Internet Message-Protection using Certificates and (not yet) Transformation

Lars Fischer

The crucial stopping-gap of wide-spread secure communication over Email clearly seems to be “usability”. The difficult part arguably is “certificate management” which, at the core is the question of how to authenticate credentials. Many researchers and developers have taken their shot at improving the situation, while instant messenger applications seem to simply circumvent all obstacles and provide effortless end-to-end security — alas only for communication within their respective silos. And the situation for Email, i.e. combination of SMTP (RFC 5321) and Internet Text Messages, going back to RFC 724 and RFC 772, nowadays encapsulated by MIME, is anything but simple. But since 2015 ACME seemed to have solved the similar problem of distributing authenticated certificates for web-sites. In this work we take up the work on ACME for end-users and transfer the principles to OpenPGP and thus finally solving(?) this problem from the 1990s.

Outline

A problem of secure (email) communication.
Why does it is sometimes possible?
Automated Certificate Management Environment
… for OpenPGP

No communication endpoint without credentials!

Introduction

Prof. Dr. Lars Fischer

Bremerhaven University of Applied Science (since 2020)

Denomination

IT-Security

Previous Work

Secure Agent Systems
Privacy
- Unlinkability Metrics
- Location-based Services
Security in Energy Systems
Adversarial Resilience Learning

Intro: Secure Communication is Hard

"27 Years and 81 Million Opportunities Later" [stransky22]

Why Johnny Can't Encrypt (1999)

Why Johnny Still, Still Can't Encrypt (2022)

"it is unclear if PGP will ever be usable" [ruoti15]

Every IM is E2E-secure!
[Matrix, Signal, WhatsApp, OTR, …]

The Problem

Secure E2E-messaging works?

Silos, no interoparability

Web-Security works!
- TLS
- PKI (various CA)
- ACME (Let's Encrypt)
- Email? OpenPGP vs. S/MIME
Key Distribution?
- HKP, WKD, DANE, autocrypt …
Key Authentication is Key!

Things to consider?

Certificate Distribution/Management

Creation
Validation
Usage
Revocation

Attacks
- SMTP Smuggling
Clients
- Enabling Users
- Different MUA

ACME Basics

Objectives

Hold the private key of the account key pair used to respond to the challenge, and
Control the identifier in question.

RFC 8555

Email:

OpenPGP "Certificates"
- Public Key
- Identifier
- Signatures
Identifier: Email address lafischer@hs-bremerhaven.de

Short History of Let's Encrypt

The 90's Millenials

X.509 Certificates (v1 actually 1988)
Netscape Navigator

Transport Layer Security (TLS)

Gen Z

X.509v3 ITU-T
Certs are expensive and boring.

Generation Alpha (2013-)

Let's Encrypt (≈2015)
RFC 8555 (2019)
ACME for End-Users RFC 8823 ≈2021
IETF Working Group still active

Protocol Overview

Challenge-Response

IMPACT

RFC 8823 but for OpenPGP

I: nternet
M: essage
P: rotection using
A: utomated
C: ertificate management and
T: ransformation

Ubiquituous E-Mail E2E-Security
Automate Key Certification
~~S/MIME—OpenPGP Interoperability~~

Das Ziel des Projektes ist es Infrastruktur und Anleitungen aufzubauen mit der jede Person leicht (oder "leichter") End-zu-End Sicherheit in der Email-Kommunikation genießen kann. Du hast ja bereits ein wenig Bekanntschaft mit dem komplexen Vorgang gehabt, den die Installation von Zertifikaten so üblicherweise mit sich bringt. Das muss tatsächlich nicht sein, denken wir, und haben uns aufgemacht die Probleme der 70er jetzt endlich mal zu lösen. Gut, wir sind nicht alleine. Es gibt einen Haufen von Projekten und Standards die nur darauf warten, dass sie endlich mal benutzt werden. Wesentliches Problem ist tatsächlich, wie in vielen Dingen die mit dem Internet zu tun haben, dass es eine riesige Anzahl von Beteiligten gibt und essentiell alle diese Beteiligten gleichzeitig auf denselben Zug aufspringen müssen. Und da setzt das Projekt, im Kleinen, an. Wir wollen das ganze so gut und einfach nutzbar umsetzen, dass unsere Hochschule einfach aufspringen muss.

ACME-PGP Server

Thunderbird Plugin

Prototype Development

de

Deutschland

.hs-bremerhaven

Hochschule Bremerhaven

.informatik

Studiengänge INF/WINF/IVS

.sireal

Sicherheits-Realitäts-Abstands-Labor

impact: Studentisches Projekt 2024

https://impact.sireal.informatik.hs-bremerhaven.de

Conclusion

https://informatik.hs-bremerhaven.de/lafischer/vault/2025-elbsides/acme-pgp.html

No Identity without credentials! Ever again!
Responsibility:
- SMTP-ID-Providers
- MUA Developers
- Users
Best-Effort Security
- Do not fail for perfection!
- Oftentimes Better-Than-Nothing is sufficient

References

ask19: Josh Aas, Richard Barnes, Benton Case, Zakir Durumeric, Peter Eckersley, Alan Flores-López, J. Alex Halderman, Jacob Hoffman-Andrews, James Kasten, Eric Rescorla, Seth Schoen, and Brad Warren. 2019. Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19). Association for Computing Machinery, New York, NY, USA, 2473–2487. link
barnes19: Barnes, R., Hoffman-Andrews, J., McCarney, D., Kasten, J. (March 2019). Automated Certificate Management Environment, IETF, RFC 8555, Standards Track
ruoti15: Ruoti, S., Andersen, J. Zappala, D., Seamons, K. (2015, Oct). Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client. arXiv link
melnikov23: Melnikov, A.: Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates, IETF, RFC 8823, Informational
ruoti16: Ruoti, S., Andersen, J., Heidbrink, S., O'Neill, M., Vaziripour, E., Wu, J., … & Seamons, K. (2016, May). " We're on the Same Page" A Usability Study of Secure Email Using Pairs of Novice Users. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (pp. 4298-4308).
stransky22: C. Stransky, O. Wiese, V. Roth, Y. Acar and S. Fahl, "27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University," 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2022, pp. 860-875, doi: 10.1109/SP46214.2022.9833755. link
whitten99: Whitten, A., Tygar, J.D. (1999, Aug) Why Johnny can't encrypt: a usability evaluation of PGP 5.0. SSYM'99: Proceedings of the 8th conference on USENIX Security Symposium. Volume 8. Pages 14
XMPP Logo F3): XMPP Standards Foundation, MIT , via Wikimedia Commons, link, last 2024-01-31

Bildverweise

Portrait Lars Fischer (F2.2): by Alech
(F3.1): stransky22 Fig.2 Rise of email, S/MIME and PGP over time at our university.
Silos <(a href="#/2/1/2">F3.2): by the author
ACME Logo (F5.1): by IETF WG ACME , last 2024-01-30
Postfix Logo (F5.1)
Let's Encrypt Logo (F5.1): Center for Computer Security and Society, With over 7 million certificates issued, Let’s Encrypt aims to secure the entire web, 2016-08-03 (last 2024-01-30)
NitroKey 3C NFC (F5.1): NitroKey Shop, last 2024-01-30
Matrix Logo (F3): ™/®Matrix.org, Public domain, via Wikimedia Commons, last 2023-01-31

Quellen

heise 2024-02-16 Email Auth

Phishing und Spoofing: BSI gibt Hinweise zur E-Mail-Authentifizierung /dd>

SMTP Smuggling

Timo Longin: SMTP Smuggling – Spoofing E-Mails Worldwide, Vortrag, 37c3, 2023