View
536
Download
1
Category
Tags:
Preview:
DESCRIPTION
This article is a survey of free cloud email services. It lists services by their affiliation with the NSA, their support for HTTPS, their support for SSL ephemeral mode, and the physical location of their servers.
Citation preview
PRISM Proof Cloud Email Services
IntroductionCloud email services use SSL certificates to encrypt the conversation between your browser and the HTTP server, this encrypted traffic is called HTTPS. Most HTTPS certificates allow for a master key to decrypt the encrypted traffic, however this is not true for certificates which use a temporary session key which is individual for each user. This is known as SSL ephemeral mode.
This article is a survey of free cloud email services. It lists services by their affiliation with the NSA, their support for HTTPS, their support for SSL ephemeral mode, and the physical location of their servers. By carefully choosing a cloud email service, users can be confident that their traffic is not entering the network of the United States. Additionally if their traffic did enter the United States, the SSL certificate of the cloud service they select supports ephemeral mode which prevents the NSA from gaining a master key to decrypt network traffic.
Lists of free cloud email serviceshttp://ubuntuforums.org/showthread.php?t=2125732http://email.about.com/od/freeemailreviews/tp/free_email.htmhttp://capturedbloggingtips.com/2013/03/6bestalternativestogmail/
https://en.wikipedia.org/wiki/Comparison_of_webmail_providershttp://prismbreak.org/#emailservices
Individual cloud email services that support HTTPShttps://www.gmx.comhttps://www.hushmail.com/https://mail.google.com/https://www.zoho.com/mail/https://mail.aol.comhttps://www.icloud.com/https://www.outlook.com/owahttps://mail.live.comhttps://mail.yahoo.com/https://www.mail.com/int/https://shortmail.com/https://www.inbox.com/https://lavabit.com/https://www.fastmail.fm/https://mail.yandex.com/https://www.mail.lycos.com/https://www.nokiamail.com/https://www.rediff.com/https://mail.riseup.net/https://www.contactoffice.com/https://webmail.xmission.comhttps://ojooo.com/https://mail.opera.com/
Private key disclosed to law enforcement (PRISM/FBI etc)https://mail.google.com/https://mail.aol.comhttps://www.icloud.com/https://www.outlook.com/owahttps://mail.live.comhttps://mail.yahoo.com/https://www.hushmail.com/
Private key not disclosed to USA law enforcement (this list is used for the remainingtests)https://www.gmx.comhttps://www.zoho.com/mail/https://www.mail.com/int/https://shortmail.com/
https://lavabit.com/https://www.inbox.com/https://www.fastmail.fm/https://mail.yandex.com/https://www.mail.lycos.com/https://www.nokiamail.com/https://www.rediff.com/https://mail.riseup.net/https://www.contactoffice.com/https://webmail.xmission.comhttps://ojooo.com/https://mail.opera.com/
Domains that use Ephemeral DiffieHellman key exchange on HTTPSwww.gmx.com DHE_RSAwww.mail.com DHE_RSAshortmail.com DHE_RSAlavabit.com DHE_RSAwww.mail.lycos.com DHE_RSAmail.riseup.net DHE_RSAwww.contactoffice.com DHE_RSAwebmail.xmission.com DHE_RSAojooo.com DHE_RSA
Domains that use Ephemeral DiffieHellman key exchange on POP3:995pop3.inbox.com DHERSAAES256SHApop3.ojooo.com DHERSAAES256SHApop.contactoffice.com EDHRSADESCBC3SHA
Domains that use Ephemeral DiffieHellman key exchange on IMAP:993imap.inbox.com DHERSAAES256SHAimap.ojooo.com DHERSAAES256SHAimap.opera.com DHERSAAES256SHAimap.contactoffice.com EDHRSADESCBC3SHA
Domains that use Ephemeral DiffieHellman key exchange on SMTP:465smtp.inbox.com DHERSAAES256SHAsmtp.riseup.net DHERSAAES256SHAsmtp.xmission.com DHERSAAES256SHAsmtp.ojooo.com DHERSAAES256SHAsmtp.opera.com DHERSAAES256SHA
Domains with POP3 but no POP3 encryptionpop.rediffmail.com:110
Domains with IMAP but no IMAP encryptionimap.rediffmail.com:143
Domains with SMTP but no SMTP encryptionsmtp.rediffmail.com:587
Company geographic locationwww.gmx.com Germanywww.mail.com Germanyshortmail.com United Stateslavabit.com United Stateswww.mail.lycos.com United Statesmail.riseup.net United Stateswww.contactoffice.com Franceinbox.com United Stateswebmail.xmission.com United Statesojooo.com Germanymail.opera.com Norway
Server geographic locationDNS domain to ip address resolution and round robin:This is where things start to get a bit more complicated. By looking up the DNS records for a domain you will find that some organisations have servers located across several countries to get better speeds. By looking up the DNS records for gmx.com you will see that gmx have domains registered for different geographies such as gmx.net, gmx.at, gmx.ch, gmx.co.uk, gmx.es, gmx.fr and gmx.com all of which can resolve to multiple ip addresses for requests to the same domain. By visiting the following web page you can do a quick lookup to list the ip addresses for the domain but beware as the addresses listed are not always the ones accesses by your browser. http://who.is/dns/gmx.com
Try running the following command to download the dns records:dig +nocmd gmx.com any +multiline +noall +answerYou may also notice that by pinging mail.gmx.com several times you will get a different ip address in the response every time. This is due to the DNS server responding with a single ip from a list of ip addresses using the round robin algorithm for load balancing.ping mail.gmx.com > 212.227.17.184ping mail.gmx.com > 212.227.17.174ping mail.gmx.com > 212.227.17.184
URL redirects and CrossDomainSingleSignOn (CDSSO):In some cases you may log into a domain such as gmx.co.uk by entering your credendials but you will be redirected to gmx.fr. If the cookie is sent to your browser from the co.uk domain and the fr domain requests the cookie from the first domain then your browser will block the second domain from reading the cookies as it violates the crossdomain policy. By using CrossDomainSingleSignOn web applications are able to authenticate across several domains allowing the user to log in only once. For the purposes of knowing where your data is being stored in the cloud, the best guess you can make is to assume it is coming from the final domain you have been redirected to.
