[{"language":[{}],"series_title":"CCS '20","creator":{"id":"83504","login":"jurajs"},"date_updated":"2022-08-03T09:57:27Z","dini_type":"doc-type:conferenceObject","publication_identifier":{"isbn":[]},"publication_status":"published","department":[{"tree":[{"_id":"7"},{"_id":"34"},{"_id":"44"},{"_id":"43"}],"_id":"632"}],"dc":{"title":["Mitigation of Attacks on Email End-to-End Encryption"],"date":["2020"],"identifier":["https://ris.uni-paderborn.de/record/25336"],"publisher":["Association for Computing Machinery"],"creator":["Schwenk, Jörg","Brinkmann, Marcus","Poddebniak, Damian","Müller, Jens","Somorovsky, Juraj","Schinzel, Sebastian"],"source":["Schwenk J, Brinkmann M, Poddebniak D, Müller J, Somorovsky J, Schinzel S. Mitigation of Attacks on Email End-to-End Encryption. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. CCS ’20. Association for Computing Machinery; 2020:1647–1664. doi:10.1145/3372297.3417878"],"relation":["info:eu-repo/semantics/altIdentifier/doi/10.1145/3372297.3417878","info:eu-repo/semantics/altIdentifier/isbn/9781450370899"],"description":["OpenPGP and S/MIME are two major standards for securing email communication introduced in the early 1990s. Three recent classes of attacks exploit weak cipher modes (EFAIL Malleability Gadgets, or EFAIL-MG), the flexibility of the MIME email structure (EFAIL Direct Exfiltration, or EFAIL-DE), and the Reply action of the email client (REPLY attacks). Although all three break message confidentiality by using standardized email features, only EFAIL-MG has been mitigated in IETF standards with the introduction of AEAD algorithms. So far, no uniform and reliable countermeasures have been adopted by email clients to prevent EFAIL-DE and REPLY attacks. Instead, email clients implement a variety of different ad-hoc countermeasures which are only partially effective, cause interoperability problems, and fragment the secure email ecosystem.We present the first generic countermeasure against both REPLY and EFAIL-DE attacks by checking the decryption context including SMTP headers and MIME structure during decryption. The decryption context is encoded into a string DC and used as Associated Data (AD) in the AEAD encryption. Thus the proposed solution seamlessly extends the EFAIL-MG countermeasures. The decryption context changes whenever an attacker alters the email source code in a critical way, for example, if the attacker changes the MIME structure or adds a new Reply-To header. The proposed solution does not cause any interoperability problems and legacy emails can still be decrypted. We evaluate our approach by implementing the decryption contexts in Thunderbird/Enigmail and by verifying their correct functionality after the email has been transported over all major email providers, including Gmail and iCloud Mail."],"type":["info:eu-repo/semantics/conferenceObject","doc-type:conferenceObject","text","http://purl.org/coar/resource_type/c_5794"],"language":["eng"],"subject":["decryption contexts","EFAIL","OpenPGP","S/MIME","AEAD"],"rights":["info:eu-repo/semantics/closedAccess"]},"place":"New York, NY, USA","uri_base":"https://ris.uni-paderborn.de","page":"1647–1664","citation":{"bibtex":"@inproceedings{Schwenk_Brinkmann_Poddebniak_Müller_Somorovsky_Schinzel_2020, place={New York, NY, USA}, series={CCS ’20}, title={Mitigation of Attacks on Email End-to-End Encryption}, DOI={10.1145/3372297.3417878}, booktitle={Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security}, publisher={Association for Computing Machinery}, author={Schwenk, Jörg and Brinkmann, Marcus and Poddebniak, Damian and Müller, Jens and Somorovsky, Juraj and Schinzel, Sebastian}, year={2020}, pages={1647–1664}, collection={CCS ’20} }","mla":"Schwenk, Jörg, et al. “Mitigation of Attacks on Email End-to-End Encryption.” Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, 2020, pp. 1647–1664, doi:10.1145/3372297.3417878.","chicago":"Schwenk, Jörg, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, and Sebastian Schinzel. “Mitigation of Attacks on Email End-to-End Encryption.” In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 1647–1664. CCS ’20. New York, NY, USA: Association for Computing Machinery, 2020. https://doi.org/10.1145/3372297.3417878.","apa":"Schwenk, J., Brinkmann, M., Poddebniak, D., Müller, J., Somorovsky, J., & Schinzel, S. (2020). Mitigation of Attacks on Email End-to-End Encryption. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 1647–1664. https://doi.org/10.1145/3372297.3417878","ieee":"J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, and S. Schinzel, “Mitigation of Attacks on Email End-to-End Encryption,” in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 1647–1664, doi: 10.1145/3372297.3417878.","short":"J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, S. Schinzel, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, 2020, pp. 1647–1664."},"type":"conference","_id":"25336","date_created":"2021-10-04T18:58:37Z","status":"public","publication":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","keyword":[],"author":[{"last_name":"Schwenk","first_name":"Jörg"},{"first_name":"Marcus","last_name":"Brinkmann"},{"first_name":"Damian","last_name":"Poddebniak"},{"last_name":"Müller","first_name":"Jens"},{"last_name":"Somorovsky","id":"83504","first_name":"Juraj","orcid":"0000-0002-3593-7720"},{"last_name":"Schinzel","first_name":"Sebastian"}],"user_id":"83504","abstract":[{"lang":"eng"}]}]