Refine
Year
- 2019 (678) (remove)
Publication Type
- Article (150)
- Bachelor Thesis (146)
- Lecture (107)
- Part of a Book (69)
- Conference Proceeding (68)
- Master's Thesis (64)
- Book (45)
- Contribution to a Periodical (12)
- Report (12)
- Review (2)
Language
- German (678) (remove)
Keywords
Faculty
- Architektur (MSA) (150)
- Sozialwesen (SW) (143)
- Gesundheit (MDH) (99)
- Energie · Gebäude · Umwelt (EGU) (76)
- Wirtschaft (MSB) (48)
- Bauingenieurwesen (BAU) (33)
- IBL (32)
- Oecotrophologie · Facility Management (OEF) (24)
- ITB (17)
- Wandelwerk. Zentrum für Qualitätsentwicklung (14)
- Physikingenieurwesen (PHY) (13)
- Elektrotechnik und Informatik (ETI) (12)
- Design (MSD) (7)
- Maschinenbau (MB) (7)
- Chemieingenieurwesen (CIW) (3)
- iSuN Institut für Nachhaltige Ernährung (3)
- Bachelor Soziale Arbeit online (Basa-online) (2)
- Center for Real Estate & Organization Dynamics (2)
- Studiengang Soziale Arbeit (2)
- Design (1)
- keine Zuordnung (1)
„Photovoltaik & Speicher“, Kommunales Energieeffizienz-Netzwerktreffen (KEEN), Espelkamp, 07.03.2019
(2019)
„Innovation für Society“
(2019)
„Ankunftsgebiete in Deutschland. Eine systematische Analyse kleinräumiger Muster von Zuwanderung“
(2019)
OpenPGP and S/MIME are the two major standards to en-crypt and digitally sign emails. Digital signatures are sup-posed to guarantee authenticity and integrity of messages. Inthis work we show practical forgery attacks against variousimplementations of OpenPGP and S/MIME email signatureverification in five attack classes: (1) We analyze edge casesin S/MIME’s container format. (2) We exploit in-band sig-naling in the GnuPG API, the most widely used OpenPGPimplementation. (3) We apply MIME wrapping attacks thatabuse the email clients’ handling of partially signed mes-sages. (4) We analyze weaknesses in the binding of signedmessages to the sender identity. (5) We systematically testemail clients for UI redressing attacks.Our attacks allow the spoofing of digital signatures for ar-bitrary messages in 14 out of 20 tested OpenPGP-capableemail clients and 15 out of 22 email clients supportingS/MIME signatures. While the attacks do not target the un-derlying cryptographic primitives of digital signatures, theyraise concerns about the actual security of OpenPGP andS/MIME email applications. Finally, we propose mitigationstrategies to counter these attacks.