Re: [openpgp] Spoofing OpenPGP and S/MIME Signatures in Emails

Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> Tue, 30 April 2019 14:04 UTC

Return-Path: <marcus.brinkmann@ruhr-uni-bochum.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64075120108 for <openpgp@ietfa.amsl.com>; Tue, 30 Apr 2019 07:04:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ruhr-uni-bochum.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X7YcvReyzY_I for <openpgp@ietfa.amsl.com>; Tue, 30 Apr 2019 07:04:52 -0700 (PDT)
Received: from out3.mail.ruhr-uni-bochum.de (out3.mail.ruhr-uni-bochum.de [134.147.53.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D72E51200B6 for <openpgp@ietf.org>; Tue, 30 Apr 2019 07:04:51 -0700 (PDT)
Received: from mx3.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by out3.mail.ruhr-uni-bochum.de (Postfix mo-ext) with ESMTP id 44tjvh4yv9z8SKr for <openpgp@ietf.org>; Tue, 30 Apr 2019 16:04:48 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ruhr-uni-bochum.de; s=mail-2017; t=1556633088; bh=kEUv2hE937Vo6tmsxnUCMyyzaa9TJSOz8dU0RShJiPE=; h=To:References:From:Subject:Date:In-Reply-To:From; b=OjtfLOaTR9DUhmL6jJMgLbypI2Oo/8JLMErqwrbaExE69qUbax/nPjmOSrG1pgQD5 AsJn8LXZgntbmcFb40HMjdogh2zL8qDOipRmSqWYcgkxOJ93RDWHWvNiXu+cjdrJxj obh6p834ClmadKvgpqTy3LtHMvRRt6yZ+x4cQp8Y=
Received: from out3.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by mx3.mail.ruhr-uni-bochum.de (Postfix idis) with ESMTP id 44tjvh3Z2Mz8SN4 for <openpgp@ietf.org>; Tue, 30 Apr 2019 16:04:48 +0200 (CEST)
X-RUB-Notes: Internal origin=134.147.42.227
X-Envelope-Sender: <marcus.brinkmann@ruhr-uni-bochum.de>
Received: from mail1.mail.ruhr-uni-bochum.de (mail1.mail.ruhr-uni-bochum.de [134.147.42.227]) by out3.mail.ruhr-uni-bochum.de (Postfix mi-int) with ESMTP id 44tjvh34BHz8SVk for <openpgp@ietf.org>; Tue, 30 Apr 2019 16:04:47 +0200 (CEST)
Received: from [192.168.1.66] (unknown [134.147.203.251]) by mail1.mail.ruhr-uni-bochum.de (Postfix) with ESMTPSA id 44tjvh3y3Lzyt3 for <openpgp@ietf.org>; Tue, 30 Apr 2019 16:04:48 +0200 (CEST)
To: openpgp@ietf.org
References: <20190430122932.GD1456@zeromail.org> <ffdc2417-2319-bd4b-5d58-51a7851434a5@cs.tcd.ie>
From: Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
Openpgp: preference=signencrypt
Autocrypt: addr=marcus.brinkmann@ruhr-uni-bochum.de; keydata= mQINBFZU6WABEADoVonKbB/tV0v25cm39DaSZyN7it70RhTZHLESbpDiHCwiAMi74MK/HB/q VR9LZDkTDF1x5xUnxxMHa2rpxO329dlk5dQFq1iELxIC/yBCEh5HMLT5MkWqwb8UkINYpaFU csQdPvdC2RzZ4Wt5/xX/6mvSnA4g7hSmUKwIiDX6489Fj5jHK3i0UQFnzKty3O7mqSbedTHs ym2q6fPcIlEOvU6unzxJRK4bgfW2NBM6aMqgLeQkKYIkd1Q/OXEWCXC4hQJepak+n34ChIrV RRHIBJ0GHRkEgHQgQUqPLS0fJlMYCaSZFmOAaqmigxVn1ErG3jTnFQPbPkfE5SCssFP2grNV N1ikJzOEpBLYA/4pOaJzSnZ0xx9aKPdUsyBksKmCsLQNiRt4ZTNFpJ2DJ8NbXYAFkrcu15og lrB//CVQj3CfkzUbpyfcwJHAho1K6XaPybI14znuorTJF3ml0qDd3XDkcmnF58s4hfvGHQtz +CEW+85gUF+T9jKLpwNGcNdBhbvdE6d3cSbR7dXeZsxiA4AmqqEhH6SnVmkSqmhX4+k6RksE MrHJnzefTyA4kXIR2QvD60nZXqta35VhhCzIcpkUpxcwABBR7C8nCxiGV7wNmGECgHv+Zl/O