Explore the vulnerabilities in OpenPGP and S/MIME email encryption standards in this 46-minute Black Hat conference talk. Delve into the history of secure email, the motivation for end-to-end encryption, and the use of outdated cryptographic primitives. Examine backchannel techniques and their evaluation in email clients. Understand the attacker model, hybrid encryption, and the malleability of CBC/CFB. Analyze practical attacks against S/MIME and OpenPGP's integrity protection mechanisms. Investigate the impact on standards and witness a direct exfiltration demo. Gain insights into the security implications of these vulnerabilities and their potential consequences for email encryption.
Efail - Breaking S-MIME and OpenPGP Email Encryption Using Exfiltration Channels
Overview
Syllabus
Intro
History of secure email
Two competing standards
Motivation for using end-to-end encryption
Both standards use old crypto
Old crypto has no negative impact
Backchannel techniques
Evaluation of backchannels in email clients
Attacker model
Hybrid encryption
Hybrid malleability of CBC/CFG
Malleability of CBC/CFB
Overview
Practical Attack against S/MIME
OpenPGP - Integrity Protection
RFC4880 on Modification Detection Codes
OpenPGP - Compression (DEFLATE)
Impact on the standards
Direct exfiltration - Demo Time
Conclusions
Black Hat sound bytes
Taught by
Black Hat
