Email Security

● The base protocol for email (SMTP) was never designed with security in mind

– You are effectively sending postcards!

● Security mechanisms can be added

● Confidentiality of email communications can be improved through the use of PGP/GPG tools

● Protecting metadata (contacts, locations) is even more difficult

Anonymity or Confidentiality?

● Are you known already as a person of interest to adversaries with some control over the network infrastructure? And is your account associated with you?

– Anonymity already lost

● Will the use of strong cryptography (PGP) itself identify you as a person of interest?

– Use HTTPS as HTTPS traffic is common

● PGP encrypted email is for confidentiality

● Tor is a tool for anonymity → torproject.org Email Security Features

TECHNOLOGY USED SECURITY OF MESSAGES ANONYMITY SMTP Headers + Content unencrypted (“in the None (sender + clear”) in network recipient known) Webmail (HTTP) Headers + Content sent through network, None (sender + stored by provider unencrypted recipient known) Webmail + SSL/TLS All encrypted but cryptosystem relies on Some (HTTPS) trust of provider and provider stores content (sender known. unencrypted. Recipient may leak message Recipient to provider unencrypted depending on their provider. issues) Webmail + SSL/TLS All encrypted but webmail provider stores Full anonymity (HTTPS) + Tor content unencrypted. (unless provider/recipient compromised) SMTP + PGP/GPG Headers unencrypted. Content None (sender + encrypted/decrypted locally. recipient known) SMTP + IMAP/TLS + All encrypted with TLS but relies on trust of Some PGP/GPG provider. Content encrypted locally. (sender known)

SMTP + IMAP/TLS + All encrypted. Headers stored with provider Full anonymity PGP/GPG + Tor unencrypted. Content encrypted locally. (unless provider compromised) Different Encryption Systems

PGP encrypted mail

SMTP + IMAP/TLS + All encrypted. Headers stored with provider Full anonymity PGP/GPG + Tor unencrypted. Content encrypted locally. (unless provider compromised) PGP encrypted email over SSL/TLS

Weakest Link Issues - HTTPS

Weakest Link Issues - End Recipient

Weakest Link Issues - Mail Servers

server-to-server encryption of webmail providers Modified from: Modifiedfrom: @ashk4n

Weakest Link Issues - Companies

SMTP + IMAP/TLS + All encrypted. Headers stored with provider Full anonymity PGP/GPG + Tor unencrypted. Content encrypted locally. (unless provider compromised) Providers and Trust

● Do you trust your email provider? Google? Microsoft? Yahoo?

● Should you trust them with your email content?

● Should you trust them with your contact and location data (metadata)?

● What legal jurisdiction are they under?

Alternative email providers

● Nonprofit email providers

● Riseup.net

● Autistici.org (Associazione Investici)

● Commericial providers based outside the US

● Fastmail.fm – MLATs can still provide access to user data: Hushmail

● 'Encrypted E-Mail Company Hushmail Spills to Feds' Wired, 2007/11/07.

● Use your hosting provider's email service

● if you have a website, most web hosts provides email with it Weakest Link Issues - Physical Security

Data at Rest issues

● PGP protects the content of your emails if:

– Your email account is compromised

– Your computer is stolen or confiscated, your disk is copied, you are stopped at a border crossing, etc., and your data is forensically examined.

PGP Gotchas

● Never give away sensitive information in the subject line of the email

● Saving of draft emails to provider

– Ensure you mark your message to be encrypted BEFORE you start typing the content of the email

Digital Signatures and Email

● Content is verifiable from the Sender

– Identify of the Sender is not guaranteed! – Always sign emails that contain links – Always sign attachments

● Content has not been modified in transit

● Non-repudiation

– Sender cannot redact the email and its content

Attachments

METHOD PROPERTIES

PGP the file + Sign the file + Create Headers + Email Content in the clear, the email + Attach file + Attach the Attachment encrypted and Attachment signature file signed

PGP the file + Sign the file + Create Headers in the clear, Email Content and the email + Set email to PGP + Attachment encrypted and signed, Attach file + Attach the signature file Attachment name in the clear Create the email + Set email to Headers in the clear, Email Content and PGP/MIME, PGP, Sign + Attach file Attachment encrypted and signed

Gotchas

● Never give away sensitive information in the name of an attachment, only PGP/MIME protects the name of attachments

The Risk / Security Equation

● Attaining an appropriate level of security in a near-infinite space of vulnerability

● Expending the minimum amount of energy and resources to raise the bar beyond the level of energy and resources your adversaries would be willing to commit

Further resources

Security in a Box

● step-by-step instructions for installing programs

● https://securityinabox.org

– by Tactical Tech and Frontline Defenders

Encryption Works

● more context on different programs

● https://pressfreedomfoundation.org/encryption-works

– by the Freedom of the Press Foundation

Thanks!

Michael Carbone [email protected] Brian Duggan [email protected] Joe Hall [email protected] Libby Reinish [email protected]

Hands-on!

● First, make sure you have network!

● Second, install GnuPG, Thunderbird, Enigmail

– Hoping you've done this already! – https://www.enigmail.net/documentation/quickstart.php

● Generating a keys, sending to keyserver

● Send first signed email; encrypted email

● Obtain key (securely) from others