如何滥用SMTP over TLS:电子邮件服务器通信的安全性研究

2015 IEEE Trustcom/BigDataSE/ISPA Pub Date : 2015-08-20 DOI:10.1109/Trustcom.2015.386

Lars Baumgärtner, Jonas Höchst, M. Leinweber, Bernd Freisleben

{"title":"如何滥用SMTP over TLS:电子邮件服务器通信的安全性研究","authors":"Lars Baumgärtner, Jonas Höchst, M. Leinweber, Bernd Freisleben","doi":"10.1109/Trustcom.2015.386","DOIUrl":null,"url":null,"abstract":"Electronic mail is one of the oldest and widely used services in the Internet. In this paper, an empirical study of the security properties of email server communication within the German IP address space range is presented. Instead of investigating end-user security or end-to-end encryption, we focus on the connections between SMTP servers relying on transport layer security. We analyze the involved ciphers suites, the certificates used and certificate authorities, and the behavior of email providers when communicating with improperly secured email servers. Conclusions drawn from this analysis lead to several recommendations to mitigate the security issues currently present in the email system as it is deployed in the Internet.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"How to Misuse SMTP over TLS: A Study of the (In) Security of Email Server Communication\",\"authors\":\"Lars Baumgärtner, Jonas Höchst, M. Leinweber, Bernd Freisleben\",\"doi\":\"10.1109/Trustcom.2015.386\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Electronic mail is one of the oldest and widely used services in the Internet. In this paper, an empirical study of the security properties of email server communication within the German IP address space range is presented. Instead of investigating end-user security or end-to-end encryption, we focus on the connections between SMTP servers relying on transport layer security. We analyze the involved ciphers suites, the certificates used and certificate authorities, and the behavior of email providers when communicating with improperly secured email servers. Conclusions drawn from this analysis lead to several recommendations to mitigate the security issues currently present in the email system as it is deployed in the Internet.\",\"PeriodicalId\":277092,\"journal\":{\"name\":\"2015 IEEE Trustcom/BigDataSE/ISPA\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-08-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE Trustcom/BigDataSE/ISPA\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/Trustcom.2015.386\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE Trustcom/BigDataSE/ISPA","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/Trustcom.2015.386","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

电子邮件是互联网上最古老和最广泛使用的服务之一。本文对德国IP地址空间范围内电子邮件服务器通信的安全特性进行了实证研究。我们没有研究终端用户的安全性或端到端加密，而是关注依赖于传输层安全性的SMTP服务器之间的连接。我们分析了所涉及的密码套件、使用的证书和证书颁发机构，以及电子邮件提供商在与不适当保护的电子邮件服务器通信时的行为。从这个分析中得出的结论导致了一些建议，以减轻目前在互联网上部署的电子邮件系统中存在的安全问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

How to Misuse SMTP over TLS: A Study of the (In) Security of Email Server Communication

Electronic mail is one of the oldest and widely used services in the Internet. In this paper, an empirical study of the security properties of email server communication within the German IP address space range is presented. Instead of investigating end-user security or end-to-end encryption, we focus on the connections between SMTP servers relying on transport layer security. We analyze the involved ciphers suites, the certificates used and certificate authorities, and the behavior of email providers when communicating with improperly secured email servers. Conclusions drawn from this analysis lead to several recommendations to mitigate the security issues currently present in the email system as it is deployed in the Internet.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 IEEE Trustcom/BigDataSE/ISPA

自引率

0.00%

发文量