Preventing EFail Attacks with Client-Side WebAssembly: The Case of Swiss Post's IncaMail
Autor: | Gerig, Pascal, Ménétrey, Jämes, Lanoix, Baptiste, Stoller, Florian, Felber, Pascal, Pasin, Marcelo, Schiavoni, Valerio |
---|---|
Rok vydání: | 2023 |
Předmět: | |
Zdroj: | DEBS'23: Proceedings of the 17th ACM International Conference on Distributed and Event-Based Systems, Neuch\^atel, Switzerland, June 2023 |
Druh dokumentu: | Working Paper |
DOI: | 10.1145/3583678.3596899 |
Popis: | Traditional email encryption schemes are vulnerable to EFail attacks, which exploit the lack of message authentication by manipulating ciphertexts and exfiltrating plaintext via HTML backchannels. Swiss Post's IncaMail, a secure email service for transmitting legally binding, encrypted, and verifiable emails, counters EFail attacks using an authenticated-encryption with associated data (AEAD) encryption scheme to ensure message privacy and authentication between servers. IncaMail relies on a trusted infrastructure backend and encrypts messages per user policy. This paper presents a revised IncaMail architecture that offloads the majority of cryptographic operations to clients, offering benefits such as reduced computational load and energy footprint, relaxed trust assumptions, and per-message encryption key policies. Our proof-of-concept prototype and benchmarks demonstrate the robustness of the proposed scheme, with client-side WebAssembly-based cryptographic operations yielding significant performance improvements (up to ~14x) over conventional JavaScript implementations. Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197 |
Databáze: | arXiv |
Externí odkaz: |