Mitigation of Attacks on Email End-to-End Encryption Jörg Schwenk Marcus Brinkmann Damian Poddebniak Ruhr University Bochum Ruhr University Bochum Münster University of Applied Sciences [email protected] [email protected] [email protected] Jens Müller Juraj Somorovsky Sebastian Schinzel Ruhr University Bochum Paderborn University Münster University of Applied Sciences [email protected] [email protected] [email protected] ABSTRACT ACM Reference Format: OpenPGP and S/MIME are two major standards for securing email Jörg Schwenk, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj communication introduced in the early 1990s. Three recent classes Somorovsky, and Sebastian Schinzel. 2020. Mitigation of Attacks on Email End-to-End Encryption. In Proceedings of the 2020 ACM SIGSAC Conference of attacks exploit weak cipher modes (EFAIL Malleability Gadgets, on Computer and Communications Security (CCS ’20), November 9–13, 2020, or EFAIL-MG), the flexibility of the MIME email structure (EFAIL Virtual Event, USA. ACM, New York, NY, USA, 18 pages. https://doi.org/10. Direct Exfiltration, or EFAIL-DE), and the Reply action of the email 1145/3372297.3417878 client (REPLY attacks). Although all three break message confiden- tiality by using standardized email features, only EFAIL-MG has 1 INTRODUCTION been mitigated in IETF standards with the introduction of Authen- ticated Encryption with Associated Data (AEAD) algorithms. So far, For end-to-end encryption of emails, either S/MIME (Secure/Multi- no uniform and reliable countermeasures have been adopted by purpose Internet Mail Extensions) [35] or OpenPGP (Pretty Good email clients to prevent EFAIL-DE and REPLY attacks. Instead, email Privacy) [7] can be used. S/MIME is commonly used in corporations clients implement a variety of different ad-hoc countermeasures and governments, and relies on a public key infrastructure (PKI). which are only partially effective, cause interoperability problems, OpenPGP is used by the technical community and recommended and fragment the secure email ecosystem. to people working in high-risk environments [44]. Both standards We present the first generic countermeasure against both REPLY are designed to protect against powerful attackers who are able to and EFAIL-DE attacks by checking the decryption context including gain possession of encrypted email messages. SMTP headers and MIME structure during decryption. The decryp- Email contexts. In general, every email has two contexts: the tion context is encoded into a string DC and used as Associated MIME context and the SMTP context (Figure 1). The MIME con- Data (AD) in the AEAD encryption. Thus the proposed solution text determines the rendering of the email content, including the seamlessly extends the EFAIL-MG countermeasures. The decryption parsers for HTML, CSS or URL invocation. The SMTP context de- context changes whenever an attacker alters the email source code termines the communication pattern (i.e., sender and recipients), in a critical way, for example, if the attacker changes the MIME SMTP-related actions (especially Reply and Reply-All), and also structure or adds a new Reply-To header. The proposed solution some rendering (e.g., address display names, date, and subject). does not cause any interoperability problems and legacy emails can still be decrypted. We evaluate our approach by implementing 1.1 Attacks on Email Encryption the decryption contexts in Thunderbird/Enigmail and by verifying We are interested in three main attack classes, which threaten the their correct functionality after the email has been transported over confidentiality of encrypted emails: all major email providers, including Gmail and iCloud Mail. • EFAIL-MG attacks [33], exploiting the malleability of block cipher encryption modes used in email standards. CCS CONCEPTS • EFAIL-DE attacks [33], exploiting standard MIME processing. • Information systems ! Email; • Security and privacy ! • REPLY attacks [22, 31], exploiting standard email actions. Symmetric cryptography and hash functions. Countermeasures against these attacks are summarized in Table 1, both for standardization and applications. KEYWORDS EFAIL-MG. In 2018, Poddebniak et al. [33] introduced a new known OpenPGP; S/MIME; EFAIL; AEAD; decryption contexts plaintext attack technique called malleability gadgets. Whenever a malleable encryption mode is used (like CBC mode in S/MIME and Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed CFB mode in OpenPGP), an attacker can transform a single block of for profit or commercial advantage and that copies bear this notice and the full citation known plaintext into many chosen plaintext blocks. These plaintext on the first page. Copyrights for components of this work owned by others than the fragments are chosen to include HTML code and are arranged in author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission a way such that the unknown plaintext is exfiltrated via benign and/or a fee. Request permissions from [email protected]. HTML features such as image loads (exfiltration channels). CCS ’20, November 9–13, 2020, Virtual Event, USA EFAIL-MG attacks can easily be mitigated through the introduc- © 2020 Copyright held by the owner/author(s). Publication rights licensed to ACM. ACM ISBN 978-1-4503-7089-9/20/11...$15.00 tion of AEAD encryption, which guarantees integrity of ciphertext https://doi.org/10.1145/3372297.3417878 (INT-CTXT) [4]. Any modification of the ciphertext will then result Table 1: Attacks on email end-to-end encryption and counter- measures. Countermeasures may be enforced by the sender or by the recipient of an email. Recipient-enforced counter- measures may lead to problems with interoperability and legacy emails. EFAIL-MG EFAIL-DE REPLY AES-256 GCM web origin S/MIME 4.0 ChaCha20-Poly1305 separation none (RFC 8551) (sender) (recipient) S/MIME inconsistent inconsistent Figure 1: Example of an email context, consisting of the none SMTP context (white background) and the MIME context Applications (recipient) (recipient) (grey background). Alice sends an email to Bob and Carol, OpenPGP EAX, OCB and only these three mail user agents can decrypt the none none enveloped-data MIME element. Replies will be sent to Alice. (RFC4880bis-08) (sender) MDC (Modification OpenPGP inconsistent inconsistent Detection Code) in a decryption failure. Any sender can enforce this mitigation by Applications (recipient) (recipient) (recipient) choosing an AEAD cipher mode, while legacy emails can still be decrypted. Recent versions of S/MIME and OpenPGP standards introduce new AEAD ciphers [4, 25, 41]. EFAIL-DE. The EFAIL-DE attacks [33] exploit the fact that the optionally, a suggestive subject is shown. Currently, no mitigations MIME standard specifies operations on MIME elements (including are deployed against this type of attack on the SMTP context. decryption) that preserve the structure of the MIME tree. Thus Research question 1: Is it possible to define countermeasures against many S/MIME and OpenPGP implementations silently decrypt all three attack classes (EFAIL-MG, EFAIL-DE and REPLY), based on ciphertexts independently of their position in the email. When an a single cryptographic mechanism? attacker prepends a MIME element containing the HTML fragment <img src="http://efail.de/ to the element with the original 1.2 Context-Unaware Decryption ciphertext, a vulnerable email client will decrypt the ciphertext and The main reason behind the success of the REPLY and EFAIL-DE concatenate the resulting plaintext to the src attribute. Requesting attacks is that email decryption is context-unaware; a recipient can the image will leak the plaintext to the attacker-specified domain. decrypt a ciphertext in any SMTP or MIME context. Since the EFAIL-DE attacks change the MIME context of an encrypted email. attacker has full control over the complete email structure, the Deployed mitigations for EFAIL-DE include displaying warnings attacker can change the SMTP and MIME contexts (e.g., by adding to the user, filtering “dangerous” HTML elements, changing MIME new recipients or HTML tags) to create exfiltration channels. processing or restricting decryption to a single MIME configuration While REPLY and EFAIL-DE attacks exploit the flexibility of the (Subsection 2.4). The sender of an encrypted email cannot enforce email structure, email is encrypted in a fixed context (see Figure 1): confidentiality even using an email client with strong EFAIL-DE mitigation, since the sender has no control over the receiving client. • SMTP: The sender’s address is fixed and the set of recipients is Some of the deployed mitigations may prevent legacy emails from determined by the sender. being decrypted, and may cause interoperability problems which • MIME: The MIME structure is fixed by the email client ofthe can seriously degrade usability of the email encryption standard. sender; either the whole MIME tree is encrypted, or Encrypt- then-Sign is used. REPLY attacks. In 2000, Katz and Schneier presented their chosen- ciphertext attack on email encryption standards [22]. On a very Email-related actions like Forward and Reply, which typically change high level, the attack works as follows. The attacker takes an eaves- the SMTP and MIME contexts, are not directly applicable to the dropped ciphertext, obfuscates it, places it into a new email, and ciphertext of an encrypted email. If an encrypted email is forwarded sends it to the original message receiver. The receiver is able to to a new recipient, it must first be decrypted and then re-encrypted decrypt the altered email since the ciphertext is not bound to the with a new key. Similarly, if a recipient replies to an encrypted message sender. The receiver answers to the attacker, citing the email, it must be decrypted, inserted as a quote into the new email plaintext of the decrypted message in the reply. Müller et al.