hQhWF1Ld1G93xCg7D+Nz0RerRdwtBOUatmCp+2HRTcRXNOW8jQARAQABtDZNYXJjdXMgQnJp bmttYW5uIDxtYXJjdXMuYnJpbmttYW5uQHJ1aHItdW5pLWJvY2h1bS5kZT6JAjgEEwECACIF AlZU6WACGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEIiwjVpXtiFAHDUP/0PuDwhn Cyn7b2S7Lrn0BBmi3LOS4ioalCZkV6BenkXydeGwJ9CVVix9WEbiLzCz/DHfvz97l/T9lxcM bACc1tX5a+qvqydzKd2eXFnVdH1JaihqdhG7sWYi22H1uWSyWbHd3rBZaDAts5Qialdg+WC0 kHh9pkmmlUE3BIkTaIOA9k4J93hz4QDOEO7xjB9XMOIRuasZ0lOOPraezS/pKLaQHlzPJZfo QEGL3ndn8U1FXZgR2DWhGtbClEvLaNXJ7RYhIlCeEwCwsTuGg48iDYC0+phvj/nwhZV60+Eb lR4Kux4DjY65s4Rp4kIzh51PRE+bLHtULPx1x9X1x5ZekYQdgwf6doBIIauARZFaxI6dt3i+ HSMjpga3k2Xn5iCaf6NeG1J2bh9sEAH7nntibOOp4sT8YR2SiQ5ab8PnDkydwbghUZcJ39a/ CZnN3f1RFeRX6d3zbfULPsf7o0LM/IvNKFvBoVzVb3AVYdhe5FNOE0DfhOe8lpE88ofu+es6 ECGumfR8UEcQc/O4dSyprngxZjjEdgdo5KqUkCEeGM8lVp+EFcmtLME3uqFhsUihk3YfF9Ni vZ0/0ZcLsmMp3zCZ9wS6HWr2UTkYrgc7Nr3YBClDs9W/jurcSPMmpwwhq2ycWaMMMPqULS4c U2vhGKh6JDPqfIfXFQIfhiVwCMx1uQINBFZU6WABEAC3meKoeQn4r37Z1WCvl/lRVgwYLIEw GX94WCZODxPPEy2zTWStj45yv1ZrSI0HyAqssZzXPelOFJzlM8M+iccxIMRgjnnGJJR0YqYU draf1Z2YQk/x2WjYNUg0blChdyeqwBhLAQKtnPOKkTPZBBGzPjsS+JeB8yN5r4vouFGMG+Cm YFUy4oCmcmuUrdLm9NlzM5ituyTJsPG9CDO834e4qlZsNW/yEzyPsYDW0PxJxgEe/WjLsDJ0 aiwaDhBpR8/i2FfEUTGXl+6wvdXR9lhddBoiUCVlNRu9jiKVxv2JVJepcZa9B/atJwcsDAkZ JgnjP0qRybixx/wo14KromgWVBGwpZ89sFEgZF6HcxPMKuWtieIORzs9kb0jpMFi1hW9xi60 UBHikrpDG9MnwA35d1lg/9kUlrF1nqTnyoz43UxntlgQejl6JcBR2Poaaib3ZtCR34yxslFz 4znXBermA2eEvusEmjYJlxPWozW18grbSYUr1tCmjvKZAIMrspVx37+WSm/4fy8Mq9iqhkIw eFQM10GL+fRQOGJTpSY/KiGxmkaTPtj9iaovJOcGAjUzzreGhi4toIrWWULPNKS6vuV4VgMB F4XxIcVqC9I43yzJ6/cYciwL9bxoWQ4EpHuIG3sewvOWbceeDO9j9DRSd9E6GX67NzrruDPX Ooge2QARAQABiQIfBBgBAgAJBQJWVOlgAhsMAAoJEIiwjVpXtiFAHBwP/3x5953X/1jR2Aeg R6oHSF0HAD8kMnKLP5cwLqrOzUpCwqzFGBCbYdvxrWG106jyvcZdUvtBSGd8n1FuE2WrpQrK gNjdRG65cN2kduk/w66Oq57EqSuO/r6OnadG9hgVZ1YP/QUsL6n4oF7coD0CJiH98UyLw1yP 3Em1ONX8ditvMVHNudVC1VoEN1BFjIX9VWqWoU843vPct9wKi6jLYHHAX3UpnEJtfqLHCj55 4s+0yhMhoaAIfNQZWU9iKzldM6Y0j8DJ/YBSThhw9S/TX7mClhXArJ/iPJSr6FPhlQMMcZRQ aSiQu1gDL76I5G03SkBWCnXbSpeNtTeMiSpsA58c8rpr2T4giCiV29FPgEj4We2/jBrBcwWA /XjSLE2RNOnF2G65dVxHAlaCc84lC2+bh9kVU+Tb+9YDWfHyNO+pNk/Lpaef2Kg6ScKmte6+ wVkWQZFTU8mgkHZqFvQk29RnV02phRTM0ryvWWldNgf3vzztS3iyD3GrJCPcxjm24cAflp+7 JfQ4qV/ec598k++HI4r3SfmSFKFcsxh+073p+oVjs5kIHxM0SExdjKewLOE3BKQYjn1r17xW XogKlIGbTEluQ4Odyh4n88/iA8ZLNPKjvjno7UuwBsZyJxdaTOXlQYt+ZRZNfIBSWqv0U9fY tp9qPuy4vCfkycCucIgO
Message-ID: <155a904b-ca77-d38b-e5d8-eb42c816d1e8@ruhr-uni-bochum.de>
Date: Tue, 30 Apr 2019 16:04:48 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.0
MIME-Version: 1.0
In-Reply-To: <ffdc2417-2319-bd4b-5d58-51a7851434a5@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.4 at mail1.mail.ruhr-uni-bochum.de
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Sq204k-tjP0t6ZatP3cErGzq6i0>
Subject: Re: [openpgp] Spoofing OpenPGP and S/MIME Signatures in Emails
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 14:04:57 -0000

Hi,

On 4/30/19 3:19 PM, Stephen Farrell wrote:
> On 30/04/2019 13:29, ilf wrote:
>> https://github.com/RUB-NDS/Johnny-You-Are-Fired
>> https://raw.githubusercontent.com/RUB-NDS/Johnny-You-Are-Fired/master/paper/johnny-fired.pdf
>> Great work, thanks! I guess that's another fine
> demonstration that code that's not really used
> in anger enough tends to have lots of frailties;-(
>
> 
> A comment and a question:
> 
> - I think it'd be a fine thing if this were to be
>   presented at an IETF meeting - if some of the
>   authors are going to be at one of those (or
>   would present remotely) then contacting the
>   security area directors and asking for a slot at
>   some saag session would be a fine thing.

I don't think any of us are at IETF meetings, but maybe something could
be arranged, depending on the details.  We will present at USENIX
Security 2019, of course.

> - I wasn't clear how to interpret the missing
>   combinations from Table 2, e.g. does the lack of
>   mention of the Linux/TB/Enigmail combination mean
>   that it was not vulnerable to the attacks or that
>   it was not tested? (Or that it's almost certainly
>   vulnerable but you'd already broken so much so well,
>   it wasn't worth specifically documenting;-)

We did not include redundancies, for several reasons:

* They would bias our evaluation result (we don't want to inflate our
attack success rate artificially),
* systematic testing is a lot of effort, so we had to limit the number
of combinations, and
* completeness is not feasible anyway. For example, you could also
combine several attack types in a single attack to achieve an even
higher success rate, but we did not evaluate that.

BTW, other examples missing are Trojitá and KMail under Windows.

In the case of Thunderbird I feel comfortable to say that all OpenPGP
test cases have been developed under Linux and then confirmed on
Windows, but we don't say that in the paper.

Of course, we published our test cases, so it is easy to check
additional combinations and software platforms!

Thanks,
Marcus


-- 
Dipl.-Math. Marcus Brinkmann

Lehrstuhl für Netz- und Datensicherheit
Ruhr Universität Bochum
Universitätsstr. 150, Geb. ID 2/461
D-44780 Bochum

Telefon: +49 (0) 234 / 32-25030
http://www.nds.rub.de/chair/people/mbrinkmann