Content-Type - multipart/oracle - Tapping into Format Oracles in Email End-to-End Encryption

Explore a 14-minute conference talk from USENIX Security '23 that delves into format oracle attacks in email end-to-end encryption (E2EE). Learn how researchers surveyed potential remote methods for attackers to discover decryption states in email E2EE, analyzing the interaction between MIME and IMAP protocols. Discover side-channels emerging from network patterns that leak decryption status in Mail User Agents (MUAs). Understand the specific MIME trees that produce decryption-dependent network patterns when opened in email clients. Examine the survey results of 19 OpenPGP- and S/MIME-enabled email clients and four cryptographic libraries, revealing a side-channel vulnerability in one client. Discuss the practical challenges of exploitation in other clients due to missing feature support and implementation quirks. Consider the conflict between usability and security created by these unintended defenses. Gain insights into proposed countermeasures for MUA developers and standards to prevent exploitation in email E2EE systems.