Ruhr-Uni-Bochum

Johnny, you are fired! – Spoofing OpenPGP and S/MIME Signatures in Emails

2019

Konferenz / Medium

Autor*innen

Juraj Somorovsky Sebastian Schinzel Damian Poddebniak Marcus Brinkmann Jens Müller Jörg Schwenk

Research Hub

Research Hub C: Sichere Systeme

Research Challenges

RC 7: Building Secure Systems

Abstract

OpenPGP and S/MIME are the two major standards to encrypt and digitally sign emails. Digital signatures are supposed to guarantee authenticity and integrity of messages. In this work we show practical forgery attacks against various implementations of OpenPGP and S/MIME email signature verification in five attack classes: (1) We analyze edge cases in S/MIME's container format. (2) We exploit in-band signaling in the GnuPG API, the most widely used OpenPGP implementation. (3) We apply MIME wrapping attacks that abuse the email clients' handling of partially signed messages. (4) We analyze weaknesses in the binding of signed messages to the sender identity. (5) We systematically test email clients for UI redressing attacks. Our attacks allow the spoofing of digital signatures for arbitrary messages in 14 out of 20 tested OpenPGP-capable email clients and 15 out of 22 email clients supporting S/MIME signatures. While the attacks do not target the underlying cryptographic primitives of digital signatures, they raise concerns about the actual security of OpenPGP and S/MIME email applications. Finally, we propose mitigation strategies to counter these attacks.

Tags

Software Security
Usable Security and Privacy