Dead Letters to Alice - Reachability of E-Mail Addresses in the PGP - - PowerPoint PPT Presentation

▶

Jul 13, 2023 235 likes •430 views

Introduction Study Design Results Conclusion Dead Letters to Alice - Reachability of E-Mail Addresses in the PGP Web of Trust Benjamin Leiding 1 ahn 2 Andreas D 1 University of G ottingen Telematics Group

SLIDE 1

Introduction Study Design Results Conclusion

Dead Letters to Alice

Reachability of E-Mail Addresses in the PGP

Web of Trust

Benjamin Leiding 1 Andreas D¨ ahn 2

1University of G¨

ttingen

Telematics Group benjamin.leiding@cs.uni-goettingen.de

2University of Rostock

andreas.daehn2@uni-rostock.de

August 1, 2016

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 1 / 18

SLIDE 2

Introduction Study Design Results Conclusion

Overview

1 Introduction 2 Study Design 3 Results 4 Conclusion

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 2 / 18

SLIDE 3

Introduction Study Design Results Conclusion

Introduction

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 3 / 18

SLIDE 4

Introduction Study Design Results Conclusion

PGP Web of Trust

Decentralized trust model for

public keys

Mainly used for encrypted email

communication

Users sign other users’ public key

using their own private key to certify authenticity

Interpreting each key as node and

each signature as directed edge results in a directed graph → The PGP Web of Trust

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 4 / 18

SLIDE 5

Introduction Study Design Results Conclusion

Motivation

Many different trust metric calculations applied to underlying

graph of the Web of Trust

Commonly used trust metrics exclude expired/revoked keys

and signatures BUT: Reachability of corresponding email account has not been considered as a criteria so far.

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 5 / 18

SLIDE 6

Introduction Study Design Results Conclusion

Study Design

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 6 / 18

SLIDE 7

Introduction Study Design Results Conclusion

Study Setup

1 Preparation 2 Syntax check of e-mail addresses 3 DNS testing 4 Validation 5 E-mail account testing

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 7 / 18

SLIDE 8

Introduction Study Design Results Conclusion

Preparation and Syntax Check

1. Preparation
Keyring snapshot retrieved on October 22, 2014
Extract e-mail addresses
Remove duplicates
2. Syntax check of e-mail addresses
Filtering for syntactical validity
No .onion-addresses (and similar)

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 8 / 18

SLIDE 9

Introduction Study Design Results Conclusion

DNS Testing, Validation and E-Mail Account Testing

3. DNS testing
Pull each domain’s DNS record and extract mail exchange

(MX) server

4. Validation
Test MX servers’ validation policy →

27d89e25a3518f4a7434474c2a7d4f1e43911bc58bec5f1@cia.gov

5. E-Mail account testing
Actual testing of e-mail addresses

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 9 / 18

SLIDE 10

Introduction Study Design Results Conclusion

Study Duration

Main-Study

Between February 12, 2015 and July 24, 2015

Sub-Study

Between August 11, 2015 and August 30, 2015
Used a subset (1%) of the syntactical correct and unique

addresses

Almost same results (88%)

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 10 / 18

SLIDE 11

Introduction Study Design Results Conclusion

Results

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 11 / 18

SLIDE 12

Introduction Study Design Results Conclusion

Findings - Syntactical Correct Unique E-Mail Addresses

34.7 % Account is reachable 28.0 % Account is unreachable 6.5 % Error during test 17.9 % No validation due to server policy 12.9 % Domain problem

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 12 / 18

SLIDE 13

Introduction Study Design Results Conclusion

Findings - Server Allowed Validation

50.1 % Account is reachable 40.5 % Account is unreachable 9.4 % Error during test

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 13 / 18

SLIDE 14

Introduction Study Design Results Conclusion

Top 5 Mail Exchange Domains

MX domain Overall Tested dead Tested alive abs. rel+ abs. abs google.com 472,528 14.84 % 64,268 369,816 googlemail.com 142,350 4.47 % 44,401 64,599 hotmail.com 125,857 3.95 % 50,036 53,128 gmx.net 106,818 3.35 % 18,943 63,796 yahoodns.net 83,747 2.63 % 745 476

+ to number of syntactic correct e-mail addresses the WoT

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 14 / 18

SLIDE 15

Introduction Study Design Results Conclusion

Selected Mail Exchange Operating Companies

Provider Overall Tested dead Tested alive abs. rel+ abs. rel++ abs rel+++ Google 614,878 19.31 % 108,669 12.18 % 343,415 31.11% United Internet 216,999 6.82 % 49,569 5.56 % 115,479 10.46 % Microsoft 183,104 5.75 % 54,076 6.06 % 57,360 5.20 %

+ to number of syntactic correct e-mail addresses in PGP web of

trust

++ to number of e-mail addresses found unreachable in the study +++ to number of e-mail addresses found reachable in the study

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 15 / 18

SLIDE 16

Introduction Study Design Results Conclusion

Conclusion

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 16 / 18

SLIDE 17

Introduction Study Design Results Conclusion

Conclusion

Extracted about four million e-mail addresses and tested three

million of them

40% of the e-mail addresses are unreachable
46% of the reachable e-mail addresses are operated by one of

three organizations

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 17 / 18

SLIDE 18

Introduction Study Design Results Conclusion

Questions?

Benjamin Leiding Dead Letters to Alice — BaSoTI 2016 18 / 18