For over two decades the OpenPGP format has provided the mainstay of email confidentiality and authenticity, and is currently being relied upon to provide authenticated package distributions in open source Unix systems. In this work, we provide the first language theoretical analysis of the OpenPGP format, classifying it as a deterministic context free language and establishing that an automatically generated parser can in principle be defined. However, we show that the number of rules required to describe it with a deterministic context free grammar is prohibitively high, and we identify security vulnerabilities in the OpenPGP format specification. We identify possible attacks aimed at tampering with messages and certificates while retaining their syntactical and semantic validity. We evaluate the effectiveness of these attacks against the two OpenPGP implementations covering the overwhelming majority of uses, i.e., the GNU Privacy Guard (GPG) and Symantec PGP. The results of the evaluation show that both implementations turn out not to be vulnerable due to conservative choices in dealing with malicious input data. Finally, we provide guidelines to improve the OpenPGP specification.

A Security Audit of the OpenPGP Format

A. Barenghi;N. Mainardi;G. Pelosi
2017-01-01

Abstract

For over two decades the OpenPGP format has provided the mainstay of email confidentiality and authenticity, and is currently being relied upon to provide authenticated package distributions in open source Unix systems. In this work, we provide the first language theoretical analysis of the OpenPGP format, classifying it as a deterministic context free language and establishing that an automatically generated parser can in principle be defined. However, we show that the number of rules required to describe it with a deterministic context free grammar is prohibitively high, and we identify security vulnerabilities in the OpenPGP format specification. We identify possible attacks aimed at tampering with messages and certificates while retaining their syntactical and semantic validity. We evaluate the effectiveness of these attacks against the two OpenPGP implementations covering the overwhelming majority of uses, i.e., the GNU Privacy Guard (GPG) and Symantec PGP. The results of the evaluation show that both implementations turn out not to be vulnerable due to conservative choices in dealing with malicious input data. Finally, we provide guidelines to improve the OpenPGP specification.
2017
Proceedings - 14th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2017, 11th International Conference on Frontier of Computer Science and Technology, FCST 2017 and 3rd International Symposium of Creative Computing, ISCC 2017
978-1-5386-0841-8
978-1-5386-0840-1
Computer security, GnuPG, Language-theoretic security, OpenPGP, PGP
File in questo prodotto:
File Dimensione Formato  
PID4810011.pdf

Accesso riservato

Descrizione: main article
: Publisher’s version
Dimensione 262.54 kB
Formato Adobe PDF
262.54 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/1046103
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 1
social impact