Cache Side-Channel Attack on Mail User Agent

Hodong Kim, Hyundo Yoon, Youngjoo Shin, Junbeom Hur

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

MUA (Mail User Agent) programs support email encryption functionality for providing confidentiality of the email contents. They encrypt email contents using email encryption standards such as OpenPGP or S/MIME, mostly implemented by GnuPG, or GPG in practice. In order to understand security implication of the structures and analyze any possible vulnerabilities of MUA programs, in this paper, we investigated practical MUAs supporting e-mail encryption. As a result, we found severe vulnerabilities in a list of MUAs that allow cache side-channel attacks in virtualized desktop environments. Our analysis reveals that the root cause originates from the lack of verification and control over third-party cryptographic libraries they adopt. In order to substantiate the importance of the vulnerability we found, we delivered FLUSH+RELOAD attack on those MUA programs and demonstrated that the attack restores 92% of the RSA private keys when recipients read a single encrypted email.

Original languageEnglish
Title of host publication34th International Conference on Information Networking, ICOIN 2020
PublisherIEEE Computer Society
Pages236-238
Number of pages3
ISBN (Electronic)9781728141985
DOIs
Publication statusPublished - 2020 Jan
Event34th International Conference on Information Networking, ICOIN 2020 - Barcelona, Spain
Duration: 2020 Jan 72020 Jan 10

Publication series

NameInternational Conference on Information Networking
Volume2020-January
ISSN (Print)1976-7684

Conference

Conference34th International Conference on Information Networking, ICOIN 2020
Country/TerritorySpain
CityBarcelona
Period20/1/720/1/10

Bibliographical note

Funding Information:
ACKNOWLEDGMENT This work was supported by Institute of Information communications Technology Planning Evaluation (IITP) grant funded by the Korea government(MSIT) (No.2019-0-00533, Research on CPU vulnerability detection and validation)

Publisher Copyright:
© 2020 IEEE.

Keywords

  • Cache side-channel attack
  • SW vulnerability
  • mail user agent

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Fingerprint

Dive into the research topics of 'Cache Side-Channel Attack on Mail User Agent'. Together they form a unique fingerprint.

Cite this