19 results on '"GnuPG"'
Search Results
2. On the Security of Practical Mail User Agents against Cache Side-Channel Attacks †.
- Author
-
Kim, Hodong, Yoon, Hyundo, Shin, Youngjoo, and Hur, Junbeom
- Subjects
RSA algorithm ,COMPUTER software security ,ENCRYPTION protocols - Abstract
Mail user agent (MUA) programs provide an integrated interface for email services. Many MUAs support email encryption functionality to ensure the confidentiality of emails. In practice, they encrypt the content of an email using email encryption standards such as OpenPGP or S/MIME, mostly implemented using GnuPG. Despite their widespread deployment, there has been insufficient research on their software structure and the security dependencies among the software components of MUA programs. In order to understand the security implications of the structures and analyze any possible vulnerabilities of MUA programs, we investigated a number of MUAs that support email encryption. As a result, we found severe vulnerabilities in a number of MUAs that allow cache side-channel attacks in virtualized desktop environments. Our analysis reveals that the root cause originates from the lack of verification and control over the third-party cryptographic libraries that they adopt. In order to demonstrate this, we implemented a cache side-channel attack on RSA in GnuPG and then conducted an evaluation of the vulnerability of 13 MUAs that support email encryption in Ubuntu 14.04, 16.04 and 18.04. Based on our experiment, we found that 10 of these MUA programs (representing approximately 77% of existing MUA programs) allow the installation of a vulnerable version of GnuPG, even when the latest version of GnuPG, which is secure against most cache side-channel attacks, is in use. In order to substantiate the importance of the vulnerability we discovered, we conducted a FLUSH+RELOAD attack on these MUA programs and demonstrated that the attack restored 92% of the bits of the 2048-bit RSA private key when the recipients read a single encrypted email. [ABSTRACT FROM AUTHOR]
- Published
- 2020
- Full Text
- View/download PDF
3. Format Oracles on OpenPGP
- Author
-
Maury, Florian, Reinhard, Jean-René, Levillain, Olivier, Gilbert, Henri, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, and Nyberg, Kaisa, editor
- Published
- 2015
- Full Text
- View/download PDF
4. On the Security of Practical Mail User Agents against Cache Side-Channel Attacks
- Author
-
Hodong Kim, Hyundo Yoon, Youngjoo Shin, and Junbeom Hur
- Subjects
cache side-channel attack ,encrypted email ,mail user agent ,GnuPG ,desktop virtualization ,Technology ,Engineering (General). Civil engineering (General) ,TA1-2040 ,Biology (General) ,QH301-705.5 ,Physics ,QC1-999 ,Chemistry ,QD1-999 - Abstract
Mail user agent (MUA) programs provide an integrated interface for email services. Many MUAs support email encryption functionality to ensure the confidentiality of emails. In practice, they encrypt the content of an email using email encryption standards such as OpenPGP or S/MIME, mostly implemented using GnuPG. Despite their widespread deployment, there has been insufficient research on their software structure and the security dependencies among the software components of MUA programs. In order to understand the security implications of the structures and analyze any possible vulnerabilities of MUA programs, we investigated a number of MUAs that support email encryption. As a result, we found severe vulnerabilities in a number of MUAs that allow cache side-channel attacks in virtualized desktop environments. Our analysis reveals that the root cause originates from the lack of verification and control over the third-party cryptographic libraries that they adopt. In order to demonstrate this, we implemented a cache side-channel attack on RSA in GnuPG and then conducted an evaluation of the vulnerability of 13 MUAs that support email encryption in Ubuntu 14.04, 16.04 and 18.04. Based on our experiment, we found that 10 of these MUA programs (representing approximately 77% of existing MUA programs) allow the installation of a vulnerable version of GnuPG, even when the latest version of GnuPG, which is secure against most cache side-channel attacks, is in use. In order to substantiate the importance of the vulnerability we discovered, we conducted a FLUSH+RELOAD attack on these MUA programs and demonstrated that the attack restored 92% of the bits of the 2048-bit RSA private key when the recipients read a single encrypted email.
