CISPA
Browse
cispa_all_1428.pdf (535.4 kB)

Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure

Download (535.4 kB)
conference contribution
posted on 2023-11-29, 18:08 authored by Patrick Speicher, Marcel Steinmetz, Robert KünnemannRobert Künnemann, Milivoj Simeonovski, Giancarlo PellegrinoGiancarlo Pellegrino, Jörg Hoffmann, Michael BackesMichael Backes
Security in the Internet has historically been added post-hoc, leaving services like email, which, after all, is used by 3.7 billion users, vulnerable to large-scale surveillance. For email alone, there is a multitude of proposals to mitigate known vulnerabilities, ranging from the introduction of completely new protocols to modifications of the communication paths used by big providers. Deciding which measures to deploy requires a deep understanding of the induced benefits, the cost and the resulting effects. This paper proposes the first automated methodology for making formal deployment assessments. Our planning algorithm analyses the impact and cost-efficiency of different known mitigation strategies against an attacker in a formal threat model. This novel formalisation of an infrastructure attacker includes routing, name resolution and application level weaknesses. We apply the methodology to a large-scale scan of the Internet, and assess how protocols like IPsec, DNSSEC, DANE, SMTP STS, SMTP over TLS and other mitigation techniques like server relocation can be combined to improve the confidentiality of email users in 45 combinations of attacker and defender countries and nine cost scenarios. This is the first deployment analysis for mitigation techniques at this scale.

History

Preferred Citation

Patrick Speicher, Marcel Steinmetz, Robert Künnemann, Milivoj Simeonovski, Giancarlo Pellegrino, Jörg Hoffmann and Michael Backes. Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure. In: IEEE European Symposium on Security and Privacy (EuroS&P). 2018.

Primary Research Area

  • Algorithmic Foundations and Cryptography

Name of Conference

IEEE European Symposium on Security and Privacy (EuroS&P)

Legacy Posted Date

2018-02-14

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_1428, title = "Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure", author = "Speicher, Patrick and Steinmetz, Marcel and Künnemann, Robert and Simeonovski, Milivoj and Pellegrino, Giancarlo and Hoffmann, Jörg and Backes, Michael", booktitle="{IEEE European Symposium on Security and Privacy (EuroS&P)}", year="2018", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC