Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Content-Type - multipart/oracle - Tapping into Format Oracles in Email End-to-End Encryption

USENIX via YouTube

Overview

Explore a 14-minute conference talk from USENIX Security '23 that delves into format oracle attacks in email end-to-end encryption (E2EE). Learn how researchers surveyed potential remote methods for attackers to discover decryption states in email E2EE, analyzing the interaction between MIME and IMAP protocols. Discover side-channels emerging from network patterns that leak decryption status in Mail User Agents (MUAs). Understand the specific MIME trees that produce decryption-dependent network patterns when opened in email clients. Examine the survey results of 19 OpenPGP- and S/MIME-enabled email clients and four cryptographic libraries, revealing a side-channel vulnerability in one client. Discuss the practical challenges of exploitation in other clients due to missing feature support and implementation quirks. Consider the conflict between usability and security created by these unintended defenses. Gain insights into proposed countermeasures for MUA developers and standards to prevent exploitation in email E2EE systems.

Syllabus

USENIX Security '23 - Content-Type: multipart/oracle - Tapping into Format Oracles in Email...

Taught by

USENIX

Reviews

Start your review of Content-Type - multipart/oracle - Tapping into Format Oracles in Email End-to-End Encryption

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.