Skip to content

Instantly share code, notes, and snippets.

@philipwhiuk

philipwhiuk/emailSecurity.md

Last active November 16, 2016 10:17
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save philipwhiuk/f6f8131a5869442fef18dcb5e6f50b4b to your computer and use it in GitHub Desktop.
Save philipwhiuk/f6f8131a5869442fef18dcb5e6f50b4b to your computer and use it in GitHub Desktop.
Download ZIP
Email Security 101
Raw
emailSecurity.md

Here follows an extensive analysis of the state of email security.

Components

  • Alice's K-9 Email Client
  • Alice's Android Phone
  • Alice's WiFi Router
  • Alice's ISP
  • Alice's ISP's DNS Server
  • .com root nameserver
  • Alice's Email Provider
  • Alice's Email Provider's DNS infrastructure
  • Bob's Email Provider
  • Bob's Telephone Provider
  • Bob's Phone
  • Bob's K-9 Email Client

Application Security - PGP/MIME

PGP/MIME uses OpenPGP keys protects the contents of an email. It does not protect the meta data (subject, to/from, etc). It encrypts the e-mail between Alice's Email Client and Bob's Email Client.

OpenPGP is based on exchanging keys and then using them to sign and encrypt the message. Importantly however, without contact outside e-mail there is no way be sure the message is not being decrypted by Trudy and then resigned by Trudy. This step is called verification.

OpenPGP has no concept of forward secrecy - if you get someone's private key you can decrypt all messages they ever received.

Distribution of OpenPGP keys is done by an initial signed but unencrypted message, out-of-band exchange or in-person (which is the only way to verify).

Transport Security - TLS/SSL

TLS can exist in several places:

  • Between Alice's Phone and Alice's Email Provider.
  • Between Alice's Email Provider and Bob's Email Provider.
  • Between Bob's Email Provider and Bob's Phone.

Alice's Phone -> Email Provider

Alice can know whether she is connecting over SSL or not depending on the connection type.

Bob will only know this if the email provider adds a header per below.

A Email Provider -> B Email Provider

Email providers have historically not always sent email messages securely between each other.

Google monitors the amount of email it transmits over TLS: https://www.google.com/transparencyreport/saferemail/

Many email servers add to the Received headers the security of how the email was received.

For example B Email Provider could add a header like this:

Received: from mail-pa0-x248.google.com (mail-pa0-x248.google.com [IPv6:2607:f8b0:400e:c03::248])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)

However there is no guarantee this will be added, or that it will be accurate.

Email Provider -> Bob's Phone

Bob can know this by connecting using TLS. Alice will never know this.

Key Distribution

TLS is managed by keys. These are stored in certificates, along with information on the owner and the algorithms to use.

A certificate is issued by CA. The certificate is signed by the CA's key. This key is containing in a parent certificate, in turned signed by another key. This forms a chain of trust. At the top of the chain is a root certificate.

The certificate principle says that if you trust a root certificate you trust them to correctly authenticate child certificates.

Typically a device comes preinstalled with many root certificates determined by the device manufacturer / OS manufacturer.

Certificates can also be manually trusted. If the certificate either doesn't have a parent (self-signed) or it's root is not trusted. The user makes this decision.

Certificate Pinning

TODO:

Authentication Security - SCRAM-SHA1 / CRAM-MD5 / XOAUTH2

TODO:

??? - DANE

TODO:

DNS - DNSSEC

TODO:

WiFi Security - WPA2 / WPA / WPS

TODO:

GSM Security - A5/1

TODO:

App Security - Code Signing

Kernel Security - Application Sandbox

Hardware Security - Full Disk Encryption

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment