240 Hits in 5.0 sec

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Somorovsky, Juraj Ruhr University Bochum Schwenk
2018 Zenodo  
OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails.  ...  While it is advisable to update the OpenPGP and S/MIME standards to fix these vulnerabilities, some clients had even more severe implementation flaws a  ...  Michaelis for insightful discussions about GnuPG, Lennart Grahl, Yves-Noel Weweler and Marc Dangschat for their early work around X.509 backchannels, Hanno Böck for his comments on AES-SIV and our attack in  ... 
doi:10.5281/zenodo.2594632 fatcat:nqh6igyhpnhndi365qnjcfckve

Understanding the limitations of S/MIME digital signatures for e-mails: A GUI based approach

Albert Levi, Can Berk Güder
2009 Computers & security  
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a well-known standard for secure e-mail exchange. S/MIME builds its identity management on e-mail addresses, rather than real names.  ...  Moreover, header information of a signed e-mail message, such as subject and name, can be altered without affecting the verifiability of the signature.  ...  header protection of S/MIME Version 3.1 in both sending and verifying S/MIME messages.  ... 
doi:10.1016/j.cose.2008.09.003 fatcat:36yqx7qwzvbqxgc3ej4jcwhv74

Implementation a Secure Electronic Medical Records Exchange System Based on S/MIME

Hien Hua Wu, Ruey Kei Chiu
2017 Advances in Science, Technology and Engineering Systems  
The combination of security mechanism of S/MIME message level and RESTFul Service were adopted to build a secure mechanism for the sharing of electronic medical records.  ...  From the results of the simulation presented, it has been conclude that the use of RESTful and S/MIME can enhance the security exchange of the electronic medical records.  ...  S/MIME provide MIME message format standard encryption and digital signatures to send and receive secure messages in MIME format on the web.  ... 
doi:10.25046/aj020120 fatcat:javpgg7vxnb3fpsagemuw3spii

"Johnny, you are fired!" – Spoofing OpenPGP and S/MIME Signatures in Emails

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, Jörg Schwenk
2019 Zenodo  
OpenPGP and S/MIME are the two major standards to encrypt and digitally sign emails. Digital signatures are supposed to guarantee authenticity and integrity of messages.  ...  In this work we show practical forgery attacks against various implementations of OpenPGP and S/MIME email signature verification in five attack classes: (1) We analyze edge cases in S/MIME's container  ...  Acknowledgements The authors would like to thank Kai Michaelis and Benny Kjaer Nielsen for insightful discussions about GnuPG and its secure integration into the email ecosystem, and our anonymous reviewers  ... 
doi:10.5281/zenodo.3610262 fatcat:dnaaczxb3vcslbtjcsrycvxbba

A Novel Solution for End-to-End Integrity Protection in Signed PGP Mail [chapter]

Lijun Liao, Jörg Schwenk
2008 Lecture Notes in Computer Science  
To send a signed email in S/MIME 3.1, one prepares an email m 1 as usual. A new email m 2 is then created with the same header field as m1, a media block with m1 as its content is then added to m 2 .  ...  In the following we analyze some approaches that provide sender authentication or the authentication of some email header fields: S/MIME 3.1, Sender ID, SPF, DKIM, and LES.  ...  Since there are no well-known clients that support S/MIME 3.1, we cannot test S/MIME 3.1 in praxis.  ... 
doi:10.1007/978-3-540-88625-9_2 fatcat:g4b5xoxodbgyrioismmrtybfjq

Towards Public Key Infrastructure less authentication in Session Initiation Protocol [article]

Abdullah Al Hasib, Abdullah Azfar, Md. Sarwar Morshed
2010 arXiv   pre-print
This paper aims to present an overview of different authentication methods used in or together with SIP. We start by highlighting the security issues in SIP in the context of VoIP communication.  ...  However, due to the limitations in PKI based solutions, some PKI less authentications mechanisms are proposed.  ...  Secure/Multipurpose Internet Mail Extensions (S/MIME) is used for providing the end to end confidentiality and integrity of the MIME content to some extent by replicating the header fields in the MIME  ... 
arXiv:1002.1160v1 fatcat:774k6cfczjcuneip2ueczokz5u

The Trusted Cloud Transfer Protocol

Mathias Slawik
2013 2013 IEEE 5th International Conference on Cloud Computing Technology and Science  
These act as TLS server connection ends and access HTTP/TLS plaintext to carry out their functions.  ...  Current HTTP entity-body encryption technologies address these concerns by providing endto-end security between user agents and origin servers.  ...  S/MIME [10] is a technology for signing and encrypting emails and other arbitrary data.  ... 
doi:10.1109/cloudcom.2013.126 dblp:conf/cloudcom/Slawik13 fatcat:pbscmdgjx5a5lgepiitawpksfm

