We ended the last post stating that although the content of a message is encrypted, the headers are still in clear text and, as such, it is possible to say that a user A has sent an email message to user B. To break this connection, we can separate the sender and the receiver fields and use a mix network to hide both email trails.
When we send an email, for the protocol itself, the only thing that really matters is the receiver address. With it, the email system is able to identify the MTA that handles the receiver email messages and deliver it. In the end, the sender address is only required for the receiver to know who sent the email (actually it may be used for things like spam filters and so on).
Now, imagine that the SMTP relays act like nodes of a mix network (we are not going to enter in details of how mixed networks work, for that, we point the reader to the Wikipedia post at http://bit.ly/1XOI9db). To be able to send an email message through a mix network, we would have to create an envelope for the message that is capable of identifying the path to transverse the mix network.
The email message itself would also have to be a little different, being composed by:
- A normal email header that only identifies the receiver
- An encrypted body (PGP or S/MIME) that is the actual email message and contains:
- Header information (sender and receiver)
- Body of the message
This message is then enveloped like any other mix network packet. The envelope would look something like this:
Km(R1, Kb(R0, M),B)
Where:
- Km: the key for the mix node;
- R1: random value;
- Kb: the next hop key;
- R0: random value;
- M: email message;
- B: the next hop address.
Note that this is just an example; it is possible to create envelopes that contain several nodes of the mix network.
The sender then would send the enveloped message to the first node in the mix (the entry node). It would then transverse the network until it reached the exit node. Once there, M would be delivered to the receiver SMTP server.
Email relay through mix networks
M, is then treated like a normal email message; being delivered to the receiver email queue. When the receiver retrieves the message and decrypts it using is private key, it obtains a complete email message containing the sender address.
So how does this evade the metadata problem? Well, if someone is observing the communication between A and B, it would only see that the MTA of A as sent a message to an entry node, without a receiver address. In the same way, it would only be possible to say that the SMTP server of B received a message from an exit node and, since the full header is encrypted and only the receiver can decrypt it, it would only be possible to prove that A sent a message to B if the private key of B is compromised.
In this three part post we have addressed the main issue that exist in the current email protocols. There have been several tries during the last years to create email services that offer end-to-end encryption and more secure routing protocols (the last one is ProtonMail: http://bit.ly/1gXt15N ), however for some reason; none of them was able to endure.
As email use raises so will the interest in monitor more and more email messages. So how do you feel about your email privacy?
0 comentários :
Post a Comment