all InfoSec news
Preventing EFail Attacks with Client-Side WebAssembly: The Case of Swiss Post's IncaMail. (arXiv:2306.13388v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Traditional email encryption schemes are vulnerable to EFail attacks, which
exploit the lack of message authentication by manipulating ciphertexts and
exfiltrating plaintext via HTML backchannels. Swiss Post's IncaMail, a secure
email service for transmitting legally binding, encrypted, and verifiable
emails, counters EFail attacks using an authenticated-encryption with
associated data (AEAD) encryption scheme to ensure message privacy and
authentication between servers. IncaMail relies on a trusted infrastructure
backend and encrypts messages per user policy. This paper presents a revised
IncaMail architecture …
attacks authentication case client client-side email emails encrypted encryption exploit html message plaintext secure email service vulnerable webassembly