Email security and secure messaging

Question 1

What does MUA stand for?

Answer 1

Message User Agent

A mail client application that grants users access to a mail server in order to create, send, receive email messages

E.g.: Outlook, Gmail

Question 2

What does MSA stand for?

Answer 2

Message Submission Agent

Software agens that receive email messages from a MUA and cooperates with a MTA for delivery of the mail

Question 3

What does MTA stand for?

Answer 3

Mail Transfer Agent

Transfers email messages from one computer to another using the Simple Mail Transfer Protocol

Question 4

What does SMTP stand for?

Answer 4

Simple Mail Transfer Protocol

Communication protocol used for sending and receiving emails over the internet

Question 5

What does IMAP stand for?

Answer 5

Internet Message Access Protocol

Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection

Question 6

What does POP stand for?

Answer 6

Post Office Protocol

Together with IMAP, one of the most common protocols for email retrieval

Question 7

Describe the Email architecture

Answer 7

MUA connects client to mail system

SMTP is used to send mail to MSA

POP or IMAP is used to retrieve mail from message store (MS)

MHS transfer message from MSA to MS via one or more MTAs

Question 8

What is webmail?

Answer 8

Browser interface to an online email client

SMTP ans POP/IMAP are still used to send and receive email

Question 9

What security does/may email content require?

Answer 9

Confidentiality or Authentication

Question 10

What are some security threats against email?

Answer 10

Availability of email service

Metadata in header information is a source of attacker information

Email content confidentiality/authentication

Question 11

What is spam?

Answer 11

Unsolicited email

Question 12

What is a common vector for phishing attacks?

Answer 12

Spam mail

Question 13

What are some counter measure against spam/phishing?

Answer 13

Email filtering

Question 14

What types of phishing attacks are harder to filter?

Answer 14

Spear phishing: Phishing with more accurate targeting

Question 15

What type of security is provided between agents in a mail system?

Answer 15

Link-to-link basis: Using protocols such as STARTTLS and DKIM

Question 16

What type of security is provided between clients in a mail system?

Answer 16

end-to-end basis: using protocols such as PGP and S/MIME

Question 17

What is StartTLS?

Answer 17

Runs over TLS

Extensions to SMTP, POP and IMAP

Provides link-to-link security

Opportunistic use of TLS security (encryption) - use it if possible

Question 18

What attack is StartTLS vulnerable to?

Answer 18

STRIPTSL attacks: attacker interrupts TLS negotiation and connection falls back to plaintext transmission

Question 19

What is DKIM?

Answer 19

DomainKeys Identified Mail

Allows sending mail domain to sign outgoing mail using RSA signatures

Receiving domain can verify origin of mail

Public verification key of sending domain is retrieved using DNS

Question 20

What does DKIM help reduce?

Answer 20

Email spoofing, and hence reduce spam and phishing

Question 21

What is email spoofing?

Answer 21

A threat involving sending emails with a fake/forged sender address. Can be done by an attacker that changes the metadata of an email.

Question 22

What does ‘d=’ and ‘s=’ do in the DKIM signature?

Answer 22

Specify domain and selector

Example:

d=easychair.org
s=default

Question 23

Where is the relevant public key for a DKIM signature?

Answer 23

In the DNS record for the host defined by the name:
[selector]._domainkey.[domain]

’s=’ : Gives the selector
‘d=’ : Gives the domain

Question 24

What does nslookup do?

Answer 24

Command to query internet domain name servers.

Can query the name servers for information about hosts or domains.

Question 25

How is email processing done in end-to-end security?

Answer 25

Takes care of protection of email message contents

Uses hybrid encryption: A new random “session key” is generated for each object (message) and encrypted with the long-term public key of recipient

Signing: RSA or DSA signatures

Compression: ZIP

Coding: Base64

Question 26

Why is base64 used in email processing?

Answer 26

Ensure that binary strings can be sent in email body

Question 27

What is PGP used for?

Answer 27

End-to-end security (maybe?)

Question 28

How does PGP encryption work?

