known delivery companies). When the recipient opens the email it will see such a "display name", but not the email from address. RemoveDisplay forces the client to display the from address instead of the display name that has been removed.
See at: CNR ExploRA
2017
Report
Unknown
Introduzione alla gestione di un cluster OpenVMS
Martusciello L., Gennai F.
Introduzione alla gestione di un cluster OpenVMS.Source: ISTI Technical reports, 2017
Martusciello L., Gennai F.
Introduzione alla gestione di un cluster OpenVMS.Source: ISTI Technical reports, 2017
See at: CNR ExploRA
2017
Conference article
Restricted
Interoperability challenge of certified communication systems via internet
Buzzi M., Gennai F., Petrucci C.
Developing the full potential of Information and Communication Technology (ICT) can greatly innovate and promote society in a number of sectors, including eCommerce, eGovernment, and eHealth. The European Commission works to innovate and bring ICT to its full potential in any sector. Lack of interoperability and adherence to international standards heavily impacts on economic growth and competitiveness. This study suggests a conceptual model to support and fuel worldwide interoperability of Internet Certified Communication Systems (CCSs) worldwide. Current European CCS systems certify the source of an email or message but they also address specific national needs (government) by implementing closed solutions, which impedes cross-border and worldwide interoperability. The Generic CCS model (GCCS) defines an open solution that is able to redefine "closed" CCS systems, planting the seed for building worldwide interoperability between certified communication systems. Few scenarios of use illustrate the potential of the proposed model.Source: eGose '17 - Internationsl Conference on Electronic Governance and Open Society: Challenges in Eurasia, pp. 166–171, St. Petersburg, Russia, 04-06 September 2017
DOI: 10.1145/3129757.3129785
Metrics:
Buzzi M., Gennai F., Petrucci C.
Developing the full potential of Information and Communication Technology (ICT) can greatly innovate and promote society in a number of sectors, including eCommerce, eGovernment, and eHealth. The European Commission works to innovate and bring ICT to its full potential in any sector. Lack of interoperability and adherence to international standards heavily impacts on economic growth and competitiveness. This study suggests a conceptual model to support and fuel worldwide interoperability of Internet Certified Communication Systems (CCSs) worldwide. Current European CCS systems certify the source of an email or message but they also address specific national needs (government) by implementing closed solutions, which impedes cross-border and worldwide interoperability. The Generic CCS model (GCCS) defines an open solution that is able to redefine "closed" CCS systems, planting the seed for building worldwide interoperability between certified communication systems. Few scenarios of use illustrate the potential of the proposed model.Source: eGose '17 - Internationsl Conference on Electronic Governance and Open Society: Challenges in Eurasia, pp. 166–171, St. Petersburg, Russia, 04-06 September 2017
DOI: 10.1145/3129757.3129785
Metrics:
See at:
dl.acm.org | doi.org | CNR ExploRA
2017
Software
Unknown
Copyself & Backup
Gennai F.
Copyself & Backup is a software that enanches the PMDF mailer. It offers two main functionalities: CopySelf permits a user to get a copy of each email sent stored into the user mailbox . Backup offers an instant backup of each email sent or received by the user. The email are saved to a backup user mailbox (also on remote systems) that the user can access to retrieve losted email.
Gennai F.
Copyself & Backup is a software that enanches the PMDF mailer. It offers two main functionalities: CopySelf permits a user to get a copy of each email sent stored into the user mailbox . Backup offers an instant backup of each email sent or received by the user. The email are saved to a backup user mailbox (also on remote systems) that the user can access to retrieve losted email.
See at: fg.gposta.it | CNR ExploRA
2016
Conference article
Restricted
A proposed evolution for the Italian certified electronic mail system
Buzzi M., Ferrucci L., Gennai F., Petrucci C.
One the main objective of the European Commission is to innovate and bring ICT to its full potential in any sector, including eGovernment, eCommerce, and eHealth services. Certified Electronic Mail (CEM) systems of Member States are currently not interoperable, thus impacting on economic growth and competitiveness. The paper investigates the use of the DNSSec technology as a technological evolution of the Italian CEM System and the first step towards interoperability and adherence to international standards.Source: Third International Conference on eDemocracy & eGovernment (ICEDEG), pp. 34–41, Quito, Ecuador, 30/03/2016
DOI: 10.1109/icedeg.2016.7461693
Metrics:
Buzzi M., Ferrucci L., Gennai F., Petrucci C.
