Lars Baumgärtner, Jonas Höchst, M. Leinweber, Bernd Freisleben
{"title":"如何滥用SMTP over TLS:电子邮件服务器通信的安全性研究","authors":"Lars Baumgärtner, Jonas Höchst, M. Leinweber, Bernd Freisleben","doi":"10.1109/Trustcom.2015.386","DOIUrl":null,"url":null,"abstract":"Electronic mail is one of the oldest and widely used services in the Internet. In this paper, an empirical study of the security properties of email server communication within the German IP address space range is presented. Instead of investigating end-user security or end-to-end encryption, we focus on the connections between SMTP servers relying on transport layer security. We analyze the involved ciphers suites, the certificates used and certificate authorities, and the behavior of email providers when communicating with improperly secured email servers. Conclusions drawn from this analysis lead to several recommendations to mitigate the security issues currently present in the email system as it is deployed in the Internet.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"How to Misuse SMTP over TLS: A Study of the (In) Security of Email Server Communication\",\"authors\":\"Lars Baumgärtner, Jonas Höchst, M. Leinweber, Bernd Freisleben\",\"doi\":\"10.1109/Trustcom.2015.386\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Electronic mail is one of the oldest and widely used services in the Internet. In this paper, an empirical study of the security properties of email server communication within the German IP address space range is presented. Instead of investigating end-user security or end-to-end encryption, we focus on the connections between SMTP servers relying on transport layer security. We analyze the involved ciphers suites, the certificates used and certificate authorities, and the behavior of email providers when communicating with improperly secured email servers. Conclusions drawn from this analysis lead to several recommendations to mitigate the security issues currently present in the email system as it is deployed in the Internet.\",\"PeriodicalId\":277092,\"journal\":{\"name\":\"2015 IEEE Trustcom/BigDataSE/ISPA\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-08-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE Trustcom/BigDataSE/ISPA\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/Trustcom.2015.386\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE Trustcom/BigDataSE/ISPA","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/Trustcom.2015.386","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
How to Misuse SMTP over TLS: A Study of the (In) Security of Email Server Communication
Electronic mail is one of the oldest and widely used services in the Internet. In this paper, an empirical study of the security properties of email server communication within the German IP address space range is presented. Instead of investigating end-user security or end-to-end encryption, we focus on the connections between SMTP servers relying on transport layer security. We analyze the involved ciphers suites, the certificates used and certificate authorities, and the behavior of email providers when communicating with improperly secured email servers. Conclusions drawn from this analysis lead to several recommendations to mitigate the security issues currently present in the email system as it is deployed in the Internet.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
