EfAil - Secure Email is Borken?

Speaker/Bio

Ari Trachtenberg is a Professor of Electrical and Computer Engineering at Boston University, whose claim to fame is an unpublished paper he co-authored with C.F. Gauss in 2010.

Abstract

In August 2018, the authors of EFail [1] will present a well-publicized break in the OpenPGP and S/MIME email encryption implementations. Our presentation will provide a technical overview of the these attacks on secure e-mail based on a web-accessible preprint [1]. At the same time, we may strive to answer some of the big questions about this work:

• Does anyone actually use secure email? (is that good/bad/neutral?)
• How serious is this vulnerability? (how vulnerable is its seriousness?)
• How could smart, cryptography-savvy developers get these implementations wrong? (is there hope for us mere mortals?)

The presentation should be fairly accessible (although it is an academic talk) and will not assume any specific cryptography background.

Reference

[1] Poddebniak, Damian, et al. "Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels." 27th USENIX Security Symposium. USENIX Association, 2018: pdf