conference paper published Jörg Schwenk author Marcus Brinkmann author Damian Poddebniak author Jens Müller author Juraj Somorovsky author 835040000-0002-3593-7720 Sebastian Schinzel author 632 department OpenPGP and S/MIME are two major standards for securing email communication introduced in the early 1990s. Three recent classes of attacks exploit weak cipher modes (EFAIL Malleability Gadgets, or EFAIL-MG), the flexibility of the MIME email structure (EFAIL Direct Exfiltration, or EFAIL-DE), and the Reply action of the email client (REPLY attacks). Although all three break message confidentiality by using standardized email features, only EFAIL-MG has been mitigated in IETF standards with the introduction of AEAD algorithms. So far, no uniform and reliable countermeasures have been adopted by email clients to prevent EFAIL-DE and REPLY attacks. Instead, email clients implement a variety of different ad-hoc countermeasures which are only partially effective, cause interoperability problems, and fragment the secure email ecosystem.We present the first generic countermeasure against both REPLY and EFAIL-DE attacks by checking the decryption context including SMTP headers and MIME structure during decryption. The decryption context is encoded into a string DC and used as Associated Data (AD) in the AEAD encryption. Thus the proposed solution seamlessly extends the EFAIL-MG countermeasures. The decryption context changes whenever an attacker alters the email source code in a critical way, for example, if the attacker changes the MIME structure or adds a new Reply-To header. The proposed solution does not cause any interoperability problems and legacy emails can still be decrypted. We evaluate our approach by implementing the decryption contexts in Thunderbird/Enigmail and by verifying their correct functionality after the email has been transported over all major email providers, including Gmail and iCloud Mail. Association for Computing Machinery2020 eng decryption contextsEFAILOpenPGPS/MIMEAEAD 978145037089910.1145/3372297.3417878 1647–1664 J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, and S. Schinzel, “Mitigation of Attacks on Email End-to-End Encryption,” in <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>, 2020, pp. 1647–1664, doi: <a href="https://doi.org/10.1145/3372297.3417878">10.1145/3372297.3417878</a>. Schwenk, J., Brinkmann, M., Poddebniak, D., Müller, J., Somorovsky, J., &#38; Schinzel, S. (2020). Mitigation of Attacks on Email End-to-End Encryption. <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>, 1647–1664. <a href="https://doi.org/10.1145/3372297.3417878">https://doi.org/10.1145/3372297.3417878</a> Schwenk, Jörg, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, and Sebastian Schinzel. “Mitigation of Attacks on Email End-to-End Encryption.” In <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>, 1647–1664. CCS ’20. New York, NY, USA: Association for Computing Machinery, 2020. <a href="https://doi.org/10.1145/3372297.3417878">https://doi.org/10.1145/3372297.3417878</a>. J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, S. Schinzel, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, 2020, pp. 1647–1664. Schwenk, Jörg, et al. “Mitigation of Attacks on Email End-to-End Encryption.” <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>, Association for Computing Machinery, 2020, pp. 1647–1664, doi:<a href="https://doi.org/10.1145/3372297.3417878">10.1145/3372297.3417878</a>. @inproceedings{Schwenk_Brinkmann_Poddebniak_Müller_Somorovsky_Schinzel_2020, place={New York, NY, USA}, series={CCS ’20}, title={Mitigation of Attacks on Email End-to-End Encryption}, DOI={<a href="https://doi.org/10.1145/3372297.3417878">10.1145/3372297.3417878</a>}, booktitle={Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security}, publisher={Association for Computing Machinery}, author={Schwenk, Jörg and Brinkmann, Marcus and Poddebniak, Damian and Müller, Jens and Somorovsky, Juraj and Schinzel, Sebastian}, year={2020}, pages={1647–1664}, collection={CCS ’20} } Schwenk J, Brinkmann M, Poddebniak D, Müller J, Somorovsky J, Schinzel S. Mitigation of Attacks on Email End-to-End Encryption. In: <i>Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security</i>. CCS ’20. Association for Computing Machinery; 2020:1647–1664. doi:<a href="https://doi.org/10.1145/3372297.3417878">10.1145/3372297.3417878</a> 253362021-10-04T18:58:37Z2022-08-03T09:57:27Z