More Web Proxy on the site http://driver.im/

short-paper

SoK: why Johnny can't fix PGP standardization

Author:

Harry HalpinAuthors Info & Claims

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

Article No.: 34, Pages 1 - 6

https://doi.org/10.1145/3407023.3407083

Published: 25 August 2020 Publication History

Abstract

Pretty Good Privacy (PGP) has long been the primary IETF standard for encrypting email, but suffers from widespread usability and security problems that have limited its adoption. As time has marched on, the underlying cryptographic protocol has fallen out of date insofar as PGP is unauthenticated on a per message basis and compresses before encryption. There have been an increasing number of attacks on the increasingly outdated primitives and complex clients used by the PGP eco-system. However, attempts to update the OpenPGP standard have failed at the IETF except for adding modern cryptographic primitives. Outside of official standardization, Autocrypt is a "bottom-up" community attempt to fix PGP, but still falls victim to attacks on PGP involving authentication. The core reason for the inability to "fix" PGP is the lack of a simple AEAD interface which in turn requires a decentralized public key infrastructure to work with email. Yet even if standards like MLS replace PGP, the deployment of a decentralized PKI remains an open issue.

References

[1]

Nikita Borisov, Ian Goldberg, and Eric Brewer. Off-the-record communication, or, why not to use PGP. In Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pages 77--84. ACM, 2004.

Digital Library

[2]

George Danezis and Ian Goldberg. Sphinx: A compact and provably secure mix format. In 2009 30th IEEE Symposium on Security and Privacy, pages 269--282. IEEE, 2009.

Digital Library

[3]

Don Davis. Defective sign & encrypt in S/MIME, PKCS# 7, MOSS, PEM, PGP, and XML. In USENIX Annual Technical Conference, General Track, pages 65--78, 2001.

[4]

Harry Halpin, Ksenia Ermoshina, and Francesca Musiani. Co-ordinating developers and high-risk users of privacy-enhanced secure messaging protocols. In International Conference on Research in Security Standardisation, pages 56--75. Springer, 2018.

[5]

Hang Hu and Gang Wang. End-to-end measurements of email spoofing attacks. In 27th USENIX Security Symposium, pages 1095--1112, 2018.

Digital Library

[6]

Kahil Jallad, Jonathan Katz, and Bruce Schneier. Implementation of chosen-ciphertext attacks against PGP and GnuPG. In International Conference on Information Security, pages 90--101. Springer, 2002.

[7]

Jonathan Katz and Bruce Schneier. A chosen ciphertext attack against several e-mail encryption protocols. In USENIX Security Symposium, 2000.

[8]

John Kelsey. Compression and information leakage of plaintext. In International Workshop on Fast Software Encryption, pages 263--276. Springer, 2002.

[9]

Bogdan Kulynych, Wouter Lueks, Marios Isaakidis, George Danezis, and Carmela Troncoso. Claimchain: improving the security and privacy of in-band key distribution for messaging. In Proceedings of the 2018 Workshop on Privacy in the Electronic Society, pages 86--103. ACM, 2018.

Digital Library

[10]

Lijun Liao and Jörg Schwenk. End-to-end header protection in signed S/MIME. In OTM Confederated International Conferences" On the Move to Meaningful Internet Systems", pages 1646--1658. Springer, 2007.

[11]

Marcela S Melara, Aaron Blankstein, Joseph Bonneau, Edward W Felten, and Michael J Freedman. CONIKS: Bringing key transparency to end users. In 24th USENIX Security Symposium, pages 383--398, 2015.

[12]

Serge Mister and Robert Zuccherato. An attack on CFB mode encryption as used by OpenPGP. In International Workshop on Selected Areas in Cryptography, pages 82--94. Springer, 2005.

[13]

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, and Jörg Schwenk. Johnny, you are fired! - spoofing OpenPGP and S/MIME signatures in emails. In 28th USENIX Security Symposium, 2019.

Digital Library

[14]

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, and Jörg Schwenk. Re: What's up Johnny? In International Conference on Applied Cryptography and Network Security, pages 24--42. Springer, 2019.

[15]

Kirill Nikitin, Ludovic Barman, Wouter Lueks, Matthew Underwood, Jean-Pierre Hubaux, and Bryan Ford. Reducing metadata leakage from encrypted files and communication with PURBS. Proceedings on Privacy Enhancing Technologies, 2019(4):6--33, 2019.

