End-to-End Header Protection in Signed S/MIME.

OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. ... While it is advisable to update the OpenPGP and S/MIME standards to fix these vulnerabilities, some clients had even more severe implementation flaws a ... Michaelis for insightful discussions about GnuPG, Lennart Grahl, Yves-Noel Weweler and Marc Dangschat for their early work around X.509 backchannels, Hanno Böck for his comments on AES-SIV and our attack in ...

doi:10.5281/zenodo.2594632 fatcat:nqh6igyhpnhndi365qnjcfckve

Open Access

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a well-known standard for secure e-mail exchange. S/MIME builds its identity management on e-mail addresses, rather than real names. ... Moreover, header information of a signed e-mail message, such as subject and name, can be altered without affecting the verifiability of the signature. ... header protection of S/MIME Version 3.1 in both sending and verifying S/MIME messages. ...

doi:10.1016/j.cose.2008.09.003 fatcat:36yqx7qwzvbqxgc3ej4jcwhv74

The combination of security mechanism of S/MIME message level and RESTFul Service were adopted to build a secure mechanism for the sharing of electronic medical records. ... From the results of the simulation presented, it has been conclude that the use of RESTful and S/MIME can enhance the security exchange of the electronic medical records. ... S/MIME provide MIME message format standard encryption and digital signatures to send and receive secure messages in MIME format on the web. ...

doi:10.25046/aj020120 fatcat:javpgg7vxnb3fpsagemuw3spii

DOAJ

OpenPGP and S/MIME are the two major standards to encrypt and digitally sign emails. Digital signatures are supposed to guarantee authenticity and integrity of messages. ... In this work we show practical forgery attacks against various implementations of OpenPGP and S/MIME email signature verification in five attack classes: (1) We analyze edge cases in S/MIME's container ... Acknowledgements The authors would like to thank Kai Michaelis and Benny Kjaer Nielsen for insightful discussions about GnuPG and its secure integration into the email ecosystem, and our anonymous reviewers ...

doi:10.5281/zenodo.3610262 fatcat:dnaaczxb3vcslbtjcsrycvxbba

Open Access

To send a signed email in S/MIME 3.1, one prepares an email m 1 as usual. A new email m 2 is then created with the same header field as m1, a media block with m1 as its content is then added to m 2 . ... In the following we analyze some approaches that provide sender authentication or the authentication of some email header fields: S/MIME 3.1, Sender ID, SPF, DKIM, and LES. ... Since there are no well-known clients that support S/MIME 3.1, we cannot test S/MIME 3.1 in praxis. ...

doi:10.1007/978-3-540-88625-9_2 fatcat:g4b5xoxodbgyrioismmrtybfjq

This paper aims to present an overview of different authentication methods used in or together with SIP. We start by highlighting the security issues in SIP in the context of VoIP communication. ... However, due to the limitations in PKI based solutions, some PKI less authentications mechanisms are proposed. ... Secure/Multipurpose Internet Mail Extensions (S/MIME) is used for providing the end to end confidentiality and integrity of the MIME content to some extent by replicating the header fields in the MIME ...

arXiv:1002.1160v1 fatcat:774k6cfczjcuneip2ueczokz5u

These act as TLS server connection ends and access HTTP/TLS plaintext to carry out their functions. ... Current HTTP entity-body encryption technologies address these concerns by providing endto-end security between user agents and origin servers. ... S/MIME [10] is a technology for signing and encrypting emails and other arbitrary data. ...

doi:10.1109/cloudcom.2013.126 dblp:conf/cloudcom/Slawik13 fatcat:pbscmdgjx5a5lgepiitawpksfm

We show practical attacks against OpenPGP and S/MIME encryption and digital signatures in the context of email. ... An evaluation shows that 17 out of 19 OpenPGP-capable email clients, as well as 21 out of 22 clients supporting S/MIME, are vulnerable to at least one attack. ... In addition, this work was supported by the German Research Foundation (DFG) within the framework of the Excellence Strategy of the Federal Government and the States -EXC CASA. ...

arXiv:1904.07550v2 fatcat:67qoogaugnbxbecwc3u47bkczq

Multiple Versions

for S/MIME. ... Receiving agents MUST recognize CRLs in received S/MIME messages. ... of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English ...

