neither snow nor rain nor mitm an empirical analysis of
play

Neither Snow Nor Rain Nor MITM ... An Empirical Analysis of Email - PowerPoint PPT Presentation

Oct 12, 2023 •178 likes •357 views

Neither Snow Nor Rain Nor MITM ... An Empirical Analysis of Email Delivery Security by Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten Elie Bursytein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, J. Alex Champaign

  1. Neither Snow Nor Rain Nor MITM ... An Empirical Analysis of Email Delivery Security by Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten Elie Bursytein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, J. Alex Champaign Muhammad Triwindu Prasetya Technische Universität München München, 22 June 2017

  2. Agenda 1. Abstract 2. Introduction 3. Background 4. Methodology 1. Implementation 2. Dataset 5. Results 6. Conclusion Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 2

  3. Abstract • SMTP (Simple Mail Transfer Protocol) • Note: does not have a feature for authenticating the sender or encrypt mail in transit • The team present: • The report on global adoption rate of SMTP security extension, including: • STARTTLS • SPF (Sender Policy Framework) • DKIM (DomainKeys Identified Mail) • DMARC (Domain – based Message Authentication Reporting & Conformance) • The data from 2 perspectives: • SMTP configuration for Alexa Top Million domains (from April 2015) • SMTP connection to and from Gmail (January 2014 – April 2015) • The evidence of such attacks in the wild highlighting, 7 countries where: • More than 20% inbound Gmail message arrives in clean text due to network attackers Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 3

  4. Introduction E-mail carries some of users most sensitive communication, such as: • Private correspondence • Financial detail • Password recovery confirmation (lead to other critical resources) What users expected? • Private • Unforgeable However, SMTP does not authenticate sender or encrypt mail in transit. Instead, servers support security extension features voluntary. And also the team, measure the global adoption of SMTP security extension and resulting impact on end users. Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 4

  5. Continued... The team used the data from both perspectives to estimate: • The volume of messages • Total of mail servers that support encryption and authentication • Identify mail server configuration pitfalls that weaken security guarantees • Expose threats introduced by lax security policy (enable wide – scale surveillance and message forgery) Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 5

  6. Gmail Perspective • Incoming message by TLS have increased 82% • Peaking at 60% of all inbound mail in April 2015 • Outgoing grew 54% with 80% of messages are protected • Improvement largely increased by small number of popular web mail provider, such as: • Yahoo • Outlook Alexa Top Million Perspective • Only 82% SMTP Server associated with Alexa support TLS • Mere 35% are properly configured to allow server authentication • 2 or 3 SMTP software platform fail to protect the message by default Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 6

  7. Adoption SMTP Security Extension • Gmail • Able to validate 94% inbound message (combination DKIM and SPF) • Alexa Top Million • Among the mail servers, only 47% deploy SPF policies and 1% provide DMARC policy • Implication: make the recipients unsure the unsigned message is invalid or expected Example of an attack: • The team identify 41,405 SMTP server in 4,714 ASes and 193 countries can‘t protect passive eavesdropper due to corruption on STARTTLS on network • Analyzing that mail sent to Gmail from these hosts • Found that in 7 countries, >20% of all messages prevented from being encrypted • 96% of messages are downgraded to cleartext are sent from Tunisia Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 7

  8. Background SMTP does not support confidentiality of message in transit and authenticating message after recipients received the message. • Protecting messages in transit • One way: use STARTTLS • STARTTLS aims to protect hops between server • Primarily protect from passive eavesdroppers • Not use for authentication mail server, rather providing encryption • If STARTTLS no supported, mail server relay the message in cleartext Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 8

  9. Continued... • Authenticating Mail Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 9

  10. Dataset Gmail Inbound and Outbound Messages Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 10

  11. Continued... Alexa Top Million Mail Severs Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 11

  12. Implementation The team tested whether: • Each implementation initiated STARTTLS on each SMTP • Supported incoming STARTTLS connection • How it validated Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 12

  13. Threats to Confidentiality STARTTLS protects from passive eavesdropper but not MITM 2 types of network attack: • Downgrading STARTTLS session to insecure channel • Falsifying MX record to re – route message Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 13

  14. STARTTLS Corruption • An active attack can prevent mail encryption by tampering with the establishment of a TLS session • The attacker take an advantage of the fail – open STARTTLS when an error occurs during STARTTLS handshake then the attacker launch downgrade attack. Scanning Methodology The team build SMTP servers that are frequently report back invalid command • Performed a TCP SYN scan on port 25 • Attempted to perform an SMTP and STARTTLS handshake with responsive hosts • Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 14

  15. DNS Hijacking • An active attacker can spoof the DNS records of destination mail server • Then redirecting SMTP connections to a server under attacker’s control Scan Methodology • Use Zmap for identifying servers with falsified DNS records Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 15

  16. Conclusion SMTP did not support confidentiality and integrity • SMTP security extension • STARTTLS • SPF • DKIM • DMARC • The authors used data from 2 perspectives: • SMTP connection to and from Gmail • SMTP configuration for Alexa Top Million • Large providers play important role in improvement • Fail – open STARTTLS leads to exposing users • Potentially for Man-In-The-Middle attack • Dr. Vaibhav Bajpai (TUM) | Chair of Connected Mobility | TUM Department of Informantic 16

  17. THANK YOU

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security Zakir

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security Zakir

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Kurt Thomas, Vijay Eranti, Nicholas Lidzborski, Elie Bursztein, Michael Bailey, J. Alex

522 views • 33 slides
Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security Nicolas

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security Nicolas

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security Nicolas Lidzborski, Elie Bursztein, Kurt Thomas, Vijay Eranti ( Google ) Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, J. Alex Halderman ( University

432 views • 25 slides
Neither Snow Nor Rain Nor MITM... Real World Email Delivery Security Zakir Durumeric

Neither Snow Nor Rain Nor MITM... Real World Email Delivery Security Zakir Durumeric

Neither Snow Nor Rain Nor MITM... Real World Email Delivery Security Zakir Durumeric University of Michigan How is your everyday email protected? Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security

943 views • 44 slides
Rain/Snow Harvesting FAQ What is rain/snow harvesting? Rain/snow harvesting is simply to

Rain/Snow Harvesting FAQ What is rain/snow harvesting? Rain/snow harvesting is simply to

Rain/Snow Harvesting FAQ What is rain/snow harvesting? Rain/snow harvesting is simply to capture the rain water on your property. Where does the water come from? The water is free! You just capture the rain water as it falls from

380 views • 21 slides
he [Baal] will give abundance of rain, abundance of moisture with snow, he will utter his

he [Baal] will give abundance of rain, abundance of moisture with snow, he will utter his

he [Baal] will give abundance of rain, abundance of moisture with snow, he will utter his voice in the clouds and his flashings and lightnings on the earth.. Ras Shamra texts for Baals rain on the earth and the rain of the Most

524 views • 28 slides
Long Range Forecast: Where We Stand and Why? Whos Getting Rain or Snow? The data cutoff for

Long Range Forecast: Where We Stand and Why? Whos Getting Rain or Snow? The data cutoff for

Long Range Forecast: Where We Stand and Why? Whos Getting Rain or Snow? The data cutoff for Drought Monitor maps is Tuesday at 7 a.m. Eastern Standard Time. The maps, which are based on analysis of the data, are released each Thursday at

609 views • 29 slides
Snow Ice crystals come together in a cloud to make a snowflake . Snow is a solid.

Snow Ice crystals come together in a cloud to make a snowflake . Snow is a solid.

Snow Ice crystals come together in a cloud to make a snowflake . Snow is a solid. The most is in the North Pole. Sleet Rain that is partly frozen or mixed with snow is sleet. Sleet falls faster then snow.

486 views • 4 slides
MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( )

MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( )

Software and Web Security 2 MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( ) MitM attack: attacker gets between the browser and the web server, eg eg by setting up a wifi access point

345 views • 9 slides
snow/rain timing, storm frequency and intensity, land management) to lake eutrophication and algal

snow/rain timing, storm frequency and intensity, land management) to lake eutrophication and algal

Question 1: What is the relative importance of endogenous in- lake processes (e.g. internal loading, ice cover, hydrodynamics) versus exogenous to-lake processes (e.g. land use change, snow/rain timing, storm frequency and intensity, land

372 views • 15 slides
Microclimate & Human Comfort Using Deep, Rapid Analysis to Inform Design Gonalo Pedro,

Microclimate & Human Comfort Using Deep, Rapid Analysis to Inform Design Gonalo Pedro,

Microclimate & Human Comfort Using Deep, Rapid Analysis to Inform Design Gonalo Pedro, Ph.D. Associate/Project Consultant RWDI 19 th November 2018 Vertical Neighbourhoods Summit Toronto, ON Snow Rain Wind Cold & Snow Toronto Is

539 views • 19 slides
CANOPY Self-deploy system Quick protection from rain Minimally obtrusive Durable and

CANOPY Self-deploy system Quick protection from rain Minimally obtrusive Durable and

CANOPY Self-deploy system Quick protection from rain Minimally obtrusive Durable and long-lasting MARKET NEED 33M 21% Umbrellas sold Boston days in US annually with rain/snow 63% Bostonians in walkable areas

945 views • 6 slides
MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation

MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation

Software and Web Security 2 MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation by Moxie Marlinspike; see URL on course page sws2 1 MitM (Man-in-the-Middle) attacks MitM attack: attacker

971 views • 38 slides
MiTM Attack MiTM Attack Edri Guy Edri Guy May 29 ,2013 May 29 ,2013 PC-Labs May 29 2013

MiTM Attack MiTM Attack Edri Guy Edri Guy May 29 ,2013 May 29 ,2013 PC-Labs May 29 2013

MiTM Attack - Haifa-Sec MiTM Attack MiTM Attack Edri Guy Edri Guy May 29 ,2013 May 29 ,2013 PC-Labs May 29 2013 MiTM Attack - Haifa-Sec MiTM Attack - Haifa-Sec DISCLAIMER DISCLAIMER 1 The following discussion is for informational

552 views • 33 slides
Recreating the NSA's MITM Attack 1 Why Should This Topic be Chosen? Goal 1: Understanding how

Recreating the NSA's MITM Attack 1 Why Should This Topic be Chosen? Goal 1: Understanding how

create your own exercise Christoph Schmidt, Team 1 Recreating the NSA's MITM Attack 1 Why Should This Topic be Chosen? Goal 1: Understanding how the NSA uses its access to the Backbone Goal 2: Understanding how MITM attacks can be done

1.02k views • 82 slides
Snow and Ice Control Update October 22, 2018 Comments from last winter Why no snow emergency?

