• search hit 1 of 1
Back to Result List

Content-Type: multipart/oracle -- Tapping into Format Oracles in Email End-to-End Encryption

  • S/MIME and OpenPGP use cryptographic constructions repeatedly shown to be vulnerable to format oracle attacks in protocols like TLS, SSH, or IKE. However, format oracle attacks in the End-to-End Encryption (E2EE) email setting are considered impractical as victims would need to open many attacker-modified emails and communicate the decryption result to the attacker. But is this really the case? In this paper, we survey how an attacker may remotely learn the decryption state in email E2EE. We analyze the interplay of MIME and IMAP and describe side-channels emerging from network patterns that leak the decryption status in Mail User Agents (MUAs). Concretely, we introduce specific MIME trees that produce decryption-dependent net work patterns when opened in a victim’s email client. We survey 19 OpenPGP- and S/MIME-enabled email clients and four cryptographic libraries and uncover a side-channel leaking the decryption status of S/MIME messages in one client. Further, we discuss why the exploitation in the other clients is impractical and show that it is due to missing feature support and implementation quirks. These unintended defenses create an unfortunate conflict between usability and security. We present more rigid countermeasures for MUA developers and the standards to prevent exploitation.

Export metadata

Additional Services

Author:Fabian Ising, Damian Poddebniak, Tobias Kappert, Christoph Saatjohann, Sebastian Schinzel
Parent Title (English):32nd USENIX Security Symposium
Publisher:USENIX Association
Document Type:Conference Proceeding
Date of Publication (online):2022/10/22
Date of first Publication:2023/08/01
Provider of the Publication Server:FH Münster - University of Applied Sciences
Release Date:2022/10/24
Faculties:Elektrotechnik und Informatik (ETI)
Publication list:Schinzel, Sebastian
Saatjohann, Christoph
Ising, Fabian
Licence (German):License LogoBibliographische Daten