[{"publication":"29th {USENIX} Security Symposium ({USENIX} Security 20)","type":"conference","status":"public","_id":"25334","department":[{"_id":"632"}],"user_id":"83504","language":[{"iso":"eng"}],"publication_identifier":{"isbn":["978-1-939133-17-5"]},"year":"2020","page":"2523-2540","citation":{"ama":"Fiterau-Brostean P, Jonsson B, Merget R, de Ruiter J, Sagonas K, Somorovsky J. Analysis of DTLS Implementations Using Protocol State Fuzzing. In: <i>29th {USENIX} Security Symposium ({USENIX} Security 20)</i>. {USENIX} Association; 2020:2523-2540.","ieee":"P. Fiterau-Brostean, B. Jonsson, R. Merget, J. de Ruiter, K. Sagonas, and J. Somorovsky, “Analysis of DTLS Implementations Using Protocol State Fuzzing,” in <i>29th {USENIX} Security Symposium ({USENIX} Security 20)</i>, 2020, pp. 2523–2540.","chicago":"Fiterau-Brostean, Paul, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, and Juraj Somorovsky. “Analysis of DTLS Implementations Using Protocol State Fuzzing.” In <i>29th {USENIX} Security Symposium ({USENIX} Security 20)</i>, 2523–40. {USENIX} Association, 2020.","apa":"Fiterau-Brostean, P., Jonsson, B., Merget, R., de Ruiter, J., Sagonas, K., &#38; Somorovsky, J. (2020). Analysis of DTLS Implementations Using Protocol State Fuzzing. <i>29th {USENIX} Security Symposium ({USENIX} Security 20)</i>, 2523–2540.","bibtex":"@inproceedings{Fiterau-Brostean_Jonsson_Merget_de Ruiter_Sagonas_Somorovsky_2020, title={Analysis of DTLS Implementations Using Protocol State Fuzzing}, booktitle={29th {USENIX} Security Symposium ({USENIX} Security 20)}, publisher={{USENIX} Association}, author={Fiterau-Brostean, Paul and Jonsson, Bengt and Merget, Robert and de Ruiter, Joeri and Sagonas, Konstantinos and Somorovsky, Juraj}, year={2020}, pages={2523–2540} }","short":"P. Fiterau-Brostean, B. Jonsson, R. Merget, J. de Ruiter, K. Sagonas, J. Somorovsky, in: 29th {USENIX} Security Symposium ({USENIX} Security 20), {USENIX} Association, 2020, pp. 2523–2540.","mla":"Fiterau-Brostean, Paul, et al. “Analysis of DTLS Implementations Using Protocol State Fuzzing.” <i>29th {USENIX} Security Symposium ({USENIX} Security 20)</i>, {USENIX} Association, 2020, pp. 2523–40."},"publisher":"{USENIX} Association","date_updated":"2022-01-06T06:57:01Z","date_created":"2021-10-04T18:56:41Z","author":[{"last_name":"Fiterau-Brostean","full_name":"Fiterau-Brostean, Paul","first_name":"Paul"},{"first_name":"Bengt","last_name":"Jonsson","full_name":"Jonsson, Bengt"},{"full_name":"Merget, Robert","last_name":"Merget","first_name":"Robert"},{"first_name":"Joeri","last_name":"de Ruiter","full_name":"de Ruiter, Joeri"},{"last_name":"Sagonas","full_name":"Sagonas, Konstantinos","first_name":"Konstantinos"},{"last_name":"Somorovsky","orcid":"0000-0002-3593-7720","id":"83504","full_name":"Somorovsky, Juraj","first_name":"Juraj"}],"title":"Analysis of DTLS Implementations Using Protocol State Fuzzing"},{"status":"public","abstract":[{"text":"OpenPGP and S/MIME are two major standards for securing email communication introduced in the early 1990s. Three recent classes of attacks exploit weak cipher modes (EFAIL Malleability Gadgets, or EFAIL-MG), the flexibility of the MIME email structure (EFAIL Direct Exfiltration, or EFAIL-DE), and the Reply action of the email client (REPLY attacks). Although all three break message confidentiality by using standardized email features, only EFAIL-MG has been mitigated in IETF standards with the introduction of AEAD algorithms. So far, no uniform and reliable countermeasures have been adopted by email clients to prevent EFAIL-DE and REPLY attacks. Instead, email clients implement a variety of different ad-hoc countermeasures which are only partially effective, cause interoperability problems, and fragment the secure email ecosystem.We present the first generic countermeasure against both REPLY and EFAIL-DE attacks by checking the decryption context including SMTP headers and MIME structure during decryption. The decryption context is encoded into a string DC and used as Associated Data (AD) in the AEAD encryption. Thus the proposed solution seamlessly extends the EFAIL-MG