{"title":"Cryptanalysis on End-to-End Encryption Schemes of Communication Tools and Its Research Trend","authors":"Takanori Isobe, Ryoma Ito, Kazuhiko Minematsu","doi":"10.2197/ipsjjip.31.523","DOIUrl":null,"url":null,"abstract":"This paper summarizes our cryptanalysis results on real-world End-to-End Encryption (E2EE) schemes published in recent years. Our targets are LINE (a major messaging application), SFrame (an E2EE protocol adopted by major video/audio applications), and Zoom (a major video communication application). For LINE, we show several attacks against the message integrity of Letter Sealing, the E2EE protocol of LINE, that allow forgery and impersonation. For SFrame, we reveal a critical issue that leads to an impersonation (forgery) attack by a malicious group member with a practical complexity. For Zoom, we discover several attacks more powerful than those expected by Zoom according to their whitepaper. Specifically, if insiders collude with meeting participants, they can impersonate any Zoom user in target meetings, whereas Zoom indicates that they can impersonate only the current meeting participants. We also describe several important works in the area of E2EE security research.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Processing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2197/ipsjjip.31.523","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 0
Abstract
This paper summarizes our cryptanalysis results on real-world End-to-End Encryption (E2EE) schemes published in recent years. Our targets are LINE (a major messaging application), SFrame (an E2EE protocol adopted by major video/audio applications), and Zoom (a major video communication application). For LINE, we show several attacks against the message integrity of Letter Sealing, the E2EE protocol of LINE, that allow forgery and impersonation. For SFrame, we reveal a critical issue that leads to an impersonation (forgery) attack by a malicious group member with a practical complexity. For Zoom, we discover several attacks more powerful than those expected by Zoom according to their whitepaper. Specifically, if insiders collude with meeting participants, they can impersonate any Zoom user in target meetings, whereas Zoom indicates that they can impersonate only the current meeting participants. We also describe several important works in the area of E2EE security research.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
