If not redirected, please click here https://www.thesecuritybuddy.com/email-security/tls-downgrade-attack-for-email-transport/
Electronic mails are indispensable
nowadays. We can hardly imagine a single day without accessing our
emails. Lots of sensitive information are exchanged using these
emails. And thus, the transport of emails is also not safe from the
attackers.
There are a number of ways in which the
attackers can steal sensitive information transferred through emails.
And, one of those is TLS Downgrade Attack.
What is TLS Downgrade Attack ?
TLS or Transport Layer
Security is a protocol which is widely used to transfer sensitive
data between two hosts over the unsecure network. In this protocol,
data is encrypted using cryptographic keys before the transfer.
A TLS Downgrade Attack is an
attack in which the attacker tricks the server and the client
communicating with each other to use a lower version of TLS, so that
the attacker can take advantage of that to steal sensitive
information. Most of the cases, this TLS Downgrade Attack is
performed as part of a Man-In-The-Middle Attack, in which the
attacker listens to the conversation between the server and the
client and intercepts the data to steal sensitive information.
How can attackers perpetrate TLS Downgrade Attack to steal sensitive data transferred over emails ?
SMTP or Simple Mail Transfer
Protocol is a protocol which is widely used to transfer emails
from one provider to another.
Suppose, Alice has the email address
alice@source.com and she wants
to send an email to Bob, who has an email address
bob@destination.com.
So, when Alice will send an email to
Bob's email address, the mail server for Alice' mail provider will
contact mail server for Bob's mail provider and the email will be
transferred.
Now, SMTP is a protocol which came in
existence 1982 which is much before the TLS protocol, which came in
existence in 1995. So, TLS had to be retrofitted to the SMTP
protocol.
This was done by adding the extension
STARTTLS.
So, when Alice wants to send an email
from alice@source.com to
bob@destination.com of Bob,
the source mail server communicates with the destination mail server.
And, after the TCP Handshake is done, the destination mail server
will send a STARTTLS to the source mail server. At this point, if the
source mail server supports TLS, it will understand the STARTTLS and
encryption will be used over the communication. Otherwise, data
transfer will be done in clear text format.
Here, the two servers cannot use TLS by
default, be cause they won't be knowing whether the other server
supports TLS. Especially if the two servers are from two different
mail providers, it won't be possible for them to know beforehead
whether the other one supports TLS. And, the attacker takes this
advantage to perform a Man-In-The-Middle attack.
The attacker first listens to the
communication between the two mail servers. And, when the destination
mail server sends a STARTTLS to find out whether the source mail
server supports TLS, the attacker simply replaces the STARTTLS
command with a garbage string.
The source mail server receives the
garbage string and it ignores that. But, the destination server
assumes the source mail server does not support TLS. And, the
communication falls back to using normal clear text. Now, the
attacker can easily read the sensitive data getting transferred.
How can we safeguard ourselves ?
SMTP STP is a recent technology which can be used effectively to mitigate this attack. SMTP STS or SMTP Strict Transport Security is a policy that ensures secure SMTP sessions over TLS.
You will find more information on this policy here : SMTP STS
Other than that, we can use a good encryption technology and encrypt our emails before sending it. PGP is a good example that we can use. It uses public key cryptography. Both the sender and the receiver generate a public-private keypair, using which the emails are encrypted and sent.
To find out more on PGP, you can look in here : What is PGP ?
Otherwise, nowadays almost all webmail providers give us the option of sending encrypted emails. That would help us.
So, TLS Downgrade Attack is quite a
widely known attack and the attackers can use this for stealing
sensitive information in transport of emails also. But, with a little awareness we can avoid this attack.
Read More
Infographic : How to sign and encrypt emails using PGP ?
What is PGP or Pretty Good Privacy ?
How are S/MIME and PGP different from each other in encrypting emails ?
How can Bitmessage be used to send encrypted messages ?
What is SMTP Strict Transport Security ?
How can attackers perpetrate DNS Hijacking Attack to steal sensitive data transferred over emails ?
Read More
Infographic : How to sign and encrypt emails using PGP ?
What is PGP or Pretty Good Privacy ?
How are S/MIME and PGP different from each other in encrypting emails ?
How can Bitmessage be used to send encrypted messages ?
What is SMTP Strict Transport Security ?
How can attackers perpetrate DNS Hijacking Attack to steal sensitive data transferred over emails ?
No comments:
Post a Comment