Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security

Similar documents

DANE for SMTP. Viktor Dukhovni & Wes Hardaker. IETF 87, Berlin July 2013

Setting up and controlling

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

How to set up a multifunction device or application to send using Office 365

Internet Standards. Sam Silberman, Constant Contact

How to Build an Effective Mail Server Defense

Migration Project Plan for Cisco Cloud Security

SPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015

TECHNICAL WHITE PAPER. TLS encryption: Is it really the answer to securing ?

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Table of Contents. Electronic mail. History of (2) History of (1) history. Basic concepts. Aka (or according to Knuth)

Serial Deployment Quick Start Guide

BITS SECURITY TOOLKIT:

Deploying Layered Security. What is Layered Security?

Service Launch Guide (US Customer) SEG Filtering

This user guide provides guidelines and recommendations for setting up your business s domain authentication to improve your deliverability rating.

Guidelines for DBA Coverage for Direct and Host Country Contracts

Emacs SMTP Library. An Emacs package for sending mail via SMTP. Simon Josefsson, Alex Schroeder

Collax Mail Server. Howto. This howto describes the setup of a Collax server as mail server.

Create Mail Profiles for Gmail, Yahoo or Hotmail Accounts for Outlook Windows

Frequently Asked Questions

Frequently Asked Questions for New Electric Mail Administrators 1 Domain Setup/Administration

ing from The E2 Shop System address Server Name Server Port, Encryption Protocol, Encryption Type, SMTP User ID SMTP Password

CipherMail Gateway Quick Setup Guide

Protect your brand from phishing s by implementing DMARC 1

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Redirecting and modifying SMTP mail with TLS session renegotiation attacks

SME- Mail to SMS & MMS Gateway with NowSMS Quick Start Guide

Office 365 Exchange Online Protection Administration Guide

Transport Layer Security (TLS) About TLS

Security - DMARC ed Encryption

Configuring Security for SMTP Traffic

Spam, Spam and More Spam. Spammers: Cost to send

Introduction to Computer Security Benoit Donnet Academic Year

s and anti-spam Page 1

INSTRUCTIONS FOR COMPLETING THE USAID/TDA DEFENSE BASE ACT (DBA) APPLICATION

Deliverability Best Practices by Tamara Gielen

DomainKeys Identified Mail DKIM authenticates senders, message content

Proforma Cost for international UN Volunteers for UN Partner Agencies for International UN Volunteers (12 months)

How s are sent from Xero

Intercept Anti-Spam Quick Start Guide

Encryption of Traffic

Guardian Digital Secure Mail Suite Quick Start Guide

SESA Securing with Cisco Security Appliance Parts 1 and 2

Using Outlook with SaderApps

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on. User Information

Configuring Outlook 2010 for Windows

Protect Outbound Mail with DMARC

DomainKeys Identified Mail (DKIM) Murray Kucherawy The Trusted Domain Project

DANE Secured Demonstration. Wes Hardaker Parsons

Exim4U. Server Solution For Unix And Linux Systems

BSI TR : Secure Transport. Requirements for Service Providers (EMSP) regarding a secure Transport of s

A D M I N I S T R A T O R V 1. 0

Security. Michael E. Locasto University of Calgary

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

Mail Avenger. David Mazières New York University

Articles Fighting SPAM in Lotus Domino

Mail system components. Electronic Mail MRA MUA MSA MAA. David Byers

sendmail Cookbook Craig Hunt O'REILLY' Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

Directory & Mailing List Publisher Lines World Report

UNHCR, United Nations High Commissioner for Refugees

Objective This howto demonstrates and explains the different mechanisms for fending off unwanted spam .

SSL and Browsers: The Pillars of Broken Security

IronPort Authentication

DST . Product FAQs. Thank you for using our products. DST UK

The What, Why, and How of Authentication

How To Write An On A Linux Computer (No Mail) (No ) (For Ahem) (Or Ahem, For Ahem). (For An ) Or Ahem.Org) (Ahem) Or An

TLS and SRTP for Skype Connect. Technical Datasheet

ETSF10 Part 3 Lect 2

Tutorial Details Product Demonstrated: X-301 Estimated Completion Time: 15 minutes