doi:10.1038/scientificamerican0398-108 fatcat:vbu4jz3lxfgerdmchzbkhikdn4

We begin by identifying a variety of stakeholders who have an interest in the current email system and in efforts to provide secure solutions. ... We then use the tussle among stakeholders to explain the evolution of fragmented secure email solutions undertaken by industry, academia, and independent developers. ... C6 End-to-end encryption and C7 End-to-end signing: End-to-end encryption provides full protection against eavesdropping (S1), whereas end-to-end signatures provide full protection against message tampering ...

arXiv:1804.07706v3 fatcat:wbocbmeetve6vfkt3fzayjcelq

Multiple Versions

We implemented this scheme on several platforms, showing it works with PGP and S/MIME, is compatible with widely used mail clients and email services including Gmail, has acceptable overhead, and that ... users consider it intuitive and easy to use. ... discussion we hereafter refer to PGP and S/MIME email as end-to-end encrypted email. ...

doi:10.1145/3302424.3303980 dblp:conf/eurosys/KohBN19 fatcat:fzh74pjxmbel3l7edc3r6szvkq

Further, it presents results of studies carried out to appraise e-mail user practice; knowledge of security protocols and their confidence in e-mail system. ... It also proposes methods to improve efficiency of e-mail servers in detecting spoofed e-mails from domains that do not follow any standard anti-spoofing protocol. ... S/MIME and PGP do not ordinarily sign the message headers making it possible to be modified at various intermediaries. ...

doi:10.5121/ijdps.2011.2304 fatcat:gc6k5cpj6rgaxn5llkda3xbhce

There are two S/MIME message types: signed, and signed and enveloped. ... Originally designed by RSA Data Security, the S/MIME specification is currently managed by the IETF S/MIME Working Group. ... Although MPTP is still in the draft stages, its exceptional design, flexibility, and high performance destine it to be a prime contender in the electronic payment arena. ...

doi:10.1201/9781439833032.ch152 fatcat:wk3qynnhlnakdeg6hlbhvqte44

Trusted identities prevent identity spoofing, hence are a basic building block for the protection of communication. ... For this identities of some kind are used to identify the communication peer to the user of a service or to the service itself. ... S/MIME to protect SIP message body data The S/MIME standard is commonly used for encrypting and signing emails. ...

arXiv:1506.06996v1 fatcat:ril52lgcljfnrhzmtqg5mbn3va

End-to-end encryption is performed by S/MIME mechanisms (see below). ... As a means of providing some degree of end-to-end authentication, integrity, or confidentiality for SIP header fields, S/MIME can also encapsulate entire SIP messages within MIME. ...

doi:10.1109/mnet.2002.1081764 fatcat:teoqjgbc5faatd6nunxzogb424

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

Preserved Fulltext

Understanding the limitations of S/MIME digital signatures for e-mails: A GUI based approach

Preserved Fulltext

Implementation a Secure Electronic Medical Records Exchange System Based on S/MIME

Preserved Fulltext

"Johnny, you are fired!" – Spoofing OpenPGP and S/MIME Signatures in Emails

Preserved Fulltext

A Novel Solution for End-to-End Integrity Protection in Signed PGP Mail [chapter]

Preserved Fulltext

Towards Public Key Infrastructure less authentication in Session Initiation Protocol [article]

Preserved Fulltext

The Trusted Cloud Transfer Protocol

Preserved Fulltext

Re: What's Up Johnny? -- Covert Content Attacks on Email End-to-End Encryption [article]

Preserved Fulltext

Other Versions

The Internet Mail Consortium

Preserved Fulltext

SoK: Securing Email – A Stakeholder-Based Analysis (Extended Version) [article]

Preserved Fulltext

Other Versions

Why Joanie Can Encrypt

Preserved Fulltext

Effectiveness and Limitations of E-Mail Security Protocols

Preserved Fulltext

Application-Layer Security Protocols for Networks [chapter]

Preserved Fulltext

Secure Communication Using Electronic Identity Cards for Voice over IP Communication, Home Energy Management, and eMobility [article]

Preserved Fulltext

SIP security issues: the SIP authentication procedure and its processing load

Preserved Fulltext