Re: What's Up Johnny? -- Covert Content Attacks on Email End-to-End Encryption [article]

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk
2019 arXiv   pre-print
We show practical attacks against OpenPGP and S/MIME encryption and digital signatures in the context of email.  ...  An evaluation shows that 17 out of 19 OpenPGP-capable email clients, as well as 21 out of 22 clients supporting S/MIME, are vulnerable to at least one attack.  ...  In addition, this work was supported by the German Research Foundation (DFG) within the framework of the Excellence Strategy of the Federal Government and the States -EXC CASA.  ... 
arXiv:1904.07550v2 fatcat:67qoogaugnbxbecwc3u47bkczq

The Internet Mail Consortium

Paul Hoffman
1998 Scientific American  
for S/MIME.  ...  Receiving agents MUST recognize CRLs in received S/MIME messages.  ...  of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English  ... 
doi:10.1038/scientificamerican0398-108 fatcat:vbu4jz3lxfgerdmchzbkhikdn4

SoK: Securing Email – A Stakeholder-Based Analysis (Extended Version) [article]

Jeremy Clark, P.C. van Oorschot, Scott Ruoti, Kent Seamons, Daniel Zappala
2021 arXiv   pre-print
We begin by identifying a variety of stakeholders who have an interest in the current email system and in efforts to provide secure solutions.  ...  We then use the tussle among stakeholders to explain the evolution of fragmented secure email solutions undertaken by industry, academia, and independent developers.  ...  C6 End-to-end encryption and C7 End-to-end signing: End-to-end encryption provides full protection against eavesdropping (S1), whereas end-to-end signatures provide full protection against message tampering  ... 
arXiv:1804.07706v3 fatcat:wbocbmeetve6vfkt3fzayjcelq

Why Joanie Can Encrypt

John S. Koh, Steven M. Bellovin, Jason Nieh
2019 Proceedings of the Fourteenth EuroSys Conference 2019 CD-ROM on ZZZ - EuroSys '19  
We implemented this scheme on several platforms, showing it works with PGP and S/MIME, is compatible with widely used mail clients and email services including Gmail, has acceptable overhead, and that  ...  users consider it intuitive and easy to use.  ...  discussion we hereafter refer to PGP and S/MIME email as end-to-end encrypted email.  ... 
doi:10.1145/3302424.3303980 dblp:conf/eurosys/KohBN19 fatcat:fzh74pjxmbel3l7edc3r6szvkq

Effectiveness and Limitations of E-Mail Security Protocols

M Tariq Banday
2011 International Journal of Distributed and Parallel systems  
Further, it presents results of studies carried out to appraise e-mail user practice; knowledge of security protocols and their confidence in e-mail system.  ...  It also proposes methods to improve efficiency of e-mail servers in detecting spoofed e-mails from domains that do not follow any standard anti-spoofing protocol.  ...  S/MIME and PGP do not ordinarily sign the message headers making it possible to be modified at various intermediaries.  ... 
doi:10.5121/ijdps.2011.2304 fatcat:gc6k5cpj6rgaxn5llkda3xbhce

Application-Layer Security Protocols for Networks [chapter]

Bill Stackpole
2007 Information Security Management Handbook, Sixth Edition  
There are two S/MIME message types: signed, and signed and enveloped.  ...  Originally designed by RSA Data Security, the S/MIME specification is currently managed by the IETF S/MIME Working Group.  ...  Although MPTP is still in the draft stages, its exceptional design, flexibility, and high performance destine it to be a prime contender in the electronic payment arena.  ... 
doi:10.1201/9781439833032.ch152 fatcat:wk3qynnhlnakdeg6hlbhvqte44

Secure Communication Using Electronic Identity Cards for Voice over IP Communication, Home Energy Management, and eMobility [article]

Rainer Falk and Steffen Fries and Hans-Joachim Hof
2015 arXiv   pre-print
Trusted identities prevent identity spoofing, hence are a basic building block for the protection of communication.  ...  For this identities of some kind are used to identify the communication peer to the user of a service or to the service itself.  ...  S/MIME to protect SIP message body data The S/MIME standard is commonly used for encrypting and signing emails.  ... 
arXiv:1506.06996v1 fatcat:ril52lgcljfnrhzmtqg5mbn3va

SIP security issues: the SIP authentication procedure and its processing load

S. Salsano, L. Veltri, D. Papalilo
2002 IEEE Network  
End-to-end encryption is performed by S/MIME mechanisms (see below).  ...  As a means of providing some degree of end-to-end authentication, integrity, or confidentiality for SIP header fields, S/MIME can also encapsulate entire SIP messages within MIME.  ... 
doi:10.1109/mnet.2002.1081764 fatcat:teoqjgbc5faatd6nunxzogb424
« Previous Showing results 1 — 15 out of 240 results