POP3 Connector for Exchange - Configuration

How To Protect Your From Being Hacked On A Pc Or Mac Or Ipa From Being Stolen On A Network (For A Free Download) On A Computer Or Ipo (For Free) On Your Pc Or Ipom (For An Ipo

USING YOUR GMAIL ACCOUNT FOR SCRUBBING YOUR REGULAR OF SPAM Beginners Kaffee Klatch Presented by Bill Wilkinson

Networking Basics and Network Security

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Overview An Evolution. Improving Trust, Confidence & Safety working together to fight the beast. Microsoft's online safety strategy

Hosted Security 2.0 Quick Start Guide

Configuring Outlook 2016 for Windows

Network Security - ISA 656 Application Firewalls

Praise for Directory of Global Professional Accounting and Business Certifications

Cisco Cloud Security Interoperability with Microsoft Office 365

DKIM Enabled Two Factor Authenticated Secure Mail Client

DJIGZO ENCRYPTION. Djigzo white paper

TRANSFERS FROM AN OVERSEAS PENSION SCHEME

Send TLM. Table of contents

Security.cloud Configuring DLP on to your flow and applying security to your hosted deployment

Hosted CanIt. Roaring Penguin Software Inc. 26 April 2011

ZMap. Fast Internet-Wide Scanning and its Security Applications. Zakir Durumeric Eric Wustrow J. Alex Halderman. University of Michigan

Core Filtering Admin Guide

Transcription:

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Kurt Thomas, Vijay Eranti, Nicholas Lidzborski, Elie Bursztein, Michael Bailey, J. Alex Halderman University of Michigan, University of Illinois Urbana-Champaign, Google

Who am I? I am a Ph.D. Candidate at University of Michigan. My research focuses on measurement-driven security. Developing tools for researchers to better measure the Internet Using this perspective to understand how systems are deployed in practice

E-mail Security in Practice SMTP Submission (TCP/587) Alice smtp.umich.edu

E-mail Security in Practice SMTP Submission (TCP/587) Alice smtp.umich.edu MX? 1.2.3.4 DNS Server

E-mail Security in Practice SMTP Submission (TCP/587) Alice SMTP Delivery (TCP/25) smtp.umich.edu MX? 1.2.3.4 DNS Server smtp.gmail.com

E-mail Security in Practice SMTP Submission (TCP/587) Alice SMTP Delivery (TCP/25) smtp.umich.edu MX? 1.2.3.4 DNS Server smtp.gmail.com POP3/IMAP pop3.gmail.com Bob

E-mail Security in Practice SMTP Submission (TCP/587) Alice SMTP Delivery (TCP/25) smtp.umich.edu MX? 1.2.3.4 DNS Server smtp.gmail.com POP3/IMAP pop3.gmail.com Bob

E-mail Security in Practice Alice SMTP Submission (TCP/587) SMTP Delivery (TCP/25) smtp.umich.edu MX? 1.2.3.4 Email Delivery (SMTP) has no built-in security We ve added SMTP extensions to: 1. Encrypt email in transit smtp.gmail.com DNS Server 2. Authenticate email on receipt POP3/IMAP Deployment is voluntary and invisible to end users pop3.gmail.com Bob

STARTTLS: TLS for SMTP Allow TLS session to be started during an SMTP connection Mail is transferred over the encrypted session Sender (Alice) Mail server (smtp.source.com) Mail server (smtp.destination.com) Recipient (Bob) Passive Eavesdropper

STARTTLS Protocol TCP handshake 220 Ready EHLO 250 STARTTLS Sender STARTTLS 220 GO HEAD TLS negotiation Encrypted email Recipient

Opportunistic Encryption Only Unlike HTTPS, STARTTLS is used opportunistically Senders do not validate destination servers the alternative is cleartext Many servers do not support STARTTLS A publicly-referenced SMTP server MUST NOT require use of the STARTTLS extension in order to deliver mail locally. This rule prevents the STARTTLS extension from damaging the interoperability of the Internet's SMTP infrastructure. (RFC3207)

1.2.3.4 What name to validate? Unlike HTTPS, unclear what name should go on the certificate MX Server (e.g., smtp.gmail.com) - No real security added - MITM returns bad MX record Domain (e.g., gmail.com) - No clear solution for large cloud providers MX? mx.gmail.com smtp.umich.edu DNS Server (1) A mx.gmail.com DNS Server (2)

