Email Security Trail Map - A World beyond DMARC -

Copyright© QUALITIA CO., LTD. All Rights Reserved.
Email Security
Trail Map
～A World beyond DMARC～
QUALITIA CO., LTD
HIRANO Yoshitaka

View Slide

Our Company
Name Qualitia CO., LTD
HQ 3-11-10 Nihombashi-Kayabacho Chuo-ku Tokyo
Capital 85M yen
Since Oct. 1993
CEO Ken Matsuda
⚫ Development and Sales of Messaging Related Solutions
⚫ Supporting Efficient Communication and Security Enhancement
⚫ Providing the Messaging Related Cloud Services and Software
Create the Future of “Communication” and “Security” with our Customers and Partners
Q U A L I T Y M A K E S F U T U R E

View Slide

Self Introduction
Name HIRANO Yoshitaka
Belongs to QUALITIA Co., Ltd
Chief Engineer
Cert. Licensed Scrum Master
Certified Scrum Developer
Activities M3AAWG
JPAAWG
IA Japan 迷惑Mail対策委員会
Anti-Spam mail Promotion Council (ASPC)
Message Research Institute
Audax Randonneurs Nihonbashi

View Slide

Our Team
We are researching
and developing
New Feature
Be our
Friend!
Twitter Account →

View Slide

Email Security?
Where is the goal?

View Slide

Technologies for Email Security
SPF
DKIM
誤送信
防止
Sanitize
Password
ZIP
Anti
Phishing Anti
SPAM
DNS
SEC
SMTP
AUTH
DANE
MTA-
STS
START
TLS
BIMI
ARC
DMARC
TLS-
RPT
Anti
Virus
Virus
Filter
Sandb
ox
Anshin
Mark
So many things!!
I cannot understand

View Slide

What do you want to protect
from What?

View Slide

What we protect from
クオリティア
Mail
Server
Mail
Server
spoofing
hijacking
eavesdropping
tampering
stealing
leakage
Malware
Mail
Server
phishing

View Slide

What you want to protect from
•Spoofing, Tampering
•Account Hijacking, Springboard
•Eavesdropping
•Spam, Malware, Phishing
•Leakage

View Slide

Spoofing, Tampering
Protect from

View Slide

Protect from Spoofing, Tampering
クオリティア
Mail
Server
Mail
Server
Mail
Server
Spoofing
Tampering

View Slide

Protect from Spoofing・Tampering
•SPF
•DKIM
•DMARC
•ARC
•BIMI

View Slide

When there is no SPF
192.0.2.1
203.0.113.1
Env From: [email protected]
From: [email protected]
Subject: Please transfer money
Hi! I'm Taro @ QUALITIA.
・・・・
OK I transfer! Click! ×
クオリティア
Spoofing・Tampering

View Slide

When there is SPF
192.0.2.1
AR: spf=pass
・・・・
qualitia.co.jp txt “v=spf1 ip4:192.0.2.1 –all”
Check Source IP using Envelope From
○
OK, This is right. Transfer!
クオリティア

View Slide

When there is SPF
192.0.2.1
203.0.113.1
AR: spf=fail
・・・・
Hmm, it looks fake
×
クオリティア

View Slide

But!

View Slide

Even if there is SPF
192.0.2.1
203.0.113.1
AR: spf=none
・・・・
クオリティア
OK I transfer! Click!
Use badgroup domain

View Slide

badgroupのSPFで認証
192.0.2.1
203.0.113.1
AR: spf=pass
・・・・
badgroup.example txt “v=spf1 ip4:203.0.113.1 –all”
クオリティア

View Slide

SPF
•Verify if the pair of Envelope From and IP
Address is correct or not
•RFC4408 (2006/04)
Source IP = Envelope From = Header From
?

View Slide

DKIM

View Slide

When there is no DKIM
AR: dkim=none
・・・・
クオリティア

View Slide

DKIM-Signature: v=1;
d=qualitia.co.jp; s=s1;
h=From:Subject;
b=abcdef・・・・
・・・・
When there is DKIM
Send with signature
s1._domainkey.qualitia.co.jp txt “v=dkim1;p=ABCDEF...”
Encryption
Public Key
Private Key
hash
クオリティア

View Slide

h=From:Subject;
AR: dkim=pass
・・・・
When there is DKIM
OK, it’s trustable. Transfer, click!
Decryption
Public Key
Private Key
hash
○
クオリティア

View Slide

d=qualitia.co.jp;
h=From:Subject;
・・・・
When there is DKIM
Cannot sign
without a private key!
encryption
Private Key
hash
×
クオリティア

View Slide

h=From:Subject;
Subject: Please transfer money to thief
・・・・
When there is DKIM
Tamper
the signed
message
Public Key
Private Key
クオリティア

View Slide

h=From:Subject;
Subject: 泥棒にPlease transfer money
AR: dkim=fail
・・・・
When there is DKIM
Hmm, this might be tampered?
decryption
Public Key
Private Key
hash
×
クオリティア

View Slide

But!

