Email Security Trail Map - A World beyond DMARC -

Slide 1

Slide 1 text

Slide 2

Slide 2 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Our Company Name Qualitia CO., LTD HQ 3-11-10 Nihombashi-Kayabacho Chuo-ku Tokyo Capital 85M yen Since Oct. 1993 CEO Ken Matsuda ⚫ Development and Sales of Messaging Related Solutions ⚫ Supporting Efficient Communication and Security Enhancement ⚫ Providing the Messaging Related Cloud Services and Software Create the Future of “Communication” and “Security” with our Customers and Partners Q U A L I T Y M A K E S F U T U R E

Slide 3

Slide 3 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Self Introduction Name HIRANO Yoshitaka Belongs to QUALITIA Co., Ltd Chief Engineer Cert. Licensed Scrum Master Certified Scrum Developer Activities M3AAWG JPAAWG IA Japan 迷惑Mail対策委員会 Anti-Spam mail Promotion Council (ASPC) Message Research Institute Audax Randonneurs Nihonbashi

Slide 4

Slide 4 text

Slide 5

Slide 5 text

Slide 6

Slide 6 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Technologies for Email Security SPF DKIM 誤送信防止 Sanitize Password ZIP Anti Phishing Anti SPAM DNS SEC SMTP AUTH DANE MTA- STS START TLS BIMI ARC DMARC TLS- RPT Anti Virus Virus Filter Sandb ox Anshin Mark So many things!! I cannot understand

Slide 7

Slide 7 text

Slide 8

Slide 8 text

Slide 9

Slide 9 text

Slide 10

Slide 10 text

Slide 11

Slide 11 text

Slide 12

Slide 12 text

Slide 13

Slide 13 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. When there is no SPF 192.0.2.1 203.0.113.1 Env From: [email protected] From: [email protected] Subject: Please transfer money Hi! I'm Taro @ QUALITIA. ・・・・ OK I transfer! Click! × クオリティア Spoofing・Tampering

Slide 14

Slide 14 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. When there is SPF 192.0.2.1 Env From: [email protected] From: [email protected] Subject: Please transfer money AR: spf=pass Hi! I'm Taro @ QUALITIA. ・・・・ qualitia.co.jp txt “v=spf1 ip4:192.0.2.1 –all” Check Source IP using Envelope From ○ OK, This is right. Transfer! クオリティア Spoofing・Tampering

Slide 15

Slide 15 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. When there is SPF 192.0.2.1 203.0.113.1 Env From: [email protected] From: [email protected] Subject: Please transfer money AR: spf=fail Hi! I'm Taro @ QUALITIA. ・・・・ qualitia.co.jp txt “v=spf1 ip4:192.0.2.1 –all” Hmm, it looks fake × クオリティア Spoofing・Tampering

Slide 16

Slide 16 text

Slide 17

Slide 17 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Even if there is SPF 192.0.2.1 203.0.113.1 Env From: [email protected] From: [email protected] Subject: Please transfer money AR: spf=none Hi! I'm Taro @ QUALITIA. ・・・・ qualitia.co.jp txt “v=spf1 ip4:192.0.2.1 –all” クオリティア Spoofing・Tampering OK I transfer! Click! Use badgroup domain

Slide 18

Slide 18 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. OK I transfer! Click! badgroupのSPFで認証 192.0.2.1 203.0.113.1 Env From: [email protected] From: [email protected] Subject: Please transfer money AR: spf=pass Hi! I'm Taro @ QUALITIA. ・・・・ badgroup.example txt “v=spf1 ip4:203.0.113.1 –all” qualitia.co.jp txt “v=spf1 ip4:192.0.2.1 –all” クオリティア Spoofing・Tampering

Slide 19

Slide 19 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. SPF •Verify if the pair of Envelope From and IP Address is correct or not •RFC4408 (2006/04) Source IP = Envelope From = Header From ? Spoofing・Tampering

Slide 20

Slide 20 text

Slide 21

Slide 21 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. When there is no DKIM From: [email protected] Subject: Please transfer money AR: dkim=none Hi! I'm Taro @ QUALITIA. ・・・・クオリティア Spoofing・Tampering OK I transfer! Click!

Slide 22

Slide 22 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. DKIM-Signature: v=1; d=qualitia.co.jp; s=s1; h=From:Subject; b=abcdef・・・・ From: [email protected] Subject: Please transfer money Hi! I'm Taro @ QUALITIA. ・・・・ When there is DKIM Send with signature s1._domainkey.qualitia.co.jp txt “v=dkim1;p=ABCDEF...” Encryption Public Key Private Key hash クオリティア Spoofing・Tampering

Slide 23

Slide 23 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. DKIM-Signature: v=1; d=qualitia.co.jp; s=s1; h=From:Subject; b=abcdef・・・・ From: [email protected] Subject: Please transfer money AR: dkim=pass Hi! I'm Taro @ QUALITIA. ・・・・ When there is DKIM OK, it’s trustable. Transfer, click! s1._domainkey.qualitia.co.jp txt “v=dkim1;p=ABCDEF...” Decryption Public Key Private Key hash ○ クオリティア Spoofing・Tampering

Slide 24

Slide 24 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. DKIM-Signature: v=1; d=qualitia.co.jp; h=From:Subject; b=abcdef・・・・ From: [email protected] Subject: Please transfer money Hi! I'm Taro @ QUALITIA. ・・・・ When there is DKIM Cannot sign without a private key! encryption Private Key hash × クオリティア Spoofing・Tampering

Slide 25

Slide 25 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. DKIM-Signature: v=1; d=qualitia.co.jp; s=s1; h=From:Subject; b=abcdef・・・・ From: [email protected] Subject: Please transfer money to thief Hi! I'm Taro @ QUALITIA. ・・・・ When there is DKIM Tamper the signed message s1._domainkey.qualitia.co.jp txt “v=dkim1;p=ABCDEF...” Public Key Private Key クオリティア Spoofing・Tampering

Slide 26

Slide 26 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. DKIM-Signature: v=1; d=qualitia.co.jp; s=s1; h=From:Subject; b=abcdef・・・・ From: [email protected] Subject: 泥棒にPlease transfer money AR: dkim=fail Hi! I'm Taro @ QUALITIA. ・・・・ When there is DKIM Hmm, this might be tampered? s1._domainkey.qualitia.co.jp txt “v=dkim1;p=ABCDEF...” decryption Public Key Private Key hash × クオリティア Spoofing・Tampering

Slide 27

Slide 27 text

Slide 28

Slide 28 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Even if there is DKIM From: [email protected] Subject: Please transfer money AR: dkim=none Hi! I'm Taro @ QUALITIA. ・・・・ Ok, Transfer! Click! s1._domainkey.qualitia.co.jp txt “v=dkim1;p=ABCDEF...” Private Key Same as when there is not DKIM クオリティア Spoofing・Tampering Send without signature

Slide 29

Slide 29 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. By Any Chance？ From: [email protected] Subject: Please transfer money AR: dkim=none Hi! I'm Taro @ QUALITIA. ・・・・ Ehh? QUALITIA usually sign DKIM signature, right? s1._domainkey.qualitia.co.jp txt “v=dkim1;p=ABCDEF...” Private Key クオリティア Spoofing・Tampering Same as when there is not DKIM

Slide 30

Slide 30 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. DKIM-Signature: v=1; d=badgroup.example; s=aku; h=From:Subject; b=abcdef・・・・ From: [email protected] Subject: Please transfer money Hi! I'm Taro @ QUALITIA. ・・・・ Even if there is DKIM Sign as badgroup! aku._domainkey.badgroup.example txt “v=dkim1;p=ABCDEF...” encryption Private Key of badgroup Private Key hash クオリティア Spoofing・Tampering

Slide 31

Slide 31 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. DKIM-Signature: v=1; d=badgroup.example; s=aku; h=From:Subject; b=abcdef・・・・ From: [email protected] Subject: Please transfer money AR: dkim=pass Hi! I'm Taro @ QUALITIA. ・・・・ Even if there is DKIM Ok, transfer! decryption badgroupの Public Key Private Key hash ○ aku._domainkey.badgroup.example txt “v=dkim1;p=ABCDEF...” badgroupの Private Key クオリティア Spoofing・Tampering

Slide 32

Slide 32 text

Slide 33

Slide 33 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Problem of SPF, DKIM •SPF: Even if the third party spoofed the Envelope From, still spf will be a “pass” •DKIM: Even if the third party signed,still dkim will be a “pass” Spoofing・Tampering

Slide 34

Slide 34 text

Slide 35

Slide 35 text

Slide 36

Slide 36 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. SPF for badgroup (dmarc p=none) 192.0.2.1 203.0.113.1 Env From: [email protected] From: [email protected] Subject: Please transfer money AR: spf=pass, dmarc=Fail Hi! I'm Taro @ QUALITIA. ・・・・ badgroup.example txt “v=spf1 ip4:203.0.113.1 –all” _dmarc.qualitia.co.jp txt “v=DMARC1; p=none” Oh, dmarc is fail. × クオリティア Spoofing・Tampering

Slide 37

Slide 37 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. SPF for badgroup (dmarc p=reject) 192.0.2.1 203.0.113.1 Env From: [email protected] From: [email protected] Subject: Please transfer money AR: spf=pass, dmarc=Fail Hi! I'm Taro @ QUALITIA. ・・・・ badgroup.example txt “v=spf1 ip4:203.0.113.1 –all” × Reject! _dmarc.qualitia.co.jp txt “v=DMARC1; p=reject” × クオリティア Spoofing・Tampering

Slide 38

Slide 38 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. DKIM-Signature: v=1; d=badgroup.example; s=aku; h=From:Subject; b=abcdef・・・・ From: [email protected] Subject: Please transfer money AR: dkim=pass, dmarc=fail Hi! I'm Taro @ QUALITIA. ・・・・ DKIM signature for badgroup Public Key of badgroup aku._domainkey.badgroup.example txt “v=dkim1;p=ABCDEF...” Private Key of badgroup × _dmarc.qualitia.co.jp txt “v=DMARC1; p=reject” ×Reject! クオリティア Spoofing・Tampering

Slide 39

Slide 39 text

Slide 40

Slide 40 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. DKIM-Signature: v=1; d=qualitia.co.jp; s=s1; h=From:Subject; b=abcdef・・・・ From: [email protected] Subject: [○○ML:1234] Hi! All AR: dkim=fail Hi! Long time no see! ・・・・ DKIM + Mailing List Hmm, can I trust? s1._domainkey.qualitia.co.jp txt “v=dkim1;p=ABCDEF...” decryption Public Key Private Key hash × クオリティア Spoofing・Tampering

Slide 41

Slide 41 text

Slide 42

Slide 42 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. ARCがあれば Ok, arc=pass Private Key クオリティア Mailing List Server ml.example.jp ARC-Seal: i=1; cv=none; d=ml.example.jp;... ARC-Message-Signature: i=1; d=ml.example.jp; h=from:subject:dkim-signature:... ARC-Authentication-Result: i=1; ml.example.jp; dkim=pass; spf=pass; dmarc=pass DKIM-Signature: v=1; d=qualitia.co.jp; b=abcdef・・・・ From: [email protected] Subject: [○○ML:1234] Hi! All AR: dkim=fail, arc=pass Hi! Long time no see! ・・・・ Spoofing・Tampering

Slide 43

Slide 43 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. ARC •The Authenticated Received Chain Protocol •RFC8617 (2019年7月) •Mailing List Server will write ARC signature with sequence number, if DKIM=pass, ARC=pass when it received. Spoofing・Tampering

Slide 44

Slide 44 text

Slide 45

Slide 45 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Recent DKIM Circumstances •RFC8301: Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM) (Jan. 2018) ・Both signer and verifier MUST use rsa-sha256 ・Both MUST NOT use rsa-sha1 ・Sign: 1024bit～(MUST)、2048bit～(SHOULD) ・Verify: 1024bit～4096bit(MUST) ※ But 2048bit is longer than the size 255bytes which DNS can handle Spoofing・Tampering

Slide 46

Slide 46 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Recent DKIM Circumstances •RFC8463: A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM) (Sep. 2018) ・Signer SHOULD implement this ・Verifier MUST implement this ・Write two signatures, Ed25519-SHA256 and RSA-SHA256(1024bit～) for backward compatibility Use Ed25519-SHA256 BASE64 encoded size is just 44 bytes, so this can be fit into DNS Spoofing・Tampering

Slide 47

Slide 47 text

Slide 48

Slide 48 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Operation for DKIM •Follow the latest cryptography •Key rotation Too much hassle!!! We are creating a service to DKIM-sign automatically! Coming Soon! 注目 Spoofing・Tampering

Slide 49

Slide 49 text

Slide 50

Slide 50 text

Slide 51

Slide 51 text

Slide 52

Slide 52 text

Slide 53

Slide 53 text

Slide 54

Slide 54 text

Slide 55

Slide 55 text

Slide 56

Slide 56 text

Slide 57

Slide 57 text

Slide 58

Slide 58 text

Slide 59

Slide 59 text

Slide 60

Slide 60 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. OP25B •If you passed the ID/Password authentication on SMTP(Port 587 ), you can send email. •ISP blocks Port 25 from customer. Mail Server Hijacking・Springboard

Slide 61

Slide 61 text

Slide 62

Slide 62 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Multi Factor Authentication If the multiple combinations of authentication, such as SMTP AUTH, device auth, biometric auth, are passed, you can send an email. Mail Server Device auth + Face auth OK Hijacking・Springboard

Slide 63

Slide 63 text

Slide 64

Slide 64 text

Slide 65

Slide 65 text

Slide 66

Slide 66 text

Slide 67

Slide 67 text

Slide 68

Slide 68 text

Slide 69

Slide 69 text

Slide 70

Slide 70 text

Slide 71

Slide 71 text

Slide 72

Slide 72 text

Slide 73

Slide 73 text

Slide 74

Slide 74 text

Slide 75

Slide 75 text

Slide 76

Slide 76 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Unsupported STARTTLS クオリティア Mail Server Mail Server2 Eavesdropping Tampering If the server or client does not support STARTTLS, the client will send emails by plain text opportunistically. Mail Server1 Eavesdroppin

Slide 77

Slide 77 text

Slide 78

Slide 78 text

Slide 79

Slide 79 text

Slide 80

Slide 80 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. When there is MTA-STS クオリティア Mail Server Mail Server Client does not send, if encryption is not supported _mta-sts.qualitia.co.jp. IN TXT "v=STSv1; id=20191114123000Z;" version: STSv1 mode: enforce mx: mx1.qualitia.co.jp max_age: 1296000 https://mta-sts.qualitia.co.jp/.well-known/mta-sts.txt ＝Not Stealed Eavesdroppin Policy

Slide 81

Slide 81 text

Slide 82

Slide 82 text

Slide 83

Slide 83 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. When there is TLS-RPT クオリティア Mail Server Mail Server Send a report, if the encryption is not supported RFC8460 (Sep. 2018) _mta-sts.qualitia.co.jp. IN TXT "v=STSv1; id=20191114123000Z;" version: STSv1 mode: enforce mx: mx1.qualitia.co.jp max_age: 1296000 https://mta-sts.qualitia.co.jp/.well-known/mta-sts.txt _smtp._tls.qualitia.co.jp. IN TXT "v=TLSRPTv1;rua=mailto:[email protected]" Eavesdroppin