Snow and Ice Control Update October 22, 2018 Comments from last winter Why no snow emergency?

Snow and Ice Control Update October 22, 2018 Comments from last winter Why no snow emergency? Address priority areas sooner? Start earlier? Clear snow from driveways? 2018-19 Updates Added 8 miles of snow emergency route

103 views • 7 slides
A SNOW COLLEGE PROGRAM Snow College 150 College Ave. Ephraim, UT 84627 no more excuses! A SNOW

A SNOW COLLEGE PROGRAM Snow College 150 College Ave. Ephraim, UT 84627 no more excuses! A SNOW

A SNOW COLLEGE PROGRAM Snow College 150 College Ave. Ephraim, UT 84627 no more excuses! A SNOW COLLEGE PROGRAM for only $ 5 be active .00 Introduction Flyer be healthy a month be stronger be smarter be happy! fit bit flex (with option

164 views • 15 slides
Email Delivery Security Zakir Durumeric et al. ACM IMC 2015 Slides Credit: Sogand Sadrhaghighi

Email Delivery Security Zakir Durumeric et al. ACM IMC 2015 Slides Credit: Sogand Sadrhaghighi

An Empirical Analysis of Email Delivery Security Zakir Durumeric et al. ACM IMC 2015 Slides Credit: Sogand Sadrhaghighi 1 Motivation How is your everyday email protected? 2 SMTP (Simple Mail Transfer Protocol) SMTP is the Internet

965 views • 16 slides
Lightweight Encryption for Email Ben Adida ben@mit.edu 7 July 2005 joint work with Susan

Lightweight Encryption for Email Ben Adida ben@mit.edu 7 July 2005 joint work with Susan

Lightweight Encryption for Email Ben Adida ben@mit.edu 7 July 2005 joint work with Susan Hohenberger and Ronald L. Rivest MIT Cryptography and Information Security Group Motivation To Improve/Restore the Usefulness of Email

487 views • 28 slides
Last lesson Moving beyond individual computers Networks Layer model The Internet

Last lesson Moving beyond individual computers Networks Layer model The Internet

11/21/2009 Last lesson Moving beyond individual computers Networks Layer model The Internet IP addresses Domain names 1 11/21/2009 This week Application Protocols Email SMTP, POP, IMAP The Web HTTP

440 views • 13 slides
Dovecot: Secure IMAP Email Server February 2, 2006 Why Run An Email Server? Control resource

Dovecot: Secure IMAP Email Server February 2, 2006 Why Run An Email Server? Control resource

NDLUG Dovecot: Secure IMAP Email Server February 2, 2006 Why Run An Email Server? Control resource allocation Limited storage on regular email account (50 megabytes at ND) Unlimited on your own computer Do filtering and sorting

454 views • 8 slides
DevOps to NoOps 10 cloud services you should be using

DevOps to NoOps 10 cloud services you should be using

DevOps to NoOps 10 cloud services you should be using Ross Mason, MuleSo= @rossmason, @mulejockey About Me Agenda Impact of APIs Top 10

681 views • 34 slides
Breaking the Myths of Extended Validation SSL Certificates Alexander Sotirov phmsecurity.com

Breaking the Myths of Extended Validation SSL Certificates Alexander Sotirov phmsecurity.com

BlackHat Briefings, 2009 Breaking the Myths of Extended Validation SSL Certificates Alexander Sotirov phmsecurity.com Mike Zusman intrepidusgroup.com Introduction Chosen-prefix MD5 collisions allowed us to create a rogue Certificate

493 views • 37 slides
Computer Network Laboratory Assignment given on: 08-08-2011 Submission deadline: 23-08-2011 (2:00

Computer Network Laboratory Assignment given on: 08-08-2011 Submission deadline: 23-08-2011 (2:00

Computer Network Laboratory Assignment given on: 08-08-2011 Submission deadline: 23-08-2011 (2:00 PM) Assignment 3: Design of a Mail Server and Client In this assignment, you have to learn about the SMTP protocol and POP3 protocol and

360 views • 7 slides
Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis

Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis

Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis Doug_Otis@trendmicro.com http://www.ietf.org/internet-drafts/draft-otis-dkim-tpa-ssp-02.txt SSP is based only upon the From header SSP assertions

364 views • 8 slides

More recommend