Network and Communications Security (IN3210/IN4210) …1971: Ray Tomlinson −First network email in...

Network and Communications Security (IN3210/IN4210)

Email Security

Email Foundations

5

Network and Communications Security (IN3210/IN4210) 6


History of Electronic Mail

● 1960s: Host-based electronic mail

● 1971: Ray Tomlinson− First network email in the ARPANET

− First use of the “@” symbol for separation of user and host name

● 1976: 75% of ARPANET traffic is email communication

● 1982: First standards for Internet email:− RFC 821: Simple Mail Transfer Protocol (SMTP)

− RFC 822: Internet Message Format

● 1984: Post Office Protocol (POP)

● 1986: Internet Message Access Protocol (IMAP)

● 1998: S/MIME

7

Imag

e So

urc

e: W

ikip

edia

Ray Tomlinson


Message Transport System

8

UA UA

MTA

MDAMTA

MTAMTA

MTA

MTAMTA

Sender Receiver



9

UA UA

MTA

MDAMTA

MTAMTA

MTA

MTAMTA

Sender Receiver

IMAP / POP3

SMTP

SMTPSMTPSMTP



● User Agent (UA)

− End user program for sending and receiving emails (e.g. Thunderbird)

● Message Transfer Agent (MTA)

− System for sending and receiving mail between systems

● Mail Delivery Agent (MDA)

− System for delivering email to the end user (e.g. via IMAP or local delivery)

10


Letter Structure

11

Envelope

Header

Body


Email Structure (simplified)

Received: from mail-ex12.exprod.uio.no (2001:700:100:120::74) by

mail-ex03.exprod.uio.no (2001:700:100:52::6) with Microsoft SMTP Server (TLS)

id 15.0.1497.2 via Mailbox Transport; Tue, 3 Sep 2019 20:50:10 +0200

...

Received: from easychair.org (m2635.contabo.net [213.136.76.235])

by easychair.org (8.14.4/8.14.4/Debian-4.1ubuntu1.1) with ESMTP id x83Io91i008601

for ; Tue, 3 Sep 2019 20:50:09 +0200

Content-Type: text/plain; charset="UTF-8"

Date: Tue, 3 Sep 2019 20:50:09 +0200

From: "NordSec 2019"

To: XXX XXX

Subject: NordSec 2019 paper assignment

Sender: [email protected]

MIME-Version: 1.0

Dear XXX,

Please find below the list of papers assigned to you

for reviewing.

Best regards,

The NordSec 2019 Team.

12

MTA

s

Header

Body


Full MTA Path





mail-ex12.exprod.uio.no (2001:700:100:120::74) with Microsoft SMTP Server

(TLS) id 15.0.1497.2; Tue, 3 Sep 2019 20:50:10 +0200

Received: from mail-mx03.uio.no (129.240.169.59) by mail-ex11.exprod.uio.no

(129.240.120.73) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend

Transport; Tue, 3 Sep 2019 20:50:10 +0200

Received: from easychair.org ([213.136.76.235])

by mail-mx03.uio.no with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)

(Exim 4.92)

(envelope-from )

id 1i5DsY-00049g-3U

for [email protected]; Tue, 03 Sep 2019 20:50:10 +0200



for ; Tue, 3 Sep 2019 20:50:09 +0200


Date: Tue, 3 Sep 2019 20:50:09 +0200

...

13


Email and DNS

● How does an MTA know the destination server?

● Example:

− Mail address: [email protected]

● DNS contains a resource record for mail transfer: MX

● Example:

− Domain: example.com

− DNS MX response:▪ mail.example.com

14

$ORIGIN example.com.

$TTL 2d

@ IN SOA < some parameters >

IN NS ns1.example.com.

IN NS ns2.example.com.