View Slide

Even if there is DKIM
AR: dkim=none
・・・・
Ok, Transfer! Click!
Private Key
Same as
when there is not DKIM
クオリティア
Send without signature

View Slide

By Any Chance？
AR: dkim=none
・・・・
Ehh? QUALITIA usually
sign DKIM signature, right?
Private Key
クオリティア
Same as
when there is not DKIM

View Slide

d=badgroup.example; s=aku;
h=From:Subject;
・・・・
Sign as badgroup!
aku._domainkey.badgroup.example txt “v=dkim1;p=ABCDEF...”
encryption
Private Key
of badgroup
Private Key
hash
クオリティア

View Slide

h=From:Subject;
AR: dkim=pass
・・・・
Ok, transfer!
decryption
badgroupの
Public Key
Private Key
hash
○
badgroupの
Private Key
クオリティア

View Slide

DKIM
•Sign headers and body
to protect from tampering

View Slide

Problem of SPF, DKIM
•SPF: Even if the third party spoofed the
Envelope From, still spf will be a “pass”
•DKIM: Even if the third party signed,still
dkim will be a “pass”

View Slide

DMARC

View Slide

DMARC
•Verify based on Header From
•Header From
•Envelope From Verify all domains match
•DKIM signer

View Slide

SPF for badgroup (dmarc p=none)
192.0.2.1
203.0.113.1
AR: spf=pass, dmarc=Fail
・・・・
_dmarc.qualitia.co.jp txt “v=DMARC1; p=none”
Oh, dmarc is fail.
×
クオリティア

View Slide

SPF for badgroup (dmarc p=reject)
192.0.2.1
203.0.113.1
AR: spf=pass, dmarc=Fail
・・・・
× Reject!
_dmarc.qualitia.co.jp txt “v=DMARC1; p=reject”
×
クオリティア

View Slide

h=From:Subject;
AR: dkim=pass, dmarc=fail
・・・・
DKIM signature for badgroup
Public Key
of badgroup
Private Key
of badgroup
×
_dmarc.qualitia.co.jp txt “v=DMARC1; p=reject”
×Reject!
クオリティア

View Slide

But!

View Slide

h=From:Subject;
Subject: [○○ML:1234] Hi! All
AR: dkim=fail
Hi! Long time no see!
・・・・
DKIM + Mailing List
Hmm, can I trust?
decryption
Public Key
Private Key
hash
×
クオリティア

View Slide

ARC

View Slide

ARCがあれば
Ok, arc=pass
Private Key
クオリティア
Mailing List
Server
ml.example.jp
ARC-Seal: i=1; cv=none; d=ml.example.jp;...
ARC-Message-Signature: i=1; d=ml.example.jp;
h=from:subject:dkim-signature:...
ARC-Authentication-Result: i=1; ml.example.jp;
dkim=pass; spf=pass; dmarc=pass
DKIM-Signature: v=1; d=qualitia.co.jp; b=abcdef・・・・
Subject: [○○ML:1234] Hi! All
AR: dkim=fail, arc=pass
Hi! Long time no see!
・・・・

View Slide

ARC
•The Authenticated Received Chain Protocol
•RFC8617 (2019年7月)
•Mailing List Server will write ARC signature
with sequence number,
if DKIM=pass, ARC=pass when it received.

View Slide

Operation

View Slide

Recent DKIM Circumstances
•RFC8301: Cryptographic Algorithm and Key Usage Update to
DomainKeys Identified Mail (DKIM) (Jan. 2018)
・Both signer and verifier MUST use rsa-sha256
・Both MUST NOT use rsa-sha1
・Sign: 1024bit～(MUST)、2048bit～(SHOULD)
・Verify: 1024bit～4096bit(MUST)
※ But 2048bit is longer than the size 255bytes which DNS can handle

View Slide

Recent DKIM Circumstances
•RFC8463: A New Cryptographic Signature Method for DomainKeys
Identified Mail (DKIM) (Sep. 2018)
・Signer SHOULD implement this
・Verifier MUST implement this
・Write two signatures, Ed25519-SHA256 and
RSA-SHA256(1024bit～) for backward compatibility
Use Ed25519-SHA256
BASE64 encoded size is just 44 bytes, so this can be fit into DNS