Slide 84

Slide 84 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Be careful！クオリティア Mail Server Mail Server _mta-sts.qualitia.co.jp. IN TXT "v=STSv1; id=20191114123000Z;" version: STSv1 mode: enforce mx: mx1.qualitia.co.jp max_age: 1296000 https://mta-sts.qualitia.co.jp/.well-known/mta-sts.txt _smtp._tls.qualitia.co.jp. IN TXT "v=TLSRPTv1;rua=mailto:[email protected]" Server does not support TLS, so that client cannot send a report encryption Eavesdroppin

Slide 85

Slide 85 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Report Using HTTPS クオリティア Mail Server Mail Server _mta-sts.qualitia.co.jp. IN TXT "v=STSv1; id=20191114123000Z;" version: STSv1 mode: enforce mx: mx1.qualitia.co.jp max_age: 1296000 https://mta-sts.qualitia.co.jp/.well-known/mta-sts.txt _smtp._tls.qualitia.co.jp. IN TXT "v=TLSRPTv1;rua=https://api.qualitia.co.jp/v1/tlsrpt" HTTPS is also available https://api.qualitia.co.jp.jp/v1/tlsrpt POST Eavesdroppin

Slide 86

Slide 86 text

Slide 87

Slide 87 text

Slide 88

Slide 88 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Compromised CA クオリティア Mail Server Mail Server Mail Server ARP BGP ・・・ Certificate Authority (CA) 署名 qualitia.co.jp qualitia.co.jp Sign Compromised CA Everything seems fine for sender Trust Eavesdroppin

Slide 89

Slide 89 text

Slide 90

Slide 90 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. DANE •Do not use Certificate authority(CA) •You can use if you want •Self-signed certificate is available •Use DNSSEC •RFC7672 (Oct. 2015) Eavesdroppin

Slide 91

Slide 91 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. DANE クオリティア Mail Server Mail Server Use DNS Trust chain instead of CA DNSSEC Certificate Authority(CA) No Need ルートDNS DNSSEC Trust Eavesdroppin _25._tcp.mx1.qualitia.co.jp. IN TLSA 3 0 1 2B73BB905F…" mx1.qualitia.co.jp

Slide 92

Slide 92 text

Slide 93

Slide 93 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Operation of MTA-STS, TLS-RPT, DANE •Operating DNSSEC is not easy •We cannot use DNSSEC easily (in Japan) •Do not want to Key-Rotate •Do not want to analyze the report Authoritative DNSSEC Service for Mail User We are now developing! 注目 Eavesdroppin

Slide 94

Slide 94 text

Slide 95

Slide 95 text

Slide 96

Slide 96 text

Slide 97

Slide 97 text

Slide 98

Slide 98 text

Slide 99

Slide 99 text

Slide 100

Slide 100 text

Slide 101

Slide 101 text

Slide 102

Slide 102 text

Slide 103

Slide 103 text

Slide 104

Slide 104 text

Slide 105

Slide 105 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. EMAILを守るための技術 •Spoofing・Tampering •Hijacking・Springboard •Eavesdropping •Spam・Malware・Phishing •Leakage SPF DKIM DMARC ARC BIMI POP before SMTP SMTP AUTH MFA STARTTLS MTA-STS TLS-RPT DANE DNSSEC AntiSPAM AntiVirus SandBox Active! zone Holding Passworded ZIP Web Downloading Active! gate

Slide 106

Slide 106 text

Copyright© QUALITIA CO., LTD. All Rights Reserved. Introduced Products, Services •Web Mail for BIMI •DKIM signing Service •SMTP Bio Auth Product, Service •Authoritative DNSSEC + Mail Setting Service •TLS Report Analysis Service •Virus Checking for Passworded Files Product •Attachment Separation for Mail Missending Prevention βユーザ募集！

Slide 107

Slide 107 text