Thursday, January 21, 2016

TLS Downgrade Attack for Email Transport

Electronic mails are indispensable nowadays. We can hardly imagine a single day without accessing our emails. Lots of sensitive information are exchanged using these emails. And thus, the transport of emails is also not safe from the attackers.

There are a number of ways in which the attackers can steal sensitive information transferred through emails. And, one of those is TLS Downgrade Attack.

What is TLS Downgrade Attack ?

TLS or Transport Layer Security is a protocol which is widely used to transfer sensitive data between two hosts over the unsecure network. In this protocol, data is encrypted using cryptographic keys before the transfer.

A TLS Downgrade Attack is an attack in which the attacker tricks the server and the client communicating with each other to use a lower version of TLS, so that the attacker can take advantage of that to steal sensitive information. Most of the cases, this TLS Downgrade Attack is performed as part of a Man-In-The-Middle Attack, in which the attacker listens to the conversation between the server and the client and intercepts the data to steal sensitive information.

How can attackers perpetrate TLS Downgrade Attack to steal sensitive data transferred over emails ?

SMTP or Simple Mail Transfer Protocol is a protocol which is widely used to transfer emails from one provider to another.

Suppose, Alice has the email address and she wants to send an email to Bob, who has an email address

So, when Alice will send an email to Bob's email address, the mail server for Alice' mail provider will contact mail server for Bob's mail provider and the email will be transferred.

Now, SMTP is a protocol which came in existence 1982 which is much before the TLS protocol, which came in existence in 1995. So, TLS had to be retrofitted to the SMTP protocol.

This was done by adding the extension STARTTLS.

So, when Alice wants to send an email from to of Bob, the source mail server communicates with the destination mail server. And, after the TCP Handshake is done, the destination mail server will send a STARTTLS to the source mail server. At this point, if the source mail server supports TLS, it will understand the STARTTLS and encryption will be used over the communication. Otherwise, data transfer will be done in clear text format.

Here, the two servers cannot use TLS by default, be cause they won't be knowing whether the other server supports TLS. Especially if the two servers are from two different mail providers, it won't be possible for them to know beforehead whether the other one supports TLS. And, the attacker takes this advantage to perform a Man-In-The-Middle attack.

The attacker first listens to the communication between the two mail servers. And, when the destination mail server sends a STARTTLS to find out whether the source mail server supports TLS, the attacker simply replaces the STARTTLS command with a garbage string.

The source mail server receives the garbage string and it ignores that. But, the destination server assumes the source mail server does not support TLS. And, the communication falls back to using normal clear text. Now, the attacker can easily read the sensitive data getting transferred.

How can we safeguard ourselves ?

SMTP STP is a recent technology which can be used effectively to mitigate this attack. SMTP STS or SMTP Strict Transport Security is a policy that ensures secure SMTP sessions over TLS. 

You will find more information on this policy here : SMTP STS

Other than that, we can use a good encryption technology and encrypt our emails before sending it. PGP is a good example that we can use. It uses public key cryptography. Both the sender and the receiver generate a public-private keypair, using which the emails are encrypted and sent.

To find out more on PGP, you can look in here : What is PGP ?

Otherwise, nowadays almost all webmail providers give us the option of sending encrypted emails. That would help us.

No comments:

Post a Comment