If not redirected, please click here https://www.thesecuritybuddy.com/email-security/what-is-smtp-strict-transport-security/
SMTP
or Simple Mail
Transfer Protocol
was first developed in 1982 and at that time it had very few
security features. Though at that time there was not much concerns,
later it became a major security concern. And, SMTP
STS or SMTP Strict
Transport Security
is a policy which is developed for addressing security concerns of
SMTP like TLS Downgrade Attacks and DNS Hijacking while transporting
emails between mail servers.
Security
Concerns of SMTP
As
said above, SMTP has very few security features, resulting in some
major security concerns. TLS Downgrade Attacks and DNS Hijacking are
two major security concerns that makes email transport quite
vulnerable.
Let's
discuss in brief how these two attacks make email transport so
vulnerable.
TLS
Downgrade Attack
When
a source Mail Server wants to send an email to a destination Mail
Server, the communication is not by default encrypted. A STARTTLS
command is sent first and then, when both the Mail Servers agrees on
STARTTLS command, they go ahead and establish a TLS connection
between them to transfer the email. Otherwise, the email is sent in
cleartext format.
In
TLS Downgrade Attack, the attacker first perpetrates a
Man-In-The-Middle Attack and changes the STARTTLS command transferred
between the Mail Servers. As a result, both the Mail Servers are
tricked to believe that the other one does not support TLS. And the
email is transferred in cleartext format, following which the atacker
is now free to steal sensitive data transferred over the email
communication.
You
would find more information on how TLS Downgrade Attacks are
perpetrated while transporting emails here : TLS
Downgrade Attacks while transporting Emails
DNS
Hijacking
The
source Mail Server needs to know the IP address corresponding to the
destination Mail Server before transferring the email. For that
purpose, the source Mail Server makes a query to the DNS Servers and
fetches MX record containing the said IP address.
But,
attackers can perpetrate a DNS Hijacking Attack at that time and
trick the source Mail Server to obtain a fraudulent MX record
containing the IP address of the attacker controlled Mail Server. As
a result, the source Mail Server ends up sending the sensitive email
to the attacker's Mail Server, following which the attacker can steal
sensitive data and transfer the email back to the actual destination
Mail Server to make the attack transparent.
You
would find more information on how DNS Hijacking Attacks are
perpetrated while transporting emails : DNS
Hijacking Attacks while transporting Emails
DANE
DANE
or DNS-based Authentication
of Named Entities
is a protocol which is developed recently which can address the above
security concerns of SMTP, though it has some other concerns.
In
this protocol, the source Mail Server makes a DNS query to obtain
TLSA records from the DNS Servers before sending the email. TLSA
records are a new DNS resource records that contains information on
the digital certificate or the Certificate Authority which are used
in the subsequent TLS connection between the source and destination
Mail Servers.
So,
the source Mail Server first obtains the TLSA records from the DNS
Servers and then validates the records using DNSSEC. In DNSSEC,
responses from DNS Servers are validated with digital signatures and
cryptographic keys. As it will not be possible for attackers to
duplicate cryptographic keys and affect DNSSEC responses, DANE can
address the above security concerns of SMTP up to a great extent.
You
would find more information on how DNSSEC works here : DNSSEC
SMTP
STS
Though
DANE can address the major security concerns of SMTP up to a great
extent, it may not prove to be much convenient.
DANE
requires DNSSEC for the secure delivery. But, implementation of
DNSSEC is quite compex and its adoption is quite slow. And, to
address those concerns a new protocol called SMTP STS is very
recently developed.
SMTP
STS
or
SMTP
Strict
Transport
Security
is
a policy that ensures secure SMTP sessions over TLS. It presents a variant
for systems which do not yet support DNSSEC. It also specifies a
method for reporting TLS negotiation failures while establishing a
TLS connection between the Mail Servers.
The
main difference between DANE and SMTP STS is, DANE requires DNSSEC to
authenticate DANE TLSA records. But, SMTP STS relies on the
Certificate Authority system to avoid interceptions.
How
does SMTP STS work
When
an email is sent from source Mail Server to destination Mail Server,
it typically follows the following steps :
- The source Mail Server makes DNS query and obtains the TXT record and MX record of the destination Mail Server. The TXT record contains information on the SMTP STS policy of the destination Mail Server. And, the MX record presents its TLS certificate.
- The next step for the source Mail Server honoring SMTP STS policy is to fetch and validate the policy.
- If the TXT record specifies DNSSEC, the source Mail Server should retrieve the policy via DNSSEC.
- If the TXT record specifies Web PKI, the source Mail Server should establish an HTTPS connection to a specified host at the domain matching that of the destination Mail Server. The HTTP response body thus obtained must match the policy initially loaded by via the DNS TXT method.
- The next step is policy validation. For Web PKI, the certificate presented by the MX reecord must be valid for the MX name and chain to a root CA that is trusted by the source Mail Server.
- Otherwise, DANE TLSA is used to validate the certificate.
- Aggregate statistics on the policy failure may be reported to a specified URI for diagnosis.
Security
of SMTP STS
As
discussed above, SMTP STS relies on proper validation of the policy
and the certificate. As the chances of compromising a Certificate
Authority is considerably less, it becomes quite difficult for the
attackers to intercept the connections and make attacks.
This
was an informative article on SMTP STS and how it helps to address
some major security concerns that SMTP has. Hope it helped.
Reference :
https://github.com/mrisher/smtp-sts/blob/master/spec.txt
No comments:
Post a Comment