Mitigation of Attacks on Email End-to-End Encryption
J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, S. Schinzel, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, 2020, pp. 1647–1664.
Download
No fulltext has been uploaded.
Conference Paper
| Published
| English
Author
Schwenk, Jörg;
Brinkmann, Marcus;
Poddebniak, Damian;
Müller, Jens;
Somorovsky, JurajLibreCat ;
Schinzel, Sebastian
Department
Abstract
OpenPGP and S/MIME are two major standards for securing email communication introduced in the early 1990s. Three recent classes of attacks exploit weak cipher modes (EFAIL Malleability Gadgets, or EFAIL-MG), the flexibility of the MIME email structure (EFAIL Direct Exfiltration, or EFAIL-DE), and the Reply action of the email client (REPLY attacks). Although all three break message confidentiality by using standardized email features, only EFAIL-MG has been mitigated in IETF standards with the introduction of AEAD algorithms. So far, no uniform and reliable countermeasures have been adopted by email clients to prevent EFAIL-DE and REPLY attacks. Instead, email clients implement a variety of different ad-hoc countermeasures which are only partially effective, cause interoperability problems, and fragment the secure email ecosystem.We present the first generic countermeasure against both REPLY and EFAIL-DE attacks by checking the decryption context including SMTP headers and MIME structure during decryption. The decryption context is encoded into a string DC and used as Associated Data (AD) in the AEAD encryption. Thus the proposed solution seamlessly extends the EFAIL-MG countermeasures. The decryption context changes whenever an attacker alters the email source code in a critical way, for example, if the attacker changes the MIME structure or adds a new Reply-To header. The proposed solution does not cause any interoperability problems and legacy emails can still be decrypted. We evaluate our approach by implementing the decryption contexts in Thunderbird/Enigmail and by verifying their correct functionality after the email has been transported over all major email providers, including Gmail and iCloud Mail.
Keywords
Publishing Year
Proceedings Title
Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
forms.conference.field.series_title_volume.label
CCS '20
Page
1647–1664
ISBN
LibreCat-ID
Cite this
Schwenk J, Brinkmann M, Poddebniak D, Müller J, Somorovsky J, Schinzel S. Mitigation of Attacks on Email End-to-End Encryption. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. CCS ’20. Association for Computing Machinery; 2020:1647–1664. doi:10.1145/3372297.3417878
Schwenk, J., Brinkmann, M., Poddebniak, D., Müller, J., Somorovsky, J., & Schinzel, S. (2020). Mitigation of Attacks on Email End-to-End Encryption. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 1647–1664. https://doi.org/10.1145/3372297.3417878
@inproceedings{Schwenk_Brinkmann_Poddebniak_Müller_Somorovsky_Schinzel_2020, place={New York, NY, USA}, series={CCS ’20}, title={Mitigation of Attacks on Email End-to-End Encryption}, DOI={10.1145/3372297.3417878}, booktitle={Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security}, publisher={Association for Computing Machinery}, author={Schwenk, Jörg and Brinkmann, Marcus and Poddebniak, Damian and Müller, Jens and Somorovsky, Juraj and Schinzel, Sebastian}, year={2020}, pages={1647–1664}, collection={CCS ’20} }
Schwenk, Jörg, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, and Sebastian Schinzel. “Mitigation of Attacks on Email End-to-End Encryption.” In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 1647–1664. CCS ’20. New York, NY, USA: Association for Computing Machinery, 2020. https://doi.org/10.1145/3372297.3417878.
J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, and S. Schinzel, “Mitigation of Attacks on Email End-to-End Encryption,” in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 1647–1664, doi: 10.1145/3372297.3417878.
Schwenk, Jörg, et al. “Mitigation of Attacks on Email End-to-End Encryption.” Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, 2020, pp. 1647–1664, doi:10.1145/3372297.3417878.