Answer 28

Session key encryption: asymmetric

Encryption of messahe text: Symmetric key

Compression applied before encryption

Encryption applied independently of signing (no requirement for authenticated encryption

Question 29

What are PGP signatures?

Answer 29

Plaintext message optionally signed with sender’s private key

Can use RSA or DSA signatures

RSA signed messages are hashed with SHA1 or other SHA2 functions

Question 30

What are the requirements of OpenPGP?

Answer 30

Support for RSA signatures

Session key enc: ElGamal, recommends RSA

Message enc: 3DES with 3 keys (168 bits in total), recommends AES-128 and CAST5

Question 31

What are OpenPGP PKI used in?

Answer 31

PGP email security

Question 32

What does OpenPGP PKI include?

Answer 32

ID, public key, validity period, self-signature

Question 33

Who can sign OpenPGP keys?

Answer 33

Anyone, no certification authorities

Question 34

Why is PGP difficult to use?

Answer 34

Difficult for an average user to understand public key cryptography.

Typical problems:
- Generating new keys securely
- Moving keys between devices
- Renewing keys when expired

Question 35

What are some criticisms of OpenPGP?

Answer 35

Outdated cryptographic algorithms still used: SHA1, CAST, Blowfish

No support for SHA3 or auth encryption

A lot of metadata available to an eavesdropper: file length, enc-algorithm used, key identity of recipient

No forward secrecy

No support for streaming mode or random access decryption

Question 36

What is S/MIME

Answer 36

Similar security features to PGP

Different format for messages

Not interoperable

Requires X.509 format certificates

Question 37

What is often known as the web of trust?

Answer 37

Concept used in PGP: OpenPGP PKI

Question 38

What is the difference between email and messaging?

Answer 38

Most instant messages are part of an interactive conversation which extends over many messages and a long time

Proprietary servers are typically used to manage accounts and dedicated applications are used

Question 39

What security is required for secure messaging?

Answer 39

CIA

Forward secrecy: important for long sessions

Desirable to have post-compromise security (self-healing)

Question 40

How is forward secrecy achieved in secure messaging?

Answer 40

Using medium-term public keys stored at the server

Question 41

What happens to an attacker who obtains a long-term key, in a system with post-compromise security?

Answer 41

Should be locked out again after communication resumes

Question 42

What is signal?

Answer 42

A messaging app, considered the most secure

Question 43

How does the signal protocol work?

Answer 43

Server sets up initial auth of user and registers initial public keys

Public keys at the server are used to set up initial communication between users

Key exchange: Elliptic curve DH

Message protection: AES in CBC mode with HMAC

Question 44

In the signal protocol, what is used for key exchange?

Answer 44

Elliptic curve DH

Question 45

In the signal protocol, what is used for Message protection?

Answer 45

AES in CBC mode with HMAC

Question 46

What is a ratchet?

Answer 46

A device which is easy to move forward, but blocked from moving backward

Question 47

What is the continuous key exchange in signal?

Answer 47

Signal uses a new unique message key for every message exchanged

Question 48

How does signal use the symmetric ratchet?

Answer 48

When successive messages are sent in the same direction, the message key is updated with a symmetric ratchet.

This is done by applying a function such as HMAC

Question 49

What 2 types of ratchets does signal use?

Answer 49

Symmetric ratchet

DH ratchet

Question 50

How does signal use the DH ratchet?

Answer 50

When a new message is returned on the opposite direction, a new DH ephemeral key is used to compute the new message key.

The new DH ephemeral key is the DH-ratchet

Question 51

How is group messaging implemented securely?

Answer 51

DH is the only known good alternative in the multi-party case

Signal uses a simple key distribution for group messaging

Question 52

What does the Signal’s PQXDH protocol protect against?

Answer 52

Harvest Now, Decrypt Later attacks

Question 53

What type of security does Signal’s PQXDH protocol provide?

Answer 53

Post-quantum forward secrecy

Question 54

What is Signal’s PQXDH protocol?

Answer 54

Post-Quantum eXtended Diffie-Hellman key agreement protocol

Question 55

What does Signal’s PQXDH protocol rely on?

Answer 55

The hardness of the discrete log problem for mutual authentication