---
_id: '25336'
abstract:
- lang: eng
  text: OpenPGP and S/MIME are two major standards for securing email communication
    introduced in the early 1990s. Three recent classes of attacks exploit weak cipher
    modes (EFAIL Malleability Gadgets, or EFAIL-MG), the flexibility of the MIME email
    structure (EFAIL Direct Exfiltration, or EFAIL-DE), and the Reply action of the
    email client (REPLY attacks). Although all three break message confidentiality
    by using standardized email features, only EFAIL-MG has been mitigated in IETF
    standards with the introduction of AEAD algorithms. So far, no uniform and reliable
    countermeasures have been adopted by email clients to prevent EFAIL-DE and REPLY
    attacks. Instead, email clients implement a variety of different ad-hoc countermeasures
    which are only partially effective, cause interoperability problems, and fragment
    the secure email ecosystem.We present the first generic countermeasure against
    both REPLY and EFAIL-DE attacks by checking the decryption context including SMTP
    headers and MIME structure during decryption. The decryption context is encoded
    into a string DC and used as Associated Data (AD) in the AEAD encryption. Thus
    the proposed solution seamlessly extends the EFAIL-MG countermeasures. The decryption
    context changes whenever an attacker alters the email source code in a critical
    way, for example, if the attacker changes the MIME structure or adds a new Reply-To
    header. The proposed solution does not cause any interoperability problems and
    legacy emails can still be decrypted. We evaluate our approach by implementing
    the decryption contexts in Thunderbird/Enigmail and by verifying their correct
    functionality after the email has been transported over all major email providers,
    including Gmail and iCloud Mail.
author:
- first_name: Jörg
  full_name: Schwenk, Jörg
  last_name: Schwenk
- first_name: Marcus
  full_name: Brinkmann, Marcus
  last_name: Brinkmann
- first_name: Damian
  full_name: Poddebniak, Damian
  last_name: Poddebniak
- first_name: Jens
  full_name: Müller, Jens
  last_name: Müller
- first_name: Juraj
  full_name: Somorovsky, Juraj
  id: '83504'
  last_name: Somorovsky
  orcid: 0000-0002-3593-7720
- first_name: Sebastian
  full_name: Schinzel, Sebastian
  last_name: Schinzel
citation:
  ama: 'Schwenk J, Brinkmann M, Poddebniak D, Müller J, Somorovsky J, Schinzel S.
    Mitigation of Attacks on Email End-to-End Encryption. In: <i>Proceedings of the
    2020 ACM SIGSAC Conference on Computer and Communications Security</i>. CCS ’20.
    Association for Computing Machinery; 2020:1647–1664. doi:<a href="https://doi.org/10.1145/3372297.3417878">10.1145/3372297.3417878</a>'
  apa: Schwenk, J., Brinkmann, M., Poddebniak, D., Müller, J., Somorovsky, J., &#38;
    Schinzel, S. (2020). Mitigation of Attacks on Email End-to-End Encryption. <i>Proceedings
    of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>,
    1647–1664. <a href="https://doi.org/10.1145/3372297.3417878">https://doi.org/10.1145/3372297.3417878</a>
  bibtex: '@inproceedings{Schwenk_Brinkmann_Poddebniak_Müller_Somorovsky_Schinzel_2020,
    place={New York, NY, USA}, series={CCS ’20}, title={Mitigation of Attacks on Email
    End-to-End Encryption}, DOI={<a href="https://doi.org/10.1145/3372297.3417878">10.1145/3372297.3417878</a>},
    booktitle={Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications
    Security}, publisher={Association for Computing Machinery}, author={Schwenk, Jörg
    and Brinkmann, Marcus and Poddebniak, Damian and Müller, Jens and Somorovsky,
    Juraj and Schinzel, Sebastian}, year={2020}, pages={1647–1664}, collection={CCS
    ’20} }'
  chicago: 'Schwenk, Jörg, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj
    Somorovsky, and Sebastian Schinzel. “Mitigation of Attacks on Email End-to-End
    Encryption.” In <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and
    Communications Security</i>, 1647–1664. CCS ’20. New York, NY, USA: Association
    for Computing Machinery, 2020. <a href="https://doi.org/10.1145/3372297.3417878">https://doi.org/10.1145/3372297.3417878</a>.'
  ieee: 'J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, and S.
    Schinzel, “Mitigation of Attacks on Email End-to-End Encryption,” in <i>Proceedings
    of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>,
    2020, pp. 1647–1664, doi: <a href="https://doi.org/10.1145/3372297.3417878">10.1145/3372297.3417878</a>.'
  mla: Schwenk, Jörg, et al. “Mitigation of Attacks on Email End-to-End Encryption.”
    <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications
    Security</i>, Association for Computing Machinery, 2020, pp. 1647–1664, doi:<a
    href="https://doi.org/10.1145/3372297.3417878">10.1145/3372297.3417878</a>.
  short: 'J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, S. Schinzel,
    in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications
    Security, Association for Computing Machinery, New York, NY, USA, 2020, pp. 1647–1664.'
date_created: 2021-10-04T18:58:37Z
date_updated: 2022-08-03T09:57:27Z
department:
- _id: '632'
doi: 10.1145/3372297.3417878
keyword:
- decryption contexts
- EFAIL
- OpenPGP
- S/MIME
- AEAD
language:
- iso: eng
page: 1647–1664
place: New York, NY, USA
publication: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications
  Security
publication_identifier:
  isbn:
  - '9781450370899'
publication_status: published
publisher: Association for Computing Machinery
series_title: CCS '20
status: public
title: Mitigation of Attacks on Email End-to-End Encryption
type: conference
user_id: '83504'
year: '2020'
...