Email security and secure messaging Flashcards
What does MUA stand for?
Message User Agent
A mail client application that grants users access to a mail server in order to create, send, receive email messages
E.g.: Outlook, Gmail
What does MSA stand for?
Message Submission Agent
Software agens that receive email messages from a MUA and cooperates with a MTA for delivery of the mail
What does MTA stand for?
Mail Transfer Agent
Transfers email messages from one computer to another using the Simple Mail Transfer Protocol
What does SMTP stand for?
Simple Mail Transfer Protocol
Communication protocol used for sending and receiving emails over the internet
What does IMAP stand for?
Internet Message Access Protocol
Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection
What does POP stand for?
Post Office Protocol
Together with IMAP, one of the most common protocols for email retrieval
Describe the Email architecture
MUA connects client to mail system
SMTP is used to send mail to MSA
Message handling system (MHS) transfer message from MSA to MS via one or more MTAs
POP or IMAP is used to retrieve mail from message store (MS)
What is webmail?
Browser interface to an online email client
SMTP ans POP/IMAP are still used to send and receive email
What security does/may email content require?
Confidentiality or Authentication
What are some security threats against email?
Availability of email service
Metadata in header information is a source of attacker information
Email content confidentiality/authentication
What is spam?
Unsolicited email
What is a common vector for phishing attacks?
Spam mail
What are some counter measure against spam/phishing?
Email filtering
What types of phishing attacks are harder to filter?
Spear phishing: Phishing with more accurate targeting
What type of security is provided between agents in a mail system?
Link-to-link basis: Using protocols such as STARTTLS and DKIM
What type of security is provided between clients in a mail system?
end-to-end basis: using protocols such as PGP and S/MIME
What is StartTLS?
Runs over TLS
Extensions to SMTP, POP and IMAP
Provides link-to-link security
Opportunistic use of TLS security (encryption) - use it if possible
What attack is StartTLS vulnerable to?
STRIPTLS attacks: attacker interrupts TLS negotiation and connection falls back to plaintext transmission
What is DKIM?
DomainKeys Identified Mail
Allows sending mail domain to sign outgoing mail using RSA signatures
Receiving domain can verify origin of mail
Public verification key of sending domain is retrieved using DNS
What does DKIM help reduce?
Email spoofing, and hence reduce spam and phishing
What is email spoofing?
A threat involving sending emails with a fake/forged sender address. Can be done by an attacker that changes the metadata of an email.
What does ‘d=’ and ‘s=’ do in the DKIM signature?
Specify domain and selector
Example:
d=easychair.org
s=default
Where is the relevant public key for a DKIM signature?
In the DNS record for the host defined by the name:
[selector]._domainkey.[domain]
’s=’ : Gives the selector
‘d=’ : Gives the domain
What does nslookup do?
Command to query internet domain name servers for information about hosts or domains.
How is email processing done in PGP (end-to-end security)?
Uses hybrid encryption: A new random “session key” is generated for each object (message) and encrypted with the long-term public key of recipient
Signing: RSA or DSA signatures
Compression: ZIP
Coding: Base64
Why is base64 used in email processing?
Ensure that binary strings can be sent in email body
What is PGP used for?
End-to-end security between clients
How does PGP encryption work?
Session key encryption: asymmetric
Encryption of messahe text: Symmetric key
Compression applied before encryption
Encryption applied independently of signing (no requirement for authenticated encryption
What are PGP signatures?
Plaintext message optionally signed with sender’s private key
Can use RSA or DSA signatures
RSA signed messages are hashed with SHA1 or other SHA2 functions
What are the requirements of OpenPGP?
Support for RSA signatures
Session key enc: ElGamal, recommends RSA
Message enc: 3DES with 3 keys (168 bits in total), recommends AES-128 and CAST5
What are OpenPGP PKI used in?
PGP email security
What does OpenPGP PKI include? (4)
ID, public key, validity period, self-signature
Who can sign OpenPGP keys?
Anyone, no certification authorities
Why is PGP difficult to use?
Difficult for an average user to understand public key cryptography.
Typical problems:
- Generating new keys securely
- Moving keys between devices
- Renewing keys when expired
What are some criticisms of OpenPGP?
Outdated cryptographic algorithms still used: SHA1, CAST, Blowfish
No support for SHA3 or auth encryption
A lot of metadata available to an eavesdropper: file length, enc-algorithm used, key identity of recipient
No forward secrecy
No support for streaming mode or random access decryption
What is S/MIME
Similar security features to PGP
Different format for messages
Not interoperable
Requires X.509 format certificates
What is often known as the web of trust?
Concept used in PGP: OpenPGP PKI
What is the difference between email and messaging?
Most instant messages are part of an interactive conversation which extends over many messages and a long time
Proprietary servers are typically used to manage accounts and dedicated applications are used
What security is required for secure messaging?
Confidentiality. integrity, authentication
Forward secrecy: important for long sessions
Desirable to have post-compromise security (self-healing)
How is forward secrecy achieved in secure messaging?
Using medium-term public keys stored at the server
What happens to an attacker who obtains a long-term key, in a system with post-compromise security?
Should be locked out again after communication resumes
What is signal?
A messaging app, considered the most secure
How does the signal protocol work?
Server sets up initial auth of user and registers initial public keys
Public keys at the server are used to set up initial communication between users
Key exchange: Elliptic curve DH
Message protection: AES in CBC mode with HMAC
In the signal protocol, what is used for key exchange?
Elliptic curve DH
In the signal protocol, what is used for Message protection?
AES in CBC mode with HMAC
What is a ratchet?
A device which is easy to move forward, but blocked from moving backward
What is the continuous key exchange in signal?
Signal uses a new unique message key for every message exchanged
How does signal use the symmetric ratchet?
When successive messages are sent in the same direction, the message key is updated with a symmetric ratchet.
This is done by applying a function such as HMAC
What 2 types of ratchets does signal use?
Symmetric ratchet
DH ratchet
How does signal use the DH ratchet?
When a new message is returned on the opposite direction, a new DH ephemeral key is used to compute the new message key.
The new DH ephemeral key is the DH-ratchet
How is group messaging implemented securely?
DH is the only known good alternative in the multi-party case
Signal uses a simple key distribution for group messaging
What does the Signal’s PQXDH protocol protect against?
Harvest Now, Decrypt Later attacks
What type of security does Signal’s PQXDH protocol provide?
Post-quantum forward secrecy
What is Signal’s PQXDH protocol?
Post-Quantum eXtended Diffie-Hellman key agreement protocol
What does Signal’s PQXDH protocol rely on?
The hardness of the discrete log problem for mutual authentication