One the main objective of the European Commission is to innovate and bring ICT to its full potential in any sector, including eGovernment, eCommerce, and eHealth services. Certified Electronic Mail (CEM) systems of Member States are currently not interoperable, thus impacting on economic growth and competitiveness. The paper investigates the use of the DNSSec technology as a technological evolution of the Italian CEM System and the first step towards interoperability and adherence to international standards.Source: Third International Conference on eDemocracy & eGovernment (ICEDEG), pp. 34–41, Quito, Ecuador, 30/03/2016
DOI: 10.1109/icedeg.2016.7461693
Metrics:
See at:
doi.org | ieeexplore.ieee.org | CNR ExploRA
2016
Software
Open Access
PADDYsms
Gennai F.
PADDYsms è un gateway tra email e sms che permette l'invio e la ricezione di messaggi sms. PADDYsms è dotato di una interfaccia web di gestione e controllo. Gestisce un pool di modem GSM. Permette la creazione di liste di numeri di cell per l'invio massivo di SMS. Utile per esempio per la gestione di annunci di emergenza. L'invio avviene tramite una normale email, iviata ad una particolare destinatario corrispondente al gateway Email<->SMS (PADDYsms) . L'email viene elaborata per estrarre i testo da inviare come SMS. Permette l'assegnazione di priorità di invio ai messaggi in uscita. Per ogni destinatario riporta lo stato dell'SMS: non-ricevuto, ricevuto, letto e il relativo orario. Per ogni invio genera un dettagliato report, in formato PDF, che può essere stampato come attestato del risultato delle operazioni di invio.
Gennai F.
PADDYsms è un gateway tra email e sms che permette l'invio e la ricezione di messaggi sms. PADDYsms è dotato di una interfaccia web di gestione e controllo. Gestisce un pool di modem GSM. Permette la creazione di liste di numeri di cell per l'invio massivo di SMS. Utile per esempio per la gestione di annunci di emergenza. L'invio avviene tramite una normale email, iviata ad una particolare destinatario corrispondente al gateway Email<->SMS (PADDYsms) . L'email viene elaborata per estrarre i testo da inviare come SMS. Permette l'assegnazione di priorità di invio ai messaggi in uscita. Per ogni destinatario riporta lo stato dell'SMS: non-ricevuto, ricevuto, letto e il relativo orario. Per ogni invio genera un dettagliato report, in formato PDF, che può essere stampato come attestato del risultato delle operazioni di invio.
See at:
ISTI Repository | CNR ExploRA
2015
Conference article
Restricted
Introducing new technology into italian certified electronic mail: a proposal
Buzzi M., Ferrucci L., Gennai F., Petrucci C.
Over the last decade, an increasing number of Certified E-Mail systems (CEM) have been implemented in Europe and worldwide, but their diffusion and validity are mainly restricted in a national arena. Despite the effort of European Union (EU) that recently defined a specification for guaranteeing interoperability of CEM systems between Member States, its adoption has not be not yet fuelled, mainly since any CEM system receives a legal value by its State legislation. It is difficult to extend the legal value of CEM security mechanisms, e.g. receipts with timestamps which are considered evidences and legal proofs in disputes that may arise from different Parties inside a State, unless a common political and legal agreement will be created. At this aim, recently EU introduce the new Regulation on Electronic Identification and Trust Services (eIDAS), to address this issue. We believe that the first step for encouraging a more large adoption between communities is to implement CEMs using standard worldwide recognized solutions. In this paper we propose a technical evolution of the Italian CEM, called Posta Elettronica Certificata (PEC) moving from a close mechanisms to the adoption of a more standardized, distributed solution, based on DNS Security Extensions (DNSSec). This proposal would have a minimal impact on the legislation, restricted to the annex that defines PEC technical rules.Source: TELERISE '15 - First International Workshop on TEchnical and LEgal aspects of data pRIvacy, pp. 32–37, Firenze, Italy, 18 May 2015
DOI: 10.1109/telerise.2015.14
Metrics:
Buzzi M., Ferrucci L., Gennai F., Petrucci C.