Email portsThe POP3 port for inbound emails is 110 or port 995 if you want to use secured POP3. The IMAP port for inbound emails is 143 or port 993 if you want to use secured IMAP. The SMTP port for outbound emails is 25/2525/587 or 465 if you want to use secured SMTP. If your cloud mail server allows connections over nonsecure ports and your traffic is crossing american cyberspace then emails received on ports 110, 143, 24 and 2525 can be captured by the NSA as the traffic is not encrypted between one mailserver and other (Alice > [https] > gmail.com > [plaintext] > gmx.co.uk > [https] > Bob). An interesting project would be to survey how different mail servers interact when exchanging mail documents, do they always attempt to use SSL and downgrade if it is not available or do they have to be forced to use it? If mail servers use SSL by default when available then the communication would be secure between the web interfaces and also between the mail servers (Alice > [https] > gmail.com > [ciphertext] > gmx.co.uk > [https] > Bob).
Compare the certificate types of https/pop3/imap/smtp using the following bash shell script:#!/bin/bash
list="www.gmx.co.uk:443pop.gmx.co.uk:995imap.gmx.co.uk:993smtp.gmx.co.uk:465www.zoho.com:443pop.zoho.com:995imap.zoho.com:993smtp.zoho.com:465www.mail.com:443pop.mail.com:995imap.mail.com:993smtp.mail.com:465www.shortmail.com:443imap.shortmail.com:993smtp.shortmail.com:465www.lavabit.com:443
pop.lavabit.com:995imap.lavabit.com:993smtp.lavabit.com:465www.inbox.com:443pop3.inbox.com:995imap.inbox.com:993smtp.inbox.com:465fastmail.fm:443mail.messagingengine.com:587mail.yandex.com:443pop.yandex.com:995imap.yandex.com:993smtp.yandex.com:465www.lycos.com:443pop.lycos.com:995imap.lycos.com:993smtp.lycos.com:465www.nokiamail.com:443nokia.pop.mail.yahoo.com:995nokia.imap.mail.yahoo.com:993nokia.smtp.mail.yahoo.com:465www.rediff.com:443www.riseup.net:443pop.riseup.net:995imap.riseup.net:993smtp.riseup.net:465www.contactoffice.com:443pop.contactoffice.com:995imap.contactoffice.com:993webmail.xmission.com:443pop3.xmission.com:995imap.xmission.com:993smtp.xmission.com:465ojooo.com:443pop3.ojooo.com:995imap.ojooo.com:993smtp.ojooo.com:465mail.opera.com:443pop3.operamail.com:995imap.opera.com:993smtp.opera.com:465"
for i in $list;
doecho ne "$i:\t"echo "EOF" | openssl s_client crlf connect $i 2>1 | grep o "Cipher is[^>]*"done
Additionally to check if a port is open try the following commands (type “quit[enter]” to exit telnet):telnet pop.gmx.co.uk 110nmap T5 p 110 pop.gmx.co.uk
By determining if the ports are open you can assume the service is running on the port, however this is not always the case. Also be aware that some servers block port scanning. Try the following bash shell script to use nmap to test if ports are open on the cloud servers:
#!/bin/bash
http="www.zoho.comwww.mail.comwww.shortmail.comwww.lavabit.comwww.inbox.comfastmail.fmmail.yandex.comwww.lycos.comwww.nokiamail.comwww.rediff.comwww.riseup.netwww.contactoffice.comwebmail.xmission.comojooo.commail.opera.com"
pop="pop.gmx.co.ukpop.zoho.compop.mail.compop.lavabit.compop3.inbox.compop.yandex.compop.lycos.comnokia.pop.mail.yahoo.compop.riseup.netpop.contactoffice.compop3.xmission.compop3.ojooo.compop3.operamail.com"
imap="imap.gmx.co.ukimap.zoho.comimap.mail.comimap.shortmail.comimap.lavabit.comimap.inbox.comimap.yandex.comimap.lycos.comnokia.imap.mail.yahoo.comimap.riseup.netimap.contactoffice.comimap.xmission.comimap.ojooo.comimap.opera.com"
smtp="smtp.gmx.co.uksmtp.zoho.comsmtp.mail.comsmtp.shortmail.comsmtp.lavabit.comsmtp.inbox.comsmtp.yandex.comsmtp.lycos.comnokia.smtp.mail.yahoo.comsmtp.riseup.netimap.xmission.comsmtp.ojooo.comsmtp.opera.com"
#http pop imap smtpfor i in $http;doecho e "\n$i:"nmap T5 p 80,443 $i | egrep "http$|https$"done
for i in $pop;doecho e "\n$i:"nmap T5 p 110,995 $i | egrep "pop$|pops$|pop3$|pop3s$"done