- Published
- 2020
- Full Text
- View/download PDF
5. Investigating the OpenPGP Web of Trust
- Author
-
Ulrich, Alexander, Holz, Ralph, Hauck, Peter, Carle, Georg, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Atluri, Vijay, editor, and Diaz, Claudia, editor
- Published
- 2011
- Full Text
- View/download PDF
6. Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3
- Author
-
Nguyen, Phong Q., Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Cachin, Christian, editor, and Camenisch, Jan L., editor
- Published
- 2004
- Full Text
- View/download PDF
7. SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust
- Author
-
Leurent, Gaëtan, Peyrin, Thomas, Cryptologie symétrique, cryptologie fondée sur les codes et information quantique (COSMIQ), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Nanayang Technological University (NTU), and Nanayang Technological University
- Subjects
Cryptanalysis ,[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] ,PGP ,SHA-1 ,HPC ,GnuPG ,GPU ,Chosen-prefix collision - Abstract
International audience; The SHA-1 hash function was designed in 1995 and has been widely used during two decades. A theoretical collision attack was first proposed in 2004 [29], but due to its high complexity it was only implemented in practice in 2017, using a large GPU cluster [23]. More recently, an almost practical chosen-prefix collision attack against SHA-1 has been proposed [12]. This more powerful attack allows to build colliding messages with two arbitrary prefixes, which is much more threatening for real protocols. In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collision attacks against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity (expressed in terms of SHA-1 equivalents on this GPU) of 2 61.2 rather than 2 64.7 , and chosen-prefix collisions with a complexity of 2 63.4 rather than 2 67.1. When renting cheap GPUs, this translates to a cost of US$ 11k for a collision, and US$ 45k for a chosen-prefix collision, within the means of academic researchers. Our actual attack required two months of computations using 900 Nvidia GTX 1060 GPUs (we paid US$ 75k because GPU prices were higher, and we wasted some time preparing the attack). Therefore, the same attacks that have been practical on MD5 since 2009 are now practical on SHA-1. In particular, chosen-prefix collisions can break signature schemes and handshake security in secure channel protocols (TLS, SSH), if generated extremely quickly. We strongly advise to remove SHA-1 from those type of applications as soon as possible. We exemplify our cryptanalysis by creating a pair of PGP/GnuPG keys with different identities, but colliding SHA-1 certificates. A SHA-1 certification of the first key can therefore be transferred to the second key, leading to an impersonation attack. This proves that SHA-1 signatures now offer virtually no security in practice. The legacy branch of GnuPG still uses SHA-1 by default for identity certifications, but after notifying the authors, the modern branch now rejects SHA-1 signatures (the issue is tracked as CVE-2019-14855).
- Published
- 2020
8. SHA-1 is a Shambles
- Author
-
Leurent, Gaëtan, Peyrin, Thomas, Cryptologie symétrique, cryptologie fondée sur les codes et information quantique (COSMIQ), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Nanayang Technological University (NTU), and Nanayang Technological University
- Subjects
Cryptanalysis ,[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] ,PGP ,SHA-1 ,HPC ,GnuPG ,GPU ,Chosen-prefix collision - Abstract
International audience; The SHA-1 hash function was designed in 1995 and has been widely used during two decades. A theoretical collision attack was first proposed in 2004 [29], but due to its high complexity it was only implemented in practice in 2017, using a large GPU cluster [23]. More recently, an almost practical chosen-prefix collision attack against SHA-1 has been proposed [12]. This more powerful attack allows to build colliding messages with two arbitrary prefixes, which is much more threatening for real protocols. In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collision attacks against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity (expressed in terms of SHA-1 equivalents on this GPU) of 2 61.2 rather than 2 64.7 , and chosen-prefix collisions with a complexity of 2 63.4 rather than 2 67.1. When renting cheap GPUs, this translates to a cost of US$ 11k for a collision, and US$ 45k for a chosen-prefix collision, within the means of academic researchers. Our actual attack required two months of computations using 900 Nvidia GTX 1060 GPUs (we paid US$ 75k because GPU prices were higher, and we wasted some time preparing the attack). Therefore, the same attacks that have been practical on MD5 since 2009 are now practical on SHA-1. In particular, chosen-prefix collisions can break signature schemes and handshake security in secure channel protocols (TLS, SSH), if generated extremely quickly. We strongly advise to remove SHA-1 from those type of applications as soon as possible. We exemplify our cryptanalysis by creating a pair of PGP/GnuPG keys with different identities, but colliding SHA-1 certificates. A SHA-1 certification of the first key can therefore be transferred to the second key, leading to an impersonation attack. This proves that SHA-1 signatures now offer virtually no security in practice. The legacy branch of GnuPG still uses SHA-1 by default for identity certifications, but after notifying the authors, the modern branch now rejects SHA-1 signatures (the issue is tracked as CVE-2019-14855).
- Published
- 2020
9. On the Security of Practical Mail User Agents against Cache Side-Channel Attacks
- Author
-
Youngjoo Shin, Hyundo Yoon, Junbeom Hur, and Hodong Kim
- Subjects
Desktop virtualization ,Computer science ,Cryptography ,cache side-channel attack ,02 engineering and technology ,Computer security ,computer.software_genre ,Encryption ,lcsh:Technology ,Public-key cryptography ,lcsh:Chemistry ,User agent ,Email encryption ,GnuPG ,0202 electrical engineering, electronic engineering, information engineering ,General Materials Science ,Side channel attack ,Instrumentation ,lcsh:QH301-705.5 ,Fluid Flow and Transfer Processes ,encrypted email ,business.industry ,lcsh:T ,Process Chemistry and Technology ,General Engineering ,mail user agent ,021001 nanoscience & nanotechnology ,lcsh:QC1-999 ,Computer Science Applications ,lcsh:Biology (General) ,lcsh:QD1-999 ,lcsh:TA1-2040 ,desktop virtualization ,020201 artificial intelligence & image processing ,Cache ,0210 nano-technology ,business ,lcsh:Engineering (General). Civil engineering (General) ,computer ,lcsh:Physics - Abstract
Mail user agent (MUA) programs provide an integrated interface for email services. Many MUAs support email encryption functionality to ensure the confidentiality of emails. In practice, they encrypt the content of an email using email encryption standards such as OpenPGP or S/MIME, mostly implemented using GnuPG. Despite their widespread deployment, there has been insufficient research on their software structure and the security dependencies among the software components of MUA programs. In order to understand the security implications of the structures and analyze any possible vulnerabilities of MUA programs, we investigated a number of MUAs that support email encryption. As a result, we found severe vulnerabilities in a number of MUAs that allow cache side-channel attacks in virtualized desktop environments. Our analysis reveals that the root cause originates from the lack of verification and control over the third-party cryptographic libraries that they adopt. In order to demonstrate this, we implemented a cache side-channel attack on RSA in GnuPG and then conducted an evaluation of the vulnerability of 13 MUAs that support email encryption in Ubuntu 14.04, 16.04 and 18.04. Based on our experiment, we found that 10 of these MUA programs (representing approximately 77% of existing MUA programs) allow the installation of a vulnerable version of GnuPG, even when the latest version of GnuPG, which is secure against most cache side-channel attacks, is in use. In order to substantiate the importance of the vulnerability we discovered, we conducted a FLUSH+RELOAD attack on these MUA programs and demonstrated that the attack restored 92% of the bits of the 2048-bit RSA private key when the recipients read a single encrypted email.
- Published
- 2020
10. A Security Audit of the OpenPGP Format
- Author
-
Gerardo Pelosi, Alessandro Barenghi, and Nicholas Mainardi
- Subjects
Unix ,Language-theoretic security ,021103 operations research ,Parsing ,Computer security, GnuPG, Language-theoretic security, OpenPGP, PGP ,Computer science ,business.industry ,Context-free language ,0211 other engineering and technologies ,020206 networking & telecommunications ,02 engineering and technology ,Context-free grammar ,computer.software_genre ,Computer security ,Electronic mail ,Public-key cryptography ,PGP ,Formal specification ,GnuPG ,0202 electrical engineering, electronic engineering, information engineering ,OpenPGP ,business ,computer ,Implementation - Abstract
For over two decades the OpenPGP format has provided the mainstay of email confidentiality and authenticity, and is currently being relied upon to provide authenticated package distributions in open source Unix systems. In this work, we provide the first language theoretical analysis of the OpenPGP format, classifying it as a deterministic context free language and establishing that an automatically generated parser can in principle be defined. However, we show that the number of rules required to describe it with a deterministic context free grammar is prohibitively high, and we identify security vulnerabilities in the OpenPGP format specification. We identify possible attacks aimed at tampering with messages and certificates while retaining their syntactical and semantical validity. We evaluate the effectiveness of these attacks against the two OpenPGP implementations covering the overwhelming majority of uses, i.e., the GNU Privacy Guard (GPG) and Symantec PGP. The results of the evaluation show that both implementations turn out not to be vulnerable due to conser- vative choices in dealing with malicious input data. Finally, we provide guidelines to improve the OpenPGP specification