STARTTLS Usage as seen by Gmail

STARTTLS Usage as seen by Gmail Yahoo and Hotmail deploy STARTTLS

100 Inbound Outbound Percent of Gmail Connections 80 60 40 20 Poodle Vulnerability 0 01/2014 03/2014 05/2014 07/2014 09/2014 11/2014 01/2015 03/2015

Long Tail of Mail Operators These numbers are dominated by a few large providers. Of the Alexa Top 1M with Mail Servers: - 81.8% support STARTTLS - 34% have certificates that match MX server - 0.6% have certificates that match domain (which would allow true authentication) Not currently feasible to require STARTTLS

Common Implementations on Ubuntu Software Top Million Market Share Public IPv4 Market Share Default Incoming Default Outgoing Exim 34% 24% Postfix 18% 21% qmail 6% 1% Sendmail 5% 4% MS Exchange 4% 12% Other/Unknown 33% 38%

What s the simplest way to eavesdrop on servers that use STARTTLS?

Attack 1: STARTTLS Stripping TCP handshake 220 Ready EHLO Sender 250 XXXXXXXX Cleartext Email 250 STARTTLS Recipient

STARTTLS Stripping in the Wild Country Tunisia 96.1% Iraq 25.6% Papua New Guinea 25.0% Nepal 24.3% Kenya 24.1% Uganda 23.3% Lesotho 20.3% Sierra Leone 13.4% New Caledonia 10.1% Zambia 10.0%

STARTTLS Stripping in the Wild Country Tunisia 96.1% Iraq 25.6% Papua New Guinea 25.0% Nepal 24.3% Kenya 24.1% Uganda 23.3% Lesotho 20.3% Sierra Leone 13.4% New Caledonia 10.1% Zambia 10.0% Country Reunion 9.3% Belize 7.7% Uzbekistan 6.9% Bosnia and Herzegovina 6.5% Togo 5.5% Barbados 5.3% Swaziland 4.6% Denmark 3.7% Nigeria 3.6% Serbia 3.1%

Not Necessarily Malicious Organization Type Corporation 43% ISP 18% Financial Institution 14% Academic Institution 8% Healthcare Provider 3% Unknown 3% Airport 2% Cisco advertises this feature to prevent attacks and catch spam It s unclear if operators know they re inadvertently putting users at risk Signal as to how vulnerable protocols currently are Hosting Provider 2% NGO 1%

Attack 2: Lying DNS Servers Rogue Mail server Sender (Alice) Source Mail server Forward MX? IP: 6.6.6.6 Destination Mail Server Recipient (Bob) DNS server

Attack 2: Lying DNS Servers Country Slovakia 0.08% Romania 0.04% Bulgaria 0.02% India 0.01% Israel 0.01% Poland 0.01% Switzerland 0.01% Ukraine 0.01% Others 10.1%

Authenticating Email

Authenticating Email DomainKeys Identified Mail (DKIM) Sender signs messages with cryptographic key Sender Policy Framework (SPF) Sender publishes list of IPs authorized to send mail Domain Message Authentication, Reporting and Conformance (DMARC) Sender publishes policy in DNS that specifies what to do if DKIM or SPF validation fails

E-mail Authentication in Practice SPF 11% No Auth 6% DKIM 2% SPF & DKIM 81% Gmail Authentication

E-mail Authentication in Practice SPF 11% No Auth 6% DKIM 2% Technology Top 1M SFP Enabled 47% DMARC Policy 1% SPF & DKIM 81% DMARC Policy Top 1M Reject 20% Quarantine 8% Empty 72% Gmail Authentication Top Million Domains

Moving Forward Two IETF proposals to solve real world issues: SMTP Strict Transport Security Similar to HTTPS HSTS (key pinning) Authenticated Received Chain (ARC) DKIM replacement that handles mailing lists

Gmail STARTTLS Indication Insecure Received Insecure Sending

Inbound Gmail Protected by STARTTLS Google Deploys STARTTLS Indicator

Current State of Affairs Providers are continuing to roll out transport security and authentication protocols, but many organizations lag in deployment STARTTLS currently provides no protection against active adversaries Several proposals in discussion for bridging these gaps Mail is used to communicate sensitive data and despite being hidden from view, its security is equally important

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security Zakir Durumeric University of Michigan zakir@umich.edu