Share this page!

Sebastian Schinzel Profile picture
Twitter logo
3 Nov, 7 tweets, 4 min read
New paper on how to fix #efail style attacks against e2e encrypted email, including OpenPGP and S/MIME. Joint work with @JoergSchwenk @lambdafu @dues__ @jensvoid @jurajsomorovsky @seecurity. To be presented at @acm_ccs 2020. Thread:
One central problem of email e2ee is that neither MIME structure nor header fields are protected from modification. Attackers can send modified ciphertexts, can send ciphertexts with crafted MIME structures or can add or remove headers such as FROM, RCPT TO or SUBJECT at will.
This allows attacks such as those described in efail.de or in arxiv.org/abs/1904.07550. So far, the mail clients mostly implemented ad hoc countermeasures that don't address the root causes the attacks.
We present a generic countermeasure that checks the "decryption context“ including SMTP headers and the MIME structure. The decryption context is encoded as a string and used as Associated Data in the AEAD encryption scheme.
The decryption context changes when attacks alters the email source code in a critical way. This leads to an invalid AEAD auth tag after decryption, which reliably detects the modification. The dc policy even allows the sender to define allowed modifications to the original email
Our proposed solution does not cause any interoperability problems and legacy emails can still be decrypted. We implemented and tested the decryption contexts in Thunderbird/Enigmail and measured the email transport over all major email providers.
The paper is here: dl.acm.org/doi/10.1145/33…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Sebastian Schinzel

Sebastian Schinzel Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @seecurity

Sebastian Schinzel Profile picture
30 Sep 19
New Paper: “Practical Decryption exFiltration: Breaking PDF Encryption“ describing new attacks that uncover the plaintext of encrypted PDFs. To be presented at @acm_ccs and joint work with @jensvoid @Murgi @v_mladenov @CheariX @JoergSchwenk. #PDFex 1/n
@acm_ccs @jensvoid @Murgi @v_mladenov @CheariX @JoergSchwenk Do you remember the efail.de attacks against S/MIME and OpenPGP encrypted emails? It’s basically that but against encrypted PDFs. Paper: pdf-insecurity.org. #PDFex 2/n
@acm_ccs @jensvoid @Murgi @v_mladenov @CheariX @JoergSchwenk The attacker modifies an encrypted PDF and sends it to the receiver. The receiver opens and decrypts the modified PDF and the viewer immediately sends the plaintext of the PDF to the attacker. #PDFex 3/n
Read 9 tweets
Sebastian Schinzel Profile picture
14 May 18
We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4
There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFF’s blog post on this issue: eff.org/deeplinks/2018… #efail 2/4
Here are @EFF’s guides for disabling PGP/GPG in Thunderbird eff.org/deeplinks/2018…, Apple Mail eff.org/deeplinks/2018…, and Outlook eff.org/deeplinks/2018…. #efail 3/4
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @seecurity