Posted by: Subreption LLC 10 months, 1 week ago

Barth and Boneh published in 2005 a great academic paper on the privacy concerns found in BCC mail distribution when deploying cryptography solutions such as PGP/GPG. The issue boils down to the fact that most of the time public key material is publicly available (such as in websites and key servers), thus rendering the entire purpose of BCC useless, especially when contacts being mailed have public key material from other BCC recipients in their key rings.

For organizations distributing sensitive information across multiple recipients with complex confidentiality and privacy inter-relationships, the usual (and extremely cumbersome) solution is to create recipient-specific keys or certificates, and carefully selecting these either manually or through mail aliases. Ultimately this approach has several weaknesses and is prone to human error.

From their excerpt:

We show that many widely deployed email encryption systems reveal the identities of Blind- Carbon-Copy (BCC) recipients. For example, encrypted email sent using Microsoft Outlook completely exposes the identity of every BCC recipient. Additionally, several implementations of PGP expose the full name and email address of BCC recipients. In this paper, we present a number of methods for providing BCC privacy while preserving the existing semantics of email.
Our constructions use standard public key systems such as RSA and ElGamal and suggest that BCC privacy can be implemented efficiently without changing the underlying broadcast semantics of the email system.

As of 2011, there's no widely extended "real solution" for the common players in mail encryption (such as GnuPG or the commercial PGP software). As much as Subreption would love to address common problems like these, currently we are hell out of time to allocate a slice of it in our tightly packed schedule. But if you have the funding and/or the time and skillset to roll a practical, easy-to-deploy solution, we would love to hear about it. It's never too late to solve this (niche) problem and increase productivity in organizations depending on secure BCC encrypted mail.

Enjoy the read.

Additional interesting slides:
http://www.cs.utexas.edu/~bwaters/presentations/files/privatebroadcast-fc06.ppt

08.06.2011

The Blue Hat Prize: A late April Fools joke

07.16.2011

Privacy violations in Blind-Carbon-Copy mail

07.05.2011

Mac OS X Lion: Did security mitigations manage to squeeze in?

03.13.2011

Virtual machine series: Lightweight embeddable languages

10.24.2009

Why Linux security has failed (for the past 10 years)

• bluehat (1)
• microsoft (1)
• stunts (1)
• mitigations (3)
• macosx (1)
• pax (1)
• nx (1)
• gpg (1)
• pgp (1)
• vm (1)
• embedded (1)
• linux (3)
• mls (1)
• selinux (1)
• grsecurity (1)
• kernheap (1)