for i in $imap;doecho e "\n$i:"nmap T5 p 143,993 $i | egrep "imap$|imaps$"done
for i in $smtp;doecho e "\n$i:"nmap T5 p 25,2525,587,465 $i | egrep "smtp$|smtp$"done
Final noteEnsure your browser is using the “HTTPS everywhere” extension when browsing these domains. If you bookmark a cloud email service, be sure that you are using the absolute ip address of the server to lock its geographic location. So for example, bookmarking www.gmx.com which could bring you to the servers in the USA or Germany, instead bookmark https://213.165.64.202/ which is the German ip address as opposed to bookmarking https://74.208.5.85 which is the ip address for the US server. A useful extension for geolocation of servers is “Flagfox” which attempts to perform geolocation of the server currently delivering the content for the web page.
ConclusionIt should be noted that no single cloud service provides SSL certificates in Ephemeral mode for all their services (HTTPS/POP/IMAP). Additionally out of the 20 service surveyed that provide HTTPS there are only 3 that are not based in the United States. It was possible to shortlist the top 3 services to bronze, silver and gold based on the results of this brief survey.
Winners:#1 ojooo.com (DHE_RSA on https/pop3/imap/smtp, and they’re base in Germany)#2 contactoffice.com (DHE_RSA on https/pop3/imap, and theyre based in France)#3 inbox.com (DHE_RSA on pop3/imap/smtp)
Worst security award:#1 rediffmail.com (no security implemented on any protocol)
Normally if the traffic happens to pass through american telecommunications networks the NSA will tap into the fibreoptic systems in the network backbone of the country and record all the traffic in their Utah data centre and will keep it for up to 5 years in cold storage on hard drives before discarding it. An famous case of the NSA tapping major network backbone is the fibreoptic tap in “Room 641A” when the NSA split the fibre optic communications cable in AT&T’s communications station.
By choosing a mail service that uses a different encryption key for every network
communication, your traffic will be secured against the NSA from taking your traffic out of coldstorage and decrypting it using the compromised master keys used to generate the SSL certificates. These master keys are normally compromised by the NSA simply walking into a corporation and demanding the keys from the owners. However this is not possible with SSL certificates that are operating in Ephemeral mode as a different key is used for every connection and is then discarded immediately. However this technique will not prevent the NSA or other surveillance organization from demanding physical access to the companies servers and simply copying the data off their hard drives.
Future workAn interesting project would be to survey how mail servers interact to exchange messages when a secure communications channel is available. Does Postfix mailserver attempt to use SSL before downgrading to a plaintext alternative. Does Microsoft Exchange server attempt to use SSL before downgrading to a plaintext alternative?
Sources:1. PRISM Accomplices
https://upload.wikimedia.org/wikipedia/commons/c/c7/Prism_slide_5.jpg2. PRISM Network Graph
https://upload.wikimedia.org/wikipedia/commons/0/01/Prism_slide_2.jpg3. Explanation of Ephemeral DiffieHellman key exchange
http://blogs.computerworld.com/encryption/22366/cannsaseethroughencryptedwebpagesmaybeso
4. DH vs. DHE and ECDHE and perfect forward secrecy http://stackoverflow.com/questions/14034508/dhvsdheandecdheandperfectforwardsecrecy
5. Geographic ip mapping tool http://www.geoiptool.com/en/6. HTTPS Everywhere https://www.eff.org/httpseverywhere7. Flagfox https://addons.mozilla.org/enus/firefox/addon/flagfox/8. NSA Utah Data Centre Yottabyte Storage Capacity
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
Last edited: Tuesday, July 16, 2013 at 1:35:15 PM ISTContact hughpearse@gmx.co.uk
Recommended