Alice and bob, who the foci are they?: Analysis of end-to-end encryption in the line messaging application

Antonio M. Espinoza; William J. Tolley; Jedidiah R. Crandall; Andrew Hilts; Masashi Crete-Nishihata

Alice and bob, who the foci are they? Analysis of end-to-end encryption in the line messaging application

Antonio M. Espinoza, William J. Tolley, Jedidiah R. Crandall, Andrew Hilts, Masashi Crete-Nishihata

Research output: Contribution to conference › Paper › peer-review

Abstract

End-to-end encryption (E2EE) is becoming a standard feature in many popular chat apps, but independent security assessments of these implementations are limited. In this paper we provide the first independent analysis of E2EE features in LINE, a messaging application popular in Asian markets, and identify a replay attack and an attack on a lack of forward secrecy. Based on our analysis and communications with LINE about the vulnerabilities we discuss challenges and new research directions to better bridge vendors, researchers, and end-users around security issues.

Original language	English (US)
State	Published - 2017
Externally published	Yes
Event	7th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2017, co-located with USENIX Security 2017 - Vancouver, Canada Duration: Aug 14 2017 → …

Conference

Conference	7th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2017, co-located with USENIX Security 2017
Country/Territory	Canada
City	Vancouver
Period	8/14/17 → …

ASJC Scopus subject areas

Computer Networks and Communications
Software

Cite this

Alice and bob, who the foci are they? Analysis of end-to-end encryption in the line messaging application. / Espinoza, Antonio M.; Tolley, William J.; Crandall, Jedidiah R. et al.
2017. Paper presented at 7th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2017, co-located with USENIX Security 2017, Vancouver, Canada.

Research output: Contribution to conference › Paper › peer-review

@conference{7d9659cede7b42df93cdd070302e5608,

title = "Alice and bob, who the foci are they?: Analysis of end-to-end encryption in the line messaging application",

abstract = "End-to-end encryption (E2EE) is becoming a standard feature in many popular chat apps, but independent security assessments of these implementations are limited. In this paper we provide the first independent analysis of E2EE features in LINE, a messaging application popular in Asian markets, and identify a replay attack and an attack on a lack of forward secrecy. Based on our analysis and communications with LINE about the vulnerabilities we discuss challenges and new research directions to better bridge vendors, researchers, and end-users around security issues.",

author = "Espinoza, {Antonio M.} and Tolley, {William J.} and Crandall, {Jedidiah R.} and Andrew Hilts and Masashi Crete-Nishihata",

note = "Funding Information: This material is based upon work supported by the U.S. National Science Foundation under Grant Nos. #1314297, #1420716, #1518523, and #1518878. Antonio Espinoza was supported by the Open Technology Fund Information Controls Fellowship Program. This research is part of the Net Alert (https://netalert.me) project funded by the Open Technology Fund. We would like to thank Jeffrey Knockel for commenting on drafts, providing code for modifying packets in flight, and implementing LEGY HMAC in python source code. We also thank Ramy Raoof for inspiring the title of our paper, and the LINE security team for comments on drafts and their engagement during the disclosure process. We are also grateful to the anonymous FOCI reviewers and our shepherd, Nick Weaver, for valuable feedback. Publisher Copyright: {\textcopyright} 2017 7th USENIX Workshop on Free and Open Communications on the Internet. All rights reserved.; 7th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2017, co-located with USENIX Security 2017 ; Conference date: 14-08-2017",

year = "2017",

language = "English (US)",

}

TY - CONF

T1 - Alice and bob, who the foci are they?

T2 - 7th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2017, co-located with USENIX Security 2017

AU - Espinoza, Antonio M.

AU - Tolley, William J.

AU - Crandall, Jedidiah R.

AU - Hilts, Andrew

AU - Crete-Nishihata, Masashi

N1 - Funding Information: This material is based upon work supported by the U.S. National Science Foundation under Grant Nos. #1314297, #1420716, #1518523, and #1518878. Antonio Espinoza was supported by the Open Technology Fund Information Controls Fellowship Program. This research is part of the Net Alert (https://netalert.me) project funded by the Open Technology Fund. We would like to thank Jeffrey Knockel for commenting on drafts, providing code for modifying packets in flight, and implementing LEGY HMAC in python source code. We also thank Ramy Raoof for inspiring the title of our paper, and the LINE security team for comments on drafts and their engagement during the disclosure process. We are also grateful to the anonymous FOCI reviewers and our shepherd, Nick Weaver, for valuable feedback. Publisher Copyright: © 2017 7th USENIX Workshop on Free and Open Communications on the Internet. All rights reserved.

PY - 2017

Y1 - 2017

N2 - End-to-end encryption (E2EE) is becoming a standard feature in many popular chat apps, but independent security assessments of these implementations are limited. In this paper we provide the first independent analysis of E2EE features in LINE, a messaging application popular in Asian markets, and identify a replay attack and an attack on a lack of forward secrecy. Based on our analysis and communications with LINE about the vulnerabilities we discuss challenges and new research directions to better bridge vendors, researchers, and end-users around security issues.

AB - End-to-end encryption (E2EE) is becoming a standard feature in many popular chat apps, but independent security assessments of these implementations are limited. In this paper we provide the first independent analysis of E2EE features in LINE, a messaging application popular in Asian markets, and identify a replay attack and an attack on a lack of forward secrecy. Based on our analysis and communications with LINE about the vulnerabilities we discuss challenges and new research directions to better bridge vendors, researchers, and end-users around security issues.

UR - http://www.scopus.com/inward/record.url?scp=85084161706&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85084161706&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:85084161706

Y2 - 14 August 2017

ER -

Alice and bob, who the foci are they? Analysis of end-to-end encryption in the line messaging application

Abstract

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this