View Slide

DKIM Key Rotation
•DKIM Key has
to be rotated
https://www.m3aawg.org/sites/default/files/m3aawg-dkim-key-rotation-bp-2019-03.pdf

View Slide

Operation for DKIM
•Follow the latest cryptography
•Key rotation
Too much hassle!!!
We are creating a service
to DKIM-sign automatically!
Coming Soon!
注目

View Slide

BIMI

View Slide

BIMI
•Show the logo
specified by the
sender,
if the DMARC
is “pass”.
Show the logo
注目

View Slide

Protect from Spoofing, Tampering (Summary)
•SPF
•DKIM
•DMARC
•ARC
•BIMI

View Slide

•Spoofing・Tampering
•Hijacking・Springboard
•Eavesdropping
•Spam・Malware・Phishing
•Leakage
Hijacking・Springboard

View Slide

Protect from

View Slide

Protect from Hijacking・
Springboard
クオリティア
Mail
Server
Mail
Server
Hijacking

View Slide

POP before SMTP

View Slide

POP before SMTP
If you pass the POP3 authentication,
you can send email.
Mail Server

View Slide

SMTP AUTH

View Slide

SMTP AUTH
If you passed the ID/Password authentication
on SMTP, you can send email.
Mail Server
RFC2554 (1999) → RFC4954 (2007)

View Slide

OP25B

View Slide

OP25B
•If you passed the ID/Password authentication on
SMTP(Port 587 ), you can send email.
•ISP blocks Port 25 from customer.
Mail Server

View Slide

Multi Factor Authentication

View Slide

Multi Factor Authentication
If the multiple combinations of authentication, such
as SMTP AUTH, device auth, biometric auth, are
passed, you can send an email.
Mail Server
Device auth
+ Face auth
OK

View Slide

デモ
We made it!
注目

View Slide

Demo
Mail Server
Device Auth
+ Face Auth
OK

View Slide

Device + Face authentication
Sender
MUA
Packet

View Slide

多要素認証
SMTP Biometric Auth Service
Looking for β users!
注目

View Slide

Protect from Hijacking・Springboard
(Summary)
•POP before SMTP
•SMTP AUTH
•OP25B
•Multi Factor Authentication

View Slide

•Eavesdropping
•Leakage
Eavesdroppin

View Slide

Eavesdropping
Protect From
Eavesdroppin

View Slide

Protect from Eavesdropping
クオリティア
Mail
Server
Mail
Server
Eavesdropping
Tampering
Stealing
Eavesdroppin

View Slide

Encrypted ZIP
Eavesdroppin

View Slide

Encrypted ZIP
クオリティア
Mail
Server
Mail
Server
Eavesdropping
Tampering
Stealing
Password
Eavesdroppin

View Slide

STARTTLS
Eavesdroppin

View Slide

STARTTLS
クオリティア
Mail
Server
Mail
Server
Eavesdropping
Tampering
Encrypt the line between mail servers
Eavesdroppin

View Slide

But!
Eavesdroppin

View Slide

Unsupported STARTTLS
クオリティア
Mail
Server
Mail
Server2
Eavesdropping
Tampering
If the server or client does not
support STARTTLS, the client will
send emails by plain text
opportunistically.
Mail
Server1
Eavesdroppin

View Slide

When the network routing is hijacked
クオリティア
Mail
Server
Mail
Server
Encryption is meaningless.
Mail
Server
ARP
BGP
・・・
Eavesdroppin

View Slide

MTA-STS
Eavesdroppin

View Slide

MTA-STS
•Force to use STARTTLS
•Force to use TLS1.2 or more
•Enforce that server has a valid certification
•RFC8461 (Sep. 2018)
Eavesdroppin

View Slide

When there is MTA-STS
クオリティア
Mail
Server
Mail
Server
Client does not send,
if encryption is not supported
_mta-sts.qualitia.co.jp. IN TXT "v=STSv1; id=20191114123000Z;"
version: STSv1
mode: enforce
mx: mx1.qualitia.co.jp
max_age: 1296000
https://mta-sts.qualitia.co.jp/.well-known/mta-sts.txt
＝Not Stealed
Eavesdroppin
Policy

View Slide

But!
If the client did not send it
we want to know it
Eavesdroppin

View Slide

TLS-RPT
Eavesdroppin

View Slide

When there is TLS-RPT
クオリティア
Mail
Server
Mail
Server
Send a report,
if the encryption is not supported
RFC8460 (Sep. 2018)
version: STSv1
mode: enforce
max_age: 1296000
_smtp._tls.qualitia.co.jp. IN TXT "v=TLSRPTv1;rua=mailto:[email protected]"
Eavesdroppin