countermeasures. The decryption context changes whenever an attacker alters the email source code in a critical way, for example, if the attacker changes the MIME structure or adds a new Reply-To header. The proposed solution does not cause any interoperability problems and legacy emails can still be decrypted. We evaluate our approach by implementing the decryption contexts in Thunderbird/Enigmail and by verifying their correct functionality after the email has been transported over all major email providers, including Gmail and iCloud Mail.","lang":"eng"}],"publication":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","type":"conference","language":[{"iso":"eng"}],"keyword":["decryption contexts","EFAIL","OpenPGP","S/MIME","AEAD"],"department":[{"_id":"632"}],"user_id":"83504","series_title":"CCS '20","_id":"25336","page":"1647–1664","citation":{"ama":"Schwenk J, Brinkmann M, Poddebniak D, Müller J, Somorovsky J, Schinzel S. Mitigation of Attacks on Email End-to-End Encryption. In: <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>. CCS ’20. Association for Computing Machinery; 2020:1647–1664. doi:<a href=\"https://doi.org/10.1145/3372297.3417878\">10.1145/3372297.3417878</a>","chicago":"Schwenk, Jörg, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, and Sebastian Schinzel. “Mitigation of Attacks on Email End-to-End Encryption.” In <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>, 1647–1664. CCS ’20. New York, NY, USA: Association for Computing Machinery, 2020. <a href=\"https://doi.org/10.1145/3372297.3417878\">https://doi.org/10.1145/3372297.3417878</a>.","ieee":"J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, and S. Schinzel, “Mitigation of Attacks on Email End-to-End Encryption,” in <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>, 2020, pp. 1647–1664, doi: <a href=\"https://doi.org/10.1145/3372297.3417878\">10.1145/3372297.3417878</a>.","apa":"Schwenk, J., Brinkmann, M., Poddebniak, D., Müller, J., Somorovsky, J., &#38; Schinzel, S. (2020). Mitigation of Attacks on Email End-to-End Encryption. <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>, 1647–1664. <a href=\"https://doi.org/10.1145/3372297.3417878\">https://doi.org/10.1145/3372297.3417878</a>","short":"J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, S. Schinzel, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, 2020, pp. 1647–1664.","bibtex":"@inproceedings{Schwenk_Brinkmann_Poddebniak_Müller_Somorovsky_Schinzel_2020, place={New York, NY, USA}, series={CCS ’20}, title={Mitigation of Attacks on Email End-to-End Encryption}, DOI={<a href=\"https://doi.org/10.1145/3372297.3417878\">10.1145/3372297.3417878</a>}, booktitle={Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security}, publisher={Association for Computing Machinery}, author={Schwenk, Jörg and Brinkmann, Marcus and Poddebniak, Damian and Müller, Jens and Somorovsky, Juraj and Schinzel, Sebastian}, year={2020}, pages={1647–1664}, collection={CCS ’20} }","mla":"Schwenk, Jörg, et al. “Mitigation of Attacks on Email End-to-End Encryption.” <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>, Association for Computing Machinery, 2020, pp. 1647–1664, doi:<a href=\"https://doi.org/10.1145/3372297.3417878\">10.1145/3372297.3417878</a>."},"year":"2020","place":"New York, NY, USA","publication_identifier":{"isbn":["9781450370899"]},"publication_status":"published","doi":"10.1145/3372297.3417878","title":"Mitigation of Attacks on Email End-to-End Encryption","date_created":"2021-10-04T18:58:37Z","author":[{"first_name":"Jörg","full_name":"Schwenk, Jörg","last_name":"Schwenk"},{"last_name":"Brinkmann","full_name":"Brinkmann, Marcus","first_name":"Marcus"},{"last_name":"Poddebniak","full_name":"Poddebniak, Damian","first_name":"Damian"},{"last_name":"Müller","full_name":"Müller, Jens","first_name":"Jens"},{"first_name":"Juraj","full_name":"Somorovsky, Juraj","id":"83504","last_name":"Somorovsky","orcid":"0000-0002-3593-7720"},{"full_name":"Schinzel, Sebastian","last_name":"Schinzel","first_name":"Sebastian"}],"date_updated":"2022-08-03T09:57:27Z","publisher":"Association for Computing Machinery"}]