Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slides Credit: Sogand Sadrhaghighi

Published byBritton Hensley Modified over 5 years ago

Similar presentations

Presentation on theme: "Slides Credit: Sogand Sadrhaghighi"— Presentation transcript:

1 Slides Credit: Sogand Sadrhaghighi
An Empirical Analysis of Delivery Security Zakir Durumeric et al. ACM IMC 2015 Slides Credit: Sogand Sadrhaghighi

2 How is your everyday email protected?
Motivation How is your everyday protected?

3 SMTP (Simple Mail Transfer Protocol)
SMTP is the Internet standard for sending and relaying .

4 SMTP Security The original SMTP (RFC 821) had no built-in security at all. There have been several security extensions over the years: Confidentiality (encrypt in transit) 1 STARTTLS Authenticate on receipt 1 DKIM (Domain Keys Identified Mail) 2 SPF (Sender Policy Framework) 3 DMARC (Domain-based Message Authentication, Reporting + Conformance) Deployment is voluntary and (usually) invisible to end users!

5 Two Empirical Datasets
16 months of gmail inbound/outbound messages Longitudinal view: January 2014 to April 2015 Used Google’s “Transparency Report” for message stats Also: analysis of ciphers negotiated with SMTP servers Mail servers from the top 1 million Alexa domains Snapshot view: current state as of April 2015 Performed MX lookups in DNS for popular domains For domains with mail servers (79%), a DNS query was used to identify security extensions supported (if any) Attempted SMTP/STARTTLS handshake using Zmap

6 STARTTLS: TLS for SMTP Allows TLS session to be started during an SMTP connection Mail is transferred over an encrypted session Protection against passive eavesdroppers

7 Destination mail server
STARTTLS: TLS for SMTP Source mail server Destination mail server

8 Empirical Measurements of STARTTLS
Based on the volume of messages protected by STARTTLS As of April 26, 2015 STARTTLS Initiation Increase from January 2014 Outgoing messages 80% 54% Incoming messages 60% 82% Yahoo and Hotmail deploying STARTTLS Poodle vulnerability Weekends 10% more than weekdays

9 Cipher Suite Analysis Findings:
80% of outbound connections are protected by TLS About half of all incoming connections chose a strong cipher suite About 45% of clients use RC4 despite its known weaknesses

10 Security Threats STARTTLS provides protection against passive eavesdroppers, but not against active attackers who can tamper with packets STARTTLS is designed to “fail open” rather than “fail closed” (i.e., defaults to plain text if TLS negotiation fails) An active attacker can manipulate the packets containing STARTTLS to prevent servers from establishing a secure channel! TCP handshake 220 Ready EHLO XXXX Client Server Plain text

11 Geographical Analysis of Active Attacks
Cisco exploits this feature to detect spammers and prevent attacks. Downfall: Every from your country will be in plain text!

12 SPF (Sender Policy Framework)
Authentication When we receive a message, we want to see if it is sent from someone authorized in the source domain. Detecting spams Allows a domain to put a DNS TXT record that lists the IP addresses of their legitimate mail servers Example: <spf-mail.example.com> “v=sfp1 ip4: /20 -all” SPF (Sender Policy Framework)

13 DKIM (Domain Keys Identified Mail )
The sender publishes its public key in a DNS record Sender attaches cryptographic signature in a message’s header Recipient checks the signature, using the public key p Signing domain Body hash Digital signature of the content

14 DMARC DMARC: Domain-based Message Authentication, Reporting, and Conformance Builds upon DKIM and SPF Allows a sender to publishes a mail policy in a DNS record. Recipient checks for the sender’s policy

15 Empirical Measurements
Delivered Gmail Messages Top Million Domains April 2015

16 Conclusions SMTP by itself is NOT secure
Mail community has started to deploy new security extensions, but progress is slow for small organizations STARTTLS is not a long-term solution, since active attacks are prevalent and potentially very serious

Download ppt "Slides Credit: Sogand Sadrhaghighi"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Basic Communication on the Internet:

Basic Communication on the Internet:
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Cryptography and Network Security

Cryptography and Network Security
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
DNSSEC & Email Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
DNSOP WG IETF-67 SPF/Sender-ID DNS & Internet Threat Douglas Otis

DNSOP WG IETF-67 SPF/Sender-ID DNS & Internet Threat Douglas Otis
Chapter 8 Web Security.

Chapter 8 Web Security.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.

SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
Identity Based Email Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.

Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
SMTP, POP3, IMAP.

SMTP, POP3, IMAP.
IT 424 Networks2 IT 424 Networks2 Ack.: Slides are adapted from the slides of the book: “Computer Networking” – J. Kurose, K. Ross Chapter 2: Application.

IT 424 Networks2 IT 424 Networks2 Ack.: Slides are adapted from the slides of the book: “Computer Networking” – J. Kurose, K. Ross Chapter 2: Application.
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
1 Email. 2 Electronic Mail Originally –Memo sent from one user to another Now –Memo sent to one or more mailboxes Mailbox –Destination point for messages.

Electronic Mail Originally –Memo sent from one user to another Now –Memo sent to one or more mailboxes Mailbox –Destination point for messages.
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.

Similar presentations

Ads by Google