View Slide

Be careful！
クオリティア
Mail
Server
Mail
Server
version: STSv1
mode: enforce
max_age: 1296000
_smtp._tls.qualitia.co.jp. IN TXT "v=TLSRPTv1;rua=mailto:[email protected]"
Server does not support TLS,
so that client cannot send a report
encryption
Eavesdroppin

View Slide

Report Using HTTPS
クオリティア
Mail
Server
Mail
Server
version: STSv1
mode: enforce
max_age: 1296000
_smtp._tls.qualitia.co.jp. IN TXT "v=TLSRPTv1;rua=https://api.qualitia.co.jp/v1/tlsrpt"
HTTPS is also available
https://api.qualitia.co.jp.jp/v1/tlsrpt
POST
Eavesdroppin

View Slide

But!
Eavesdroppin

View Slide

DNS Hijacking
クオリティア
Mail
Server
Mail
Server
Disable MTA-STS
Mail
Server
DNS
Eavesdroppin

View Slide

Compromised CA
クオリティア
Mail
Server
Mail
Server
Mail
Server
ARP
BGP
・・・
Certificate Authority (CA)
署名
qualitia.co.jp
qualitia.co.jp
Sign
Compromised CA
Everything seems fine
for sender
Trust
Eavesdroppin

View Slide

DANE
Eavesdroppin

View Slide

DANE
•Do not use Certificate authority(CA)
•You can use if you want
•Self-signed certificate is available
•Use DNSSEC
•RFC7672 (Oct. 2015)
Eavesdroppin

View Slide

DANE
クオリティア
Mail
Server
Mail
Server
Use DNS Trust chain instead of CA
DNSSEC
Certificate Authority(CA)
No Need
ルートDNS
DNSSEC
Trust
Eavesdroppin
_25._tcp.mx1.qualitia.co.jp. IN TLSA 3 0 1 2B73BB905F…"
mx1.qualitia.co.jp

View Slide

But!
Settings and Operations are not easy
Eavesdroppin

View Slide

Operation of MTA-STS, TLS-RPT, DANE
•Operating DNSSEC is not easy
•We cannot use DNSSEC easily (in Japan)
•Do not want to Key-Rotate
•Do not want to analyze the report
Authoritative DNSSEC Service
for Mail User
We are now developing!
注目
Eavesdroppin

View Slide

Protect from Eavesdropping (Summary)
•Encrypted ZIP
•STARTTLS
•MTA-STS
•TLS-RPT
•DANE-TLS
•DNSSEC
•DANE-S/MIME
Eavesdroppin

View Slide

•Eavesdropping
•Leakage
Spam・Malware・Phishing

View Slide

Spam, Malware, Phishing
Protect from

View Slide

Protect from Spam, Malware
Mail
Server
Mail
Server
Spoofing
Spam
Malware
Phishing

View Slide

Security for received emails
•Spam Filtering
•Virus Filtering

View Slide

But!
Virus file is also encrypted!
Virus scanners cannot detect the virus!

View Slide

Decode by Password to Detect Virus
Decode by Password
Virus Check
Check in Sandbox
You can download
if the file is safe
注目

View Slide

•Eavesdropping
•Leakage
Leakage

View Slide

Leakage
Protect from
Leakage

View Slide

Mail Missending Prevention
•Holding Email for a while
•To, Cc → Bcc Transformation
•Password protected ZIP
Leakage

View Slide

Web Downloading
クオリティア
Mail
Server
Mail
Server
Separate
Attachment
File
注目
Leakage

View Slide

EMAILを守るための技術
•Eavesdropping
•Leakage
SPF DKIM DMARC ARC BIMI
POP before SMTP SMTP AUTH MFA
STARTTLS MTA-STS TLS-RPT DANE DNSSEC
AntiSPAM AntiVirus SandBox Active! zone
Holding Passworded ZIP Web Downloading Active! gate

View Slide

Introduced Products, Services
•Web Mail for BIMI
•DKIM signing Service
•SMTP Bio Auth Product, Service
•Authoritative DNSSEC + Mail Setting Service
•TLS Report Analysis Service
•Virus Checking for Passworded Files Product
•Attachment Separation for Mail Missending Prevention
βユーザ募集！

View Slide

Thank you
Thank you

View Slide

Email Security Trail Map - A World beyond DMARC -

Email Security Trail Map - A World beyond DMARC -

HIRANO Yoshitaka

More Decks by HIRANO Yoshitaka

Other Decks in Technology

Featured

Transcript