Over the last decade, an increasing number of Certified E-Mail systems (CEM) have been implemented in Europe and worldwide, but their diffusion and validity are mainly restricted in a national arena. Despite the effort of European Union (EU) that recently defined a specification for guaranteeing interoperability of CEM systems between Member States, its adoption has not be not yet fuelled, mainly since any CEM system receives a legal value by its State legislation. It is difficult to extend the legal value of CEM security mechanisms, e.g. receipts with timestamps which are considered evidences and legal proofs in disputes that may arise from different Parties inside a State, unless a common political and legal agreement will be created. At this aim, recently EU introduce the new Regulation on Electronic Identification and Trust Services (eIDAS), to address this issue. We believe that the first step for encouraging a more large adoption between communities is to implement CEMs using standard worldwide recognized solutions. In this paper we propose a technical evolution of the Italian CEM, called Posta Elettronica Certificata (PEC) moving from a close mechanisms to the adoption of a more standardized, distributed solution, based on DNS Security Extensions (DNSSec). This proposal would have a minimal impact on the legislation, restricted to the annex that defines PEC technical rules.Source: TELERISE '15 - First International Workshop on TEchnical and LEgal aspects of data pRIvacy, pp. 32–37, Firenze, Italy, 18 May 2015
DOI: 10.1109/telerise.2015.14
Metrics:
See at:
doi.org | ieeexplore.ieee.org | CNR ExploRA
2014
Conference article
Restricted
E-Government services: Italian certified electronic mail
Buzzi M., Gennai F., Petrucci C., Vinciarelli A.
Efficiency, reliability, transparency and simplification of processes are key elements for enhancing progress in our society. In particular, e-Government services are improving our everyday life and email is frequently used by citizens to communicate with local and central Government. To provide legal validity for these communications, security mechanisms can be associated with exchanged messages. Since 2005 Italy has acknowledged the legal validity of certified electronic mail systems. The solution adopted by the Italian Government favors usability while ensuring server-to-server security and interoperability. In this paper certified email is briefly discussed, highlighting pros and limitations and discussing future steps, aimed at sharing, enhancing and reshaping certified electronic mail along with the international scientific community, to ensure worldwide interoperability and favor its diffusion.Source: 13th International Conference WWW/INTERNET, Porto, Portugal, 25 - 27 October 2014
Buzzi M., Gennai F., Petrucci C., Vinciarelli A.
Efficiency, reliability, transparency and simplification of processes are key elements for enhancing progress in our society. In particular, e-Government services are improving our everyday life and email is frequently used by citizens to communicate with local and central Government. To provide legal validity for these communications, security mechanisms can be associated with exchanged messages. Since 2005 Italy has acknowledged the legal validity of certified electronic mail systems. The solution adopted by the Italian Government favors usability while ensuring server-to-server security and interoperability. In this paper certified email is briefly discussed, highlighting pros and limitations and discussing future steps, aimed at sharing, enhancing and reshaping certified electronic mail along with the international scientific community, to ensure worldwide interoperability and favor its diffusion.Source: 13th International Conference WWW/INTERNET, Porto, Portugal, 25 - 27 October 2014
See at:
www.internet-conf.org | CNR ExploRA
2014
Report
Open Access
Proposta di aggiornamento delle specifiche tecniche per la posta elettronica certificata
Gennai F., Buzzi M., Ferrucci L.
In this technical report, we present a proposal to modify the protocol of the PEC (Certified Mail), the Italian infrastructure which exploits the well-known SMTP protocol to send e-mail messages and guarantee the non-repudiation of the sender and of the recipient using appropriate XML receipts and timestamps. The paper begins by describing the current problems of the PEC and try to solve the problem of identifying and retrieve the list of the authorized PEC domains avoiding the use of a centralized system, but taking advantage of the infrastructure of the secure DNS, DNSSec, in order to standardize the method. After a brief discussion of the standards DNS and DNSSec, and the introduction of standards for the publication of X.509v3 certificates inside the DNSSec itself, proposed with RFC6698 by the IETF's DANE group, the technical report introduces the proposed modifications, using a small case study to exemplify them. Finally there is a section analysis of the costs and benefits introduced by the proposal.Source: ISTI Technical reports, 2014
Gennai F., Buzzi M., Ferrucci L.
In this technical report, we present a proposal to modify the protocol of the PEC (Certified Mail), the Italian infrastructure which exploits the well-known SMTP protocol to send e-mail messages and guarantee the non-repudiation of the sender and of the recipient using appropriate XML receipts and timestamps. The paper begins by describing the current problems of the PEC and try to solve the problem of identifying and retrieve the list of the authorized PEC domains avoiding the use of a centralized system, but taking advantage of the infrastructure of the secure DNS, DNSSec, in order to standardize the method. After a brief discussion of the standards DNS and DNSSec, and the introduction of standards for the publication of X.509v3 certificates inside the DNSSec itself, proposed with RFC6698 by the IETF's DANE group, the technical report introduces the proposed modifications, using a small case study to exemplify them. Finally there is a section analysis of the costs and benefits introduced by the proposal.Source: ISTI Technical reports, 2014
See at:
ISTI Repository | CNR ExploRA
2013
Software
Unknown
StreamTrap - SMTP filter
Gennai F.
