Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Efail - Breaking S-MIME and OpenPGP Email Encryption Using Exfiltration Channels

USENIX via YouTube

Overview

Explore a critical security presentation from USENIX Security '18 that unveils novel attacks on OpenPGP and S/MIME email encryption standards. Delve into the concept of malleability gadgets and how they can be exploited to reveal encrypted email content. Learn about CBC/CFB gadgets and their role in injecting malicious plaintext into encrypted emails, as well as the use of HTML, CSS, and X.509 functionality in these attacks. Understand the implications of these vulnerabilities, which affect emails collected in the past and can be triggered upon decryption. Examine the impact on various email clients, with 23 out of 35 S/MIME and 10 out of 28 OpenPGP clients found vulnerable. Gain insights into the need for updating encryption standards and addressing implementation flaws in email clients to enhance security.

Syllabus

Intro
Motivation for email encryption
Security of email encryption
Backchannel techniques
Malleability of CBC
Attacking S/MIME
Attacking OpenPGP
Impact on the standards
Conclusions

Taught by

USENIX

Reviews

Start your review of Efail - Breaking S-MIME and OpenPGP Email Encryption Using Exfiltration Channels

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.