network security potpourri - computer sciencegoldbe/teaching/cs558s17/emailsecurity.pdf ·...

19
Email Security CS558 Network Security Boston University Prof. S. Goldberg, Spring 2017

Upload: others

Post on 15-Apr-2020

2 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com

Email Security

CS558 Network Security

Boston University

Prof. S. Goldberg, Spring 2017

Page 2: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com

https://www.elie.net/blog/understanding-how-tls-downgrade-attacks-prevent-email-encryption

Page 3: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com
Page 4: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com

STARTTLS

As visible in the diagram above, this retrofitting was achieved by adding the verb STARTTLS to the SMTP options command that the server sends to the SMTP client as part as the protocol negotiation. If the client supports encryption (TLS), it will understand the STARTTLS verb and will initiate a TLS exchange before sending the email to ensure it is encrypted. If the client doesn’t know TLS, it will simply ignore the STARTTLS and send the email in clear

Page 5: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com

STARTTLS Downgrade Attack

A downgrade attack is a form of attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an old, lower-quality mode of operation (e.g. clear text) that is there for backward compatibility with older systems.

Page 6: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com
Page 7: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com

STARTTLS Stripping

Page 8: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com

Fraudulent DNS responses

Page 9: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com
Page 10: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com
Page 11: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com

PGP?

Page 12: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com

https://xkcd.com/1181/

Page 13: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com

PGP encryption of message contents

Page 14: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com
Page 15: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com
Page 16: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com
Page 17: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com

PGP keys

Page 18: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com

PGP keys

Page 19: Network security potpourri - Computer Sciencegoldbe/teaching/CS558S17/EmailSecurity.pdf · 2017-04-27 · performs a DNS lookup for the mail exchange (MX) record of the destination.com