IN MX 10 mail.example.com.

ns1 IN A 192.168.0.3

ns2 IN A 192.168.0.4

mail IN A 192.168.0.5

mailto:[email protected]


Email Protocols

● Internet Message Access Protocol (IMAP)

− Protocol to access an email box (from multiple email clients)

− Standard ports: ▪ IMAP: 143

▪ IMAP over TLS: 993

− Has widely replaced the older POP3 protocol

● Simple Mail Transfer Protocol (SMTP)

− Protocol for email transmission between UAs, MTAs and MDAs

− Standard ports: 25, 587 (for submission from clients)

− Secure transport typically not via SMTP over TLS, but opportunistic TLS

15


Example: SMTP

S: 220 smtp.example.com ESMTP PostfixC: HELO relay.example.comS: 250 smtp.example.com, I am glad to meet youC: MAIL FROM:S: 250 OkC: RCPT TO:S: 250 OkC: RCPT TO:S: 250 OkC: DATAS: 354 End data with .C: From: "Bob Example" C: To: Alice Example C: Cc: [email protected]: Date: Tue, 15 Jan 2008 16:02:43 -0500C: Subject: Test messageC: C: Hello Alice.C: This is a test message with 5 header fields and 4 lines in the message body.C: Your friend, BobC: .S: 250 Ok: queued as 12345C: QUITS: 221 Bye

16

Exam

ple

Sou

rce:

Wik

iped

ia


Extended SMTP (ESMTP)

● Extends the orginal standard with a number of features, e.g. for authentication, unicode encoding, secure transport

● Example (STARTTLS):[establish TCP connection]

S: 220 mail.example.org ESMTP service ready

C: EHLO client.example.org

S: 250 mail.example.org offers a warm hug of welcome

S: 250 STARTTLS

C: STARTTLS

S: 220 Go ahead

[TLS handshake]

C: EHLO client.example.org [TLS secured]

17

Exam

ple

Sou

rce:

Wik

iped

ia


Multipurpose Internet Mail Extensions (MIME)

● The original email standard only permitted 7-bit US ASCII text

● Thus, no:− special characters from non-English languages (e.g. ü, æ, ç, ω, ж)

− binary data (e.g. graphics, audio)

● MIME allows definition of:− content types (e.g. text, PNG, html)

− content encoding, e.g. ▪ base64: use Base64 encoding

▪ quoted-printable: non-ASCII characters are replaced by hex value

▪ 8bit: no encoding, direct transmission (only in newer implementation)

● MIME additionally allows transport of multiple message parts

18


Detour: Base64

● Encodes binary data into the following 64 characters:

− A ... Z, a ... z, 0 ... 9, +, /

● Takes each 6-bit from binary input and transforms in one character

● If input length (in bytes) is not a multiple of 3 the output is marked with “=“ or “==“

● Example:

19

SourceText (or Binary)

M a n

Bits 0 1 0 0 1 1 0 1 0 1 1 0 0 0 0 1 0 1 1 0 1 1 1 0

Base64encoded

Sextets 19 22 5 46

Character T W F u

Exam

ple

Sou

rce:

Wik

iped

ia


Multipurpose Internet Mail Extensions (MIME)

● Example:Content-Type: multipart/mixed; boundary="------------125573EC27547229E81181E9"

MIME-Version: 1.0

--------------125573EC27547229E81181E9

Content-Type: text/plain; charset="utf-8"; format=flowed

Content-Transfer-Encoding: 7bit

This is the content of the mail.

--------------125573EC27547229E81181E9

Content-Type: image/png; name="uio-logo.png"

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename="uio-logo.png"

iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKAQMAAAC3/F3+AAAABlBMVEUAAAD/+l2Z/dAAAACXBI

WXMAAA7EAAAOxAGVKw4bAAAAFUlEQVQImWP4foDhIQz9P8DwGYULAPrNEK/99dAAAAAElFTk==

--------------125573EC27547229E81181E9--

20

Security Issues and Countermeasures

21


Security Issues of Emails

● Phishing− Draw confidential information from victim (e.g. passwords)

● Privacy breach− Sender wants to track email recipients

● SPAM− Unwanted emails (e.g. advertisement)

● Eavesdropping− Disclosure of email contents on servers or during transport between servers

● Spoofing− Faking sender identity

● Malware− Infiltrating malicious programs into recipient’s computer

● Fraud− Contact medium for deception (e.g. financial fraud)

22






● Eavesdropping− Disclosure of email content on servers or during transport between servers




23


Phishing

● Phishing = „Password Fishing“

− Victim receives email with link to fake Web site and clicks link

− Victim enters confidential data (e.g. passwords) assuming he is on a trusted Web site

− Attacker misuses the entered data

● The tricks …

− Sending mass emails is very easy and cheap

− Sender addresses in emails are not authenticated

− Creating Web sites and mails impersonating a trusted source is easy

− Hyperlinks to fake Web sites can be hidden in HTML mails

24


Phishing Emails

25


Phishing Emails – UiO

26


Phishing URLs (1)

● Attacker uses his own domain name, e.g.:

http://www.evil.net/login/

● Other possibility:

− generic DNS name (e.g. host.1234.provider.net)

− IP address

● Disadvantage:

− Easily detectable for the victim

27

From theviewpoint ofthe attacker

http://www.evil.net/login/


Phishing URLs (2)

● Attacker uses his own domain name, but disguises it with a clever sub domain, e.g.:

http://www.online-bank.com.login.evil.net/

● Advantage:

− Simple realization

− Harder detectable for the victim

● Disadvantage:

− Most modern browsers highlight the domain and simplify detection of this URL spoofing

28

Assume, there is a real bank with the address:www.online-bank.com

http://www.online-bank.com.login.evil.net/http://www.online-bank.com/


Phishing URLs (3)

● The attacker registers a domain like the original domain, e.g.:

http://www.online-bonk.com/login/

● Advantage:

− Very hard to detect for the victim

● Disadvantage:

− Higher effort (compared to the previous approaches)

29

http://www.online-bonk.com/login/


Phishing URLs (4)

● The attacker registers a domain looking like the original domain, e.g.:

http://www.online-bаnk.com/login/

● Advantage:− Very hard to detect

for the victim

● Disadvantage:− Higher effort (compared to the previous approaches)

− Not possible with modern browsers (see below)

● Some browsers encode non-ASCII characters in “puny code”:

http://www.xn--online-bnk-6qi.net/login/

30

„a“ from cyrillic (russian) character set!

http://www.online-bаnk.com/login/http://www.online-bаnk.net/login/


Phishing URLs (5)

● The attacker uses the original domain:

http://www.online-bank.com/login/

● Advantage:

− Detection is impossible for the victim

● Disadvantage:

− Requires DNS spoofing attack (see DNS chapter) → very high effort

32

http://www.online-bank.com/login/


Phishing – Countermeasures

● Some mail programs check for suspicious content− Example: Masking actual Web address

● Observation of To and From addresses (but can be spoofed)

● Careful observation of Web addresses (plus usage of TLS)

● Most important countermeasure: use of common sense!

34

https://ecs-org.us14.list-manage.com/track/click?id=37753b9cd9










36


Email Tracking

● The sender might want to know: has the recipient received/read the email?

● Possibility 1: explicit request + receipt

− user must confirm mail receipt for finishing a business process

− hardly used any more

● Possibility 2: implicit tracking (mainly for SPAM or phishing)

− does the email address exist?

− does the email bypass SPAM filters?

− is the recipient viewing the mail (or deleting it)?

37

Network and Communications Security (IN3210/IN4210) 38


Email Tracking: Images

● Many newsletters contain HTML content:This is a multi-part message in MIME format.

------=_NextPart_655_E1CC256C.E1CC256C

Content-Type: text/plain; charset="windows-1252"

Content-Transfer-Encoding: 8bit

Hvis du ikke kan se HTML-version af nyhedsbrevet, skal du klikke på dette link:

http://rt1-t.autoemail.hm.com/r/?id=t36ae2b3,c895a0b,c895a47

------=_NextPart_655_E1CC256C.E1CC256C

Content-Type: text/html; charset="windows-1252"

Content-Transfer-Encoding: quoted-printable



● Mail program receives email in HTML format

● HTML document contains image tags (located on Web server of the mail sender)

− e.g.:

● Mail program downloads the images for rendering the HTML mail

● Web server owner (= mail sender) logs the request and can analyze the URL

41



● In all newsletters:− https://s1-cdn.hm.com/global/assets/1.0.112/images/social/twitter-box.png

● Newsletter 1:− https://lpe.hm.com/hmoces?set=locale[no_no]&set=imageUrl[https://aemcomm.hm.com/content

/dam/hm/Seasonal Images Email/Seasonal Images May 2019/6059-1.50-Customer-On-Boarding-3x2-1400x934px-5.jpg/_jcr_content/renditions/cq5dam.web.750.750.jpeg]&set=width[750]&call=url[https://s1-cdn.hm.com/global/image-chains/1.1.253/price-module-image-v2/desktop.chain]&auth=hash[e5be3db9]


/dam/hm/Seasonal Images Email/Seasonal Images May 2019/6059-1.50-Customer-On-Boarding-3x2-1400x934px-5.jpg/_jcr_content/renditions/cq5dam.web.750.750.jpeg]&set=width[750]&call=url[https://s1-cdn.hm.com/global/image-chains/1.1.253/price-module-image-v2/mobile.chain]&auth=hash[87882c29]

42



● In all newsletters:− https://s1-cdn.hm.com/global/assets/1.0.112/images/social/twitter-box.png


/dam/hm/Seasonal Images Email/Seasonal Images May 2019/6059-1.50-Customer-On-Boarding-3x2-1400x934px-5.jpg/_jcr_content/renditions/cq5dam.web.750.750.jpeg]&set=width[750]&call=url[https://s1-cdn.hm.com/global/image-chains/1.1.253/price-module-image-v2/desktop.chain]&auth=hash[e5be3db9]


/dam/hm/Seasonal Images Email/Seasonal Images May 2019/6059-1.50-Customer-On-Boarding-3x2-1400x934px-5.jpg/_jcr_content/renditions/cq5dam.web.750.750.jpeg]&set=width[750]&call=url[https://s1-cdn.hm.com/global/image-chains/1.1.253/price-module-image-v2/mobile.chain]&auth=hash[87882c29]

43


Email Tracking: Links

● Link to „Today‘s Headlines“

● Newsletter 1:

− https://nl.nytimes.com/f/a/otsqCtxeBjREdiEiVRSdZA~~/...

● Newsletter 2:

− https://nl.nytimes.com/f/a/aKN5MabIovCe_iU3KL9SBw~~/...

44


Email Tracking ... as a Service

45


Email Tracking: Countermeasures

46










47


SPAM

48


SPAM

50

Imag

e So

urc

e: s

pam

law

s.co

m


Message Transport System (original)

52

UA UA

MDAMTA

MTAMTA

Sender ReceiverFrom: [email protected]

From: [email protected]

Open Relay

MTA


Message Transport System (nowadays)

53

UA UA

MDAMTA


Accept mails [email protected] from MTA ofexample.com domain







mail-ex12.exprod.uio.no (2001:700:100:120::74) with Microsoft SMTP Server

(TLS) id 15.0.1497.2; Tue, 3 Sep 2019 20:50:10 +0200

Received: from mail-mx03.uio.no (129.240.169.59) by mail-ex11.exprod.uio.no

(129.240.120.73) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend

Transport; Tue, 3 Sep 2019 20:50:10 +0200

Received: from easychair.org ([213.136.76.235])

by mail-mx03.uio.no with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)

(Exim 4.92)

(envelope-from )

id 1i5DsY-00049g-3U

for [email protected]; Tue, 03 Sep 2019 20:50:10 +0200



for ; Tue, 3 Sep 2019 20:50:09 +0200


Date: Tue, 3 Sep 2019 20:50:09 +0200

...

54



55

UA UA

MTA


I am the MTA of domain

example.com

MTAs must authenticate!

MTA

MTA/MDA


Sender Policy Framework (SPF)

● Every domain defines a list of allowed sending MTAs

● The list is published in the domain’s DNS

● Receiving MTA checks if the sending MTA is on the SPF list

56

MTA MTA

DNS example.com

129.240.10.33129.240.10.34...



SPF Example: UiO

● SPF record of uio.no (stored as TXT resource record in DNS):v=spf1 mx ip4:129.240.10.0/25 ip6:2001:700:100:10::/64 ip6:2001:700:100:8210::/64 include:spf.uio.no?all

● Envelope of email sent from UiO address:Received: from mail-out02.uio.no (mail-out02.uio.no [129.240.10.71])

(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))

by mx4.xxx.xx (Postfix) with ESMTPS id E4F771F884

for ; Sun, 6 Oct 2019 14:04:50 +0200 (CEST)

● Receiving MTA has checked SPF (result also included in mail header):Authentication-Results: mx4.xxx.xx;

spf=pass (mx4.xxx.xx: domain of [email protected] designates 129.240.10.71 as permitted sender)

57


DomainKeys Identified Mail (DKIM)

● Sending MTA digitally signs (parts of) outgoing emails

● The corresponding public key is published in the domain’s DNS

● Receiving MTA downloads the public key and verify the signature

58

MTA MTA

DNS example.com

k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAO...



DKIM Example: Google Mail

● DKIM record of Google Mail:k=rsa; p=MIIBIjAN...YRJQqR" "tqEgSiJ+...DA/QAB

● Envelope sent from Google Mail addresse:DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20161025;

h=mime-version:from:date:message-id:subject:to;

bh=OdI9XMdK6yLSftJKNtdmXt6Wt+JqJWNfaLu0qvcMd98=;

b=TbjoDJda8/UX3 ... Afy3Yqlg/==

● Receiving MTA has checked DKIM signature (result also included in mail header):Authentication-Results: mx4.xxx.xx;

dkim=pass header.d=gmail.com header.s=20161025 header.b=TbjoDJda;

59


Domain-based Message Authentication, Reporting and Conformance (DMARC)

● Sending MTA specifies if it supports DKIM and/or SPF and what shall happen in case on of the checks fail

● Additionally DMARC forces the “alignment” of mail address domain and authenticated domain

60

MTA MTA

DNS example.com

p=none; pct=100;rua=mailto:[email protected]



SPAM

● Still possible to sent SPAM:

− Register domain for SPAM purpose

− Sloppy configuration of mail servers

− Sending emails via botnets

● Further SPAM detection mechanisms:

− Black- / white-lists of email domains (e.g. dnswl.org)

− Inspection of email content (rule based or using machine learning):▪ typical ad keywords

▪ suspicious formatting (e.g. white text on white background, using encoding to hide content)

▪ suspicious attachments

61


SPAM

● Most SPAM detection systems calculate a “SPAM score” using a bonus/malus system (based on the mechanisms presented before)

● If the total score exceeds a threshold probably SPAM

62

X-Spam-Report: Content analysis details: (5.8 points)pts rule name description---- ---------------------- ---------------------------------------------------0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low

trust[212.227.15.19 listed in list.dnswl.org]

5.0 URIBL_HEDBL_SPAM_2 Contains an URL listed in the HEDBL blocklist[URIs: responsys.net]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider0.1 HTML_MESSAGE BODY: HTML included in message-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid0.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily1.5 THIS_AD "This ad" and variants










63


S/MIME

● Method for encrypting and digital signing email content by the sender

● Advantages:− End-to-end integrity, authenticity and confidentiality

− Supported by most email clients

● Disadvantages:− “Official” certificate required

− Identification to the CA much more complicated then in the Web

− Key management: private key must be installed on all email devices

− Email header (e.g. From and To) are readable

● Current state:− Just used in some enterprises or universities (with own CA)

64


Pretty Good Privacy (PGP)

● Method for encrypting and digital signing

● Used for software integrity (signature) and email security

● Trust model (no “official” CA certificate required):

− Direct trust (requires careful check of received certificate) → everyone can sign a trusted certificate and (re-)publish it

− Web of trust: if there exists a path of direct trust to a certificate you can also trust it (indirect trust)

● Advantage:

− No identification to CA required

65

Imag

e So

urc

e: W

ikip

edia


Pretty Good Privacy (PGP)

● Disadvantages:

− Not (natively) supported by major email clients

− Complex key management (“Whom shall I trust?”)

− Many cryptographic and implementation flaws (e.g. EFAIL)

− Publication of certificate with huge number of signatures offers a possibility for DoS attack on PGP clients

● Current state:

− For email security just in used in small communities

66

Imag

e So

urc

e: v

ice.

com


Malware

● Email is still the main infection source for malware

● Example: Locky

67

Imag

e So

urc

e: m

cafe

e.co

m


Fraud

● Famous example: Nigeria scam

68


Summary

● The email system has many security issues

● Typical security mechanisms:− Confidentiality, integrity:

▪ MTA to MTA: TLS

▪ End to end: (practically) nothing

− Authenticity:▪ MTA to MTA: DKIM, SPF

▪ End to end: (practically) nothing

− Availability: SPAM detection (+ MTA authentication)

− Trustworthy content:▪ Backend: Virus detection (e.g. email sandboxing)

▪ Client: URL inspection

▪ User: common sense

69

Network and Communications Security (IN3210/IN4210) …1971: Ray Tomlinson −First network email in...

Documents

Transcript of Network and Communications Security (IN3210/IN4210) …1971: Ray Tomlinson −First network email in...