StreamTrap is a software to control SMTP traffics from local users. It acts as an anti-abuse system by controlling the number of SMTP sessions and/or the number of recipient addressed by an authenticated user during a predefined short period StreamTrap tries to recognize two different type of SMTP streams: connection stream and recipient-to stream. StreamTrap identifies two user status: - Normal user status - Stream-source user status. A stream is a flow of events associated to an user that has done the SMTP authentication. A stream is identified by the following 3 parameters: 1 - the username sending messages. 2 - a "stream interval": maximum interval between 2 consecutive events of the same stream type (session or recipient-to). 3 - a stream threshold: the number of events that should happen (with interval <= of "stream interval" between them) to declare the existence of the stream. StreamTrap permits a fine control, by a configuration file, of the action to apply to users that are recognized as Stream source user. It can simply notify the system administrator about users that have been switched to Stream-source user status or it can block the SMTP sessions from such users. The duration of any action can be configured. StreamTrap can be configured accordingly to a site needs and policy.
Gennai F.
StreamTrap is a software to control SMTP traffics from local users. It acts as an anti-abuse system by controlling the number of SMTP sessions and/or the number of recipient addressed by an authenticated user during a predefined short period StreamTrap tries to recognize two different type of SMTP streams: connection stream and recipient-to stream. StreamTrap identifies two user status: - Normal user status - Stream-source user status. A stream is a flow of events associated to an user that has done the SMTP authentication. A stream is identified by the following 3 parameters: 1 - the username sending messages. 2 - a "stream interval": maximum interval between 2 consecutive events of the same stream type (session or recipient-to). 3 - a stream threshold: the number of events that should happen (with interval <= of "stream interval" between them) to declare the existence of the stream. StreamTrap permits a fine control, by a configuration file, of the action to apply to users that are recognized as Stream source user. It can simply notify the system administrator about users that have been switched to Stream-source user status or it can block the SMTP sessions from such users. The duration of any action can be configured. StreamTrap can be configured accordingly to a site needs and policy.
See at: CNR ExploRA
2012
Conference article
Unknown
E-government services: Quality Assurance of the Italian Certified Electronic Mail
Buzzi M., Gennai F., Petrucci C., Vinciarelli A.
The Internet has revolutionized our society profoundly. Efficiency, reliability, transparency and simplification of processes are keywords of the new eSociety. In particular, eGovernment services have simplified the interaction of citizens with local and central Government. Of these Internet services, email-based communications are central due their simplicity of use. Since 2005 Italy has acknowledged the legal validity of Certified Electronic Mail (PEC) systems. The solution adopted by the Italian Government enhances usability while assuring server-to-server security and interoperability. In this paper we focus on the quality of PEC service. First, motivation for the introduction of certified email is briefly discussed. Next, we present the interoperability test, carried out cyclically for verifying and ensuring the high quality of PEC service. Last, future steps are proposed for sharing, enhancing and reshaping PEC together with the international scientific community, to assure worldwide interoperability and enhance its diffusionSource: HCITOCH 2012, pp. 1–12, Venezia, Italy, 2012
Buzzi M., Gennai F., Petrucci C., Vinciarelli A.
The Internet has revolutionized our society profoundly. Efficiency, reliability, transparency and simplification of processes are keywords of the new eSociety. In particular, eGovernment services have simplified the interaction of citizens with local and central Government. Of these Internet services, email-based communications are central due their simplicity of use. Since 2005 Italy has acknowledged the legal validity of Certified Electronic Mail (PEC) systems. The solution adopted by the Italian Government enhances usability while assuring server-to-server security and interoperability. In this paper we focus on the quality of PEC service. First, motivation for the introduction of certified email is briefly discussed. Next, we present the interoperability test, carried out cyclically for verifying and ensuring the high quality of PEC service. Last, future steps are proposed for sharing, enhancing and reshaping PEC together with the international scientific community, to assure worldwide interoperability and enhance its diffusionSource: HCITOCH 2012, pp. 1–12, Venezia, Italy, 2012
See at: CNR ExploRA