- Published
- 2017
11. Format Oracles on OpenPGP
- Author
-
Florian Maury, Olivier Levillain, Henri Gilbert, Jean-René Reinhard, Agence nationale de la sécurité des systèmes d'information (ANSSI), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Centre National de la Recherche Scientifique (CNRS), and Laboratoire de cryptographie de l'ANSSI (LCR)
- Subjects
Authenticated encryption ,Computer science ,business.industry ,Message format ,Byte ,Format Oracle ,Plaintext ,Cryptography ,Computer security ,computer.software_genre ,Encryption ,Oracle ,Backward compatibility ,Chosen Ciphertext Attacks ,[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] ,Implementation ,GnuPG ,Authenticated Encryption ,business ,computer ,Padding Oracle - Abstract
International audience; The principle of padding oracle attacks has been known in the cryptography research community since 1998. It has been generalized to exploit any property of decrypted ciphertexts, either stemming from the encryption scheme, or the application data format. However, this attack principle is being leveraged time and again against proposed standards and real-world applications. This may be attributed to several factors, \eg, the backward compatibility with standards selecting oracle-prone mechanisms, the difficulty of safely implementing decryption operations, and the misuse of libraries by non cryptography-savvy developers. In this article, we present several format oracles discovered in applications and libraries implementing the OpenPGP message format, among which the popular GnuPG application. We show that, if the oracles they implement are made available to an adversary, e.g. by a front-end application, he can, by querying repeatedly these oracles, decrypt all OpenPGP symmetrically encrypted packets. The corresponding asymptotic query complexities range from 2 to 2^8 oracle requests per plaintext byte to recover.
- Published
- 2015
12. Криптографические методы защиты коммерческой информации
- Author
-
Бартошевич, Д. А. and Бартошевич, Д. А.
- Published
- 2011
13. Části webové stránky šifrované pomocí GPG
- Author
-
Polčák, Libor, Pluskal, Jan, Polčák, Libor, and Pluskal, Jan
- Abstract
Cílem této práce je navrhnout a implementovat způsob zabezpečení citlivých dat na veřejných serverech nebo serverech třetích stran. Práce se zabývá implementací rozšíření pro webový prohlížeč Mozilla Firefox, které bude schopno nalézt a dešifrovat zašifrované prvky webové stránky s využitím výstupů GnuPG projektu. Rozšíření musí být dále schopno zpracovat dynamické změny webové stránky způsobené použitím XHR API, Fetch API, či Push API. V neposlední řadě se práce zabývá testováním implementovaného řešení a měření vlivu rozšíření na celkovou dobu zpracování webových stránek prohlížečem., The aim of the thesis is to design and implement a solution to secure sensitive data on public servers or third-party servers. The thesis deals with an implementation of a web browser extension for Mozilla Firefox browser, that will be able to detect and decrypt encrypted objects on a web page. The extension must be able to process dynamic changes on the web page caused by the usage of XHR API, Fetch API or Push API. The last but not least, the thesis deals with the testing of the implemented solution and measuring its influence on the performance of the browser.
14. Části webové stránky šifrované pomocí GPG
- Author
-
Polčák, Libor, Pluskal, Jan, Polčák, Libor, and Pluskal, Jan
- Abstract
Cílem této práce je navrhnout a implementovat způsob zabezpečení citlivých dat na veřejných serverech nebo serverech třetích stran. Práce se zabývá implementací rozšíření pro webový prohlížeč Mozilla Firefox, které bude schopno nalézt a dešifrovat zašifrované prvky webové stránky s využitím výstupů GnuPG projektu. Rozšíření musí být dále schopno zpracovat dynamické změny webové stránky způsobené použitím XHR API, Fetch API, či Push API. V neposlední řadě se práce zabývá testováním implementovaného řešení a měření vlivu rozšíření na celkovou dobu zpracování webových stránek prohlížečem., The aim of the thesis is to design and implement a solution to secure sensitive data on public servers or third-party servers. The thesis deals with an implementation of a web browser extension for Mozilla Firefox browser, that will be able to detect and decrypt encrypted objects on a web page. The extension must be able to process dynamic changes on the web page caused by the usage of XHR API, Fetch API or Push API. The last but not least, the thesis deals with the testing of the implemented solution and measuring its influence on the performance of the browser.
