Cybersecurity researchers from across Georgia Tech and the Georgia Tech Research Institute share their thoughts about emerging threats, trends, and technologies in the constant fight to secure data and information systems. Read what's capturing their attention and new insights they offer about cybersecurity topics in the news.
Blog entires are aggregated monthly into the Source Port newsletter, with additional research and updates from Georgia Tech. Source Port is published on the first business day of the month.
The Lessons Behind an Attack that Decodes Encrypted Email
May 17, 2018 | By Joel Odom
A team of researchers in Germany and Belgium have just released a paper that describes ways for an attacker to recover the plaintext of encrypted emails. Not only does the class of attacks presented in the paper work against popular PGP and S/MIME encryption schemes, but it also works against multiple email clients, including Outlook, Apple Mail, and Gmail. To decrypt an intercepted email, an attacker need only craft a new email to the recipient that embeds the encrypted email in a clever way that tricks vulnerable email clients to send the plaintext of the original message back to the attacker. The research paper will be presented at the 27th USENIX Security Symposium in Baltimore in August.
- About the research: https://efail.de/
IISP Analyst Joel Odom: Let's admit it. Few people use encrypted email. Email security is better than it used to be because we've started using encryption for many of the hops and stops that email makes as it traverses the internet from Alice to Bob, but end-to-end encryption for email is rare. The reason I chose this story to write about is not because it's a flaw that will drastically impact society, but it's a fascinating study in how security fails in unexpected ways. This class of attacks exploits a systemic design flaw rather than a nuanced technical flaw.
How do these attacks work? Suppose that Alice sends an encrypted email message to Bob, which is intercepted by our attacker, Eve. Perhaps Eve intercepts the encrypted message by network sniffing, or perhaps Eve is a sneaky system administrator who can access the encrypted message saved on a server. The point is that the message is encrypted by Alice precisely because there are many ways to capture it as it makes its way to Bob.
In the first variant of the attack, Eve crafts a new email message to Bob in HTML format. This HTML message includes a link to a non-existent image whose pseudo location is partly specified by the encrypted message that Eve is trying to decrypt. When Bob's email client processes the specially-crafted message from Eve, the client encounters the nested encrypted message from Alice and happily decrypts the message using Bob's keys. Having been tricked into thinking that the decrypted message specifies the location of an image to fetch, the client reaches out to Eve for the image and presents Eve the decrypted message in the process.
But, wait! There's more. The paper also describes a second, similar attack whereby Eve can modify the plaintext of the encrypted message from Alice to Bob by making certain clever changes to the ciphertext. This is an application of a known problem with unauthenticated encryption schemes. Eve's modification inserts HTML elements into the message that tricks the email client into send Eve the plaintext of the entire message using a mechanism similar to the first variant described above. (My understanding is that there are optional authenticated modes of encryption available for PGP and S/MIME that I expect would mitigate this attack.)
So what are the lessons here? First, complexity is the enemy of security. HTML is a complex markup language that presents a lot of attack surface for exploitation. Second, attackers can cheat. Eve never actually broke the encryption on the message, she just tricked Bob's e-mail client into decrypting it for her. Third, encryption requires authentication. There are entire classes of attacks that can be prevented by requiring encryption schemes to check the integrity of a message before decrypting it."
Our Past 10...
Just Pay the Bad "IT Tax"
Mar. 28, 2018
New Cyber Report a Handy Reference of Govt Directives
Mar. 28, 2018
Lt. Gen. Paul Nakasone to Head NSA/CYBERCOM
Mar. 28, 2018
Compliance Does Not Equal Security
Feb. 27, 2018
About the Analysts
Holly Dragoo is a research associate with the Advanced Concepts Laboratory (ACL) at the Georgia Tech Research Institute. Her previous work with the U.S. Department of Defense and Federal Bureau of Investigation give her a unique understanding of intelligence community requirements. Dragoo’s research interests include cybersecurity policy issues, threat attribution, metadata analysis, and adversarial network reconstruction. More By Holly
Panagiotis Kintis is a Ph.D. student at Georgia Tech's School of Computer Science and a researcher in the Astrolvaos Lab. His research examines new techniques for data analysis and cyber attribution with special focus on clues that can be obtained from the network layer of the Internet, such as bot activity and domain name abuse (combosquatting).
Brenden Kuerbis, Ph.D., is a postdoctoral researcher at Georgia Tech’s School of Public Policy and a former Fellow in Internet Security Governance at the Citizen Lab, Munk School of Global Affairs, University of Toronto. His research focuses on the governance of Internet identifiers (e.g., domain names, IP addresses) and the intersection of nation-state cybersecurity concerns with forms of Internet governance. More by Brenden
Joel Odom leads a team of researchers focused on software security as branch head for the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. He and his team research static and dynamic software analysis, software testing techniques, software reverse engineering, and software vulnerability discovery and mitigation. More by Joel
Chris M. Roberts is a senior research engineer with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute specializing in embedded firmware reverse engineering and hardware analysis. Mr. Roberts’ technical expertise has expanded to cover radio frequency system design, electronic and cyber warfare, hardware and firmware reverse engineering, vulnerability assessments of embedded systems and assessment of vulnerability to wireless cyberattacks. More by Chris