TY  - CHAP
A1  - Müller, Jens
A1  - Brinkmann, Marcus
A1  - Poddebniak, Damian
A1  - Schinzel, Sebastian
A1  - Schwenk, Jörg
T1  - Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption
T2  - 2020 IEEE Conference on Communications and Network Security (CNS)
N2  - OpenPGP and S/MIME are the two major standards for email end-to-end encryption. We show practical attacks against both encryption schemes in the context of email. First, we present a design flaw in the key update mechanism, allowing a third party to deploy a new key to the communication partners. Second, we show how email clients can be tricked into acting as an oracle for decryption or signing by exploiting their functionality to auto-save drafts. Third, we demonstrate how to exfiltrate the private key, based on proprietary mailto parameters implemented by various email clients. An evaluation shows that 8 out of 20 tested email clients are vulnerable to at least one attack. While our attacks do not target the underlying cryptographic primitives, they raise concerns about the practical security of OpenPGP and S/MIME email applications. Finally, we propose countermeasures and discuss their advantages and disadvantages.
KW  - Cyber Security
KW  - PGP
KW  - S/MIME
Y1  - 2020
U6  - http://dx.doi.org/10.1109/CNS48642.2020.9162218
SP  - 1
EP  - 9
ER  - 
TY  - BOOK
A1  - Sandker, Holger
A1  - Nonhoff, Jürgen
T1  - Going Online mit Sicherheit
T1  - Going Online with Security
N2  - Die Literatur rund um das Thema Datenverschlüsselung und PGP ist knapp und meist rein auf das Thema Verschlüsselung oder auf die alte PGP-Version 2.6.3 beschränkt. Dieses Buch stellt daher eine Verbindung her zwischen den PGP zugrunde liegenden Verschlüsselungsverfahren und der Anwendung der aktuellen PGP Version 5.5. Es richtet sich in erster Linie an Anwender, die PGP erstmals in betrieblicher Umgebung einsetzen möchten.
N2  - This book describes the public key encryption methodes. It also describes the way, how pgp can be used in an enterprise.
KW  - Public-Key-Kryptosystem
KW  - RSA-Verschlüsselung
KW  - Chiffrierung
KW  - E-Mail
KW  - PGP
KW  - Elektronische Unterschrift
KW  - Public-Key System
KW  - digital signature
Y1  - 1999
U6  - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:hbz:836-opus-267
PB  - FH Münster
ER  -