15. Ověřování digitálních podpisů systému PGP
- Author
-
Zeman, Václav, Burda, Karel, Zeman, Václav, and Burda, Karel
- Abstract
Bakalářská práce se zaměřuje na práci s OpenPGP obsahem v e-mailových souborech. Prochází historii, změny a vlastnosti PGP a e-mailu a zasazuje je do společného kontextu. V rámci této práce je navrhnut a implementován program pro čtení a ověřování OpenPGP dat v elektronické poště, který je dostupný jako open-source nástroj pro použití z příkazové řádky i ve funkci knihovny., This bachelor thesis is focused on the interaction of OpenPGP content inside of e-mail files. It describes the history, changes and properties of PGP and e-mail and connects them into a common context. The goal is to design and implement a program for reading and verifying OpenPGP data in electronic mail, which is available as an open-source tool available as both a the command line and as a library.
16. Ověřování digitálních podpisů systému PGP
- Author
-
Zeman, Václav, Burda, Karel, Zeman, Václav, and Burda, Karel
- Abstract
Bakalářská práce se zaměřuje na práci s OpenPGP obsahem v e-mailových souborech. Prochází historii, změny a vlastnosti PGP a e-mailu a zasazuje je do společného kontextu. V rámci této práce je navrhnut a implementován program pro čtení a ověřování OpenPGP dat v elektronické poště, který je dostupný jako open-source nástroj pro použití z příkazové řádky i ve funkci knihovny., This bachelor thesis is focused on the interaction of OpenPGP content inside of e-mail files. It describes the history, changes and properties of PGP and e-mail and connects them into a common context. The goal is to design and implement a program for reading and verifying OpenPGP data in electronic mail, which is available as an open-source tool available as both a the command line and as a library.
17. Ověřování digitálních podpisů systému PGP
- Author
-
Zeman, Václav, Burda, Karel, Zeman, Václav, and Burda, Karel
- Abstract
Bakalářská práce se zaměřuje na práci s OpenPGP obsahem v e-mailových souborech. Prochází historii, změny a vlastnosti PGP a e-mailu a zasazuje je do společného kontextu. V rámci této práce je navrhnut a implementován program pro čtení a ověřování OpenPGP dat v elektronické poště, který je dostupný jako open-source nástroj pro použití z příkazové řádky i ve funkci knihovny., This bachelor thesis is focused on the interaction of OpenPGP content inside of e-mail files. It describes the history, changes and properties of PGP and e-mail and connects them into a common context. The goal is to design and implement a program for reading and verifying OpenPGP data in electronic mail, which is available as an open-source tool available as both a the command line and as a library.
18. Části webové stránky šifrované pomocí GPG
- Author
-
Polčák, Libor, Pluskal, Jan, Polčák, Libor, and Pluskal, Jan
- Abstract
Cílem této práce je navrhnout a implementovat způsob zabezpečení citlivých dat na veřejných serverech nebo serverech třetích stran. Práce se zabývá implementací rozšíření pro webový prohlížeč Mozilla Firefox, které bude schopno nalézt a dešifrovat zašifrované prvky webové stránky s využitím výstupů GnuPG projektu. Rozšíření musí být dále schopno zpracovat dynamické změny webové stránky způsobené použitím XHR API, Fetch API, či Push API. V neposlední řadě se práce zabývá testováním implementovaného řešení a měření vlivu rozšíření na celkovou dobu zpracování webových stránek prohlížečem., The aim of the thesis is to design and implement a solution to secure sensitive data on public servers or third-party servers. The thesis deals with an implementation of a web browser extension for Mozilla Firefox browser, that will be able to detect and decrypt encrypted objects on a web page. The extension must be able to process dynamic changes on the web page caused by the usage of XHR API, Fetch API or Push API. The last but not least, the thesis deals with the testing of the implemented solution and measuring its influence on the performance of the browser.
19. Ověřování digitálních podpisů systému PGP
- Author
-
Zeman, Václav, Burda, Karel, Horký, Matyáš, Zeman, Václav, Burda, Karel, and Horký, Matyáš
- Abstract
Bakalářská práce se zaměřuje na práci s OpenPGP obsahem v e-mailových souborech. Prochází historii, změny a vlastnosti PGP a e-mailu a zasazuje je do společného kontextu. V rámci této práce je navrhnut a implementován program pro čtení a ověřování OpenPGP dat v elektronické poště, který je dostupný jako open-source nástroj pro použití z příkazové řádky i ve funkci knihovny., This bachelor thesis is focused on the interaction of OpenPGP content inside of e-mail files. It describes the history, changes and properties of PGP and e-mail and connects them into a common context. The goal is to design and implement a program for reading and verifying OpenPGP data in electronic mail, which is available as an open-source tool available as both a the command line and as a library.
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.