[16]

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk. Efail: Breaking S/MIME and OpenPGPs email encryption using exfiltration channels. In 27th USENIX Security Symposium, pages 549--566, 2018.

[17]

Ronald Rivest and Butler Lampson. SDSI-a simple distributed security infrastructure. Technical report, MIT, 1996.

[18]

Phillip Rogaway. Authenticated-encryption with associated-data. In Proceedings of the 9th ACM conference on Computer and communications security, pages 98--107. ACM, 2002.

Digital Library

[19]

Simon Singh. The code book. Doubleday New York, 1999.

Digital Library

[20]

Elijah Sparrow, Harry Halpin, Kali Kaneko, and Ruben Pollan. LEAP: A next-generation client VPN and encrypted email provider. In International Conference on Cryptology and Network Security, pages 176--191. Springer, 2016.

Digital Library

[21]

Alma Whitten and J Doug Tygar. Why Johnny Can't Encrypt: A usability evaluation of PGP 5.0. In USENIX Security Symposium, volume 348, pages 169--184, 1999.

Cited By

Döberl CEibner WGärtner SKos MKutschera FRamacher S(2023)Quantum-resistant End-to-End Secure Messaging and Email CommunicationProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605049(1-8)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605049
Halpin H(2022)All that is Solid Melts into Air: Towards Decentralized Cryptographic Access ControlProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544464(1-6)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3544464
Mathew A(2022)Can Security Be Decentralised?Socio-Technical Aspects in Security10.1007/978-3-031-10183-0_4(67-85)Online publication date: 14-Jul-2022
https://doi.org/10.1007/978-3-031-10183-0_4
Show More Cited By

SoK: why Johnny can't fix PGP standardization

Recommendations

An integration of PGP and MIME
SNDSS '96: Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96)

Internet text mail has been developing to satisfy various user requests, such as transporting non-textual objects and privacy enhancements. While MIME redefined the mail body format to support non-textual objects and multipart structure, PGP provides ...
Why Joanie Can Encrypt: Easy Email Encryption with Easy Key Management
EuroSys '19: Proceedings of the Fourteenth EuroSys Conference 2019

Email privacy is of crucial importance. Existing email encryption approaches are comprehensive but seldom used due to their complexity and inconvenience. We take a new approach to simplify email encryption and improve its usability by implementing ...
Preventing Spam Email by Delivery Limitation in RMX
IDEAS '15: Proceedings of the 19th International Database Engineering & Applications Symposium

On the rule-based email exchange system called RMX, similar to general mailing lists, anyone can send emails by sending to an address unique to RMX. However, there is a security problem that we cannot prevent spam emails and accidentally sending email ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

August 2020

1073 pages

ISBN:9781450388337

DOI:10.1145/3407023

Program Chairs:
Melanie Volkamer
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)
,
Christian Wressnegger
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 August 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

ARES 2020

ARES 2020: The 15th International Conference on Availability, Reliability and Security

August 25 - 28, 2020

Virtual Event, Ireland

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
192
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)6

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Döberl CEibner WGärtner SKos MKutschera FRamacher S(2023)Quantum-resistant End-to-End Secure Messaging and Email CommunicationProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605049(1-8)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605049
Halpin H(2022)All that is Solid Melts into Air: Towards Decentralized Cryptographic Access ControlProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544464(1-6)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3544464
Mathew A(2022)Can Security Be Decentralised?Socio-Technical Aspects in Security10.1007/978-3-031-10183-0_4(67-85)Online publication date: 14-Jul-2022
https://doi.org/10.1007/978-3-031-10183-0_4
Mueller TMichalek A(2021)Let’s Create! Automated Certificate Management for End-users2021 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)10.23919/SoftCOM52868.2021.9559103(1-6s)Online publication date: 23-Sep-2021
https://doi.org/10.23919/SoftCOM52868.2021.9559103
Mueller T(2021)Let’s Attest! Multi-modal Certificate Exchange for the Web of Trust2021 International Conference on Information Networking (ICOIN)10.1109/ICOIN50884.2021.9333877(758-763)Online publication date: 13-Jan-2021
https://doi.org/10.1109/ICOIN50884.2021.9333877

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents