Alice and bob, who the foci are they?: Analysis of end-to-end encryption in the line messaging application

Antonio M. Espinoza; William J. Tolley; Jedidiah R. Crandall; Andrew Hilts; Masashi Crete-Nishihata

Alice and bob, who the foci are they? Analysis of end-to-end encryption in the line messaging application

Antonio M. Espinoza, William J. Tolley, Jedidiah R. Crandall, Andrew Hilts, Masashi Crete-Nishihata

Research output: Contribution to conference › Paper › peer-review

Abstract

End-to-end encryption (E2EE) is becoming a standard feature in many popular chat apps, but independent security assessments of these implementations are limited. In this paper we provide the first independent analysis of E2EE features in LINE, a messaging application popular in Asian markets, and identify a replay attack and an attack on a lack of forward secrecy. Based on our analysis and communications with LINE about the vulnerabilities we discuss challenges and new research directions to better bridge vendors, researchers, and end-users around security issues.

Original language	English (US)
State	Published - 2017
Externally published	Yes
Event	7th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2017, co-located with USENIX Security 2017 - Vancouver, Canada Duration: Aug 14 2017 → …

Conference

Conference	7th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2017, co-located with USENIX Security 2017
Country/Territory	Canada
City	Vancouver
Period	8/14/17 → …

ASJC Scopus subject areas

Computer Networks and Communications
Software

Cite this

Alice and bob, who the foci are they? Analysis of end-to-end encryption in the line messaging application. / Espinoza, Antonio M.; Tolley, William J.; Crandall, Jedidiah R. et al.
2017. Paper presented at 7th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2017, co-located with USENIX Security 2017, Vancouver, Canada.

Research output: Contribution to conference › Paper › peer-review

@conference{7d9659cede7b42df93cdd070302e5608,

title = "Alice and bob, who the foci are they?: Analysis of end-to-end encryption in the line messaging application",

abstract = "End-to-end encryption (E2EE) is becoming a standard feature in many popular chat apps, but independent security assessments of these implementations are limited. In this paper we provide the first independent analysis of E2EE features in LINE, a messaging application popular in Asian markets, and identify a replay attack and an attack on a lack of forward secrecy. Based on our analysis and communications with LINE about the vulnerabilities we discuss challenges and new research directions to better bridge vendors, researchers, and end-users around security issues.",

author = "Espinoza, {Antonio M.} and Tolley, {William J.} and Crandall, {Jedidiah R.} and Andrew Hilts and Masashi Crete-Nishihata",

note = "Publisher Copyright: {\textcopyright} 2017 7th USENIX Workshop on Free and Open Communications on the Internet. All rights reserved.; 7th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2017, co-located with USENIX Security 2017 ; Conference date: 14-08-2017",

year = "2017",

language = "English (US)",

}

TY - CONF

T1 - Alice and bob, who the foci are they?

T2 - 7th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2017, co-located with USENIX Security 2017

AU - Espinoza, Antonio M.

AU - Tolley, William J.

AU - Crandall, Jedidiah R.

AU - Hilts, Andrew

AU - Crete-Nishihata, Masashi

PY - 2017

Y1 - 2017

N2 - End-to-end encryption (E2EE) is becoming a standard feature in many popular chat apps, but independent security assessments of these implementations are limited. In this paper we provide the first independent analysis of E2EE features in LINE, a messaging application popular in Asian markets, and identify a replay attack and an attack on a lack of forward secrecy. Based on our analysis and communications with LINE about the vulnerabilities we discuss challenges and new research directions to better bridge vendors, researchers, and end-users around security issues.

AB - End-to-end encryption (E2EE) is becoming a standard feature in many popular chat apps, but independent security assessments of these implementations are limited. In this paper we provide the first independent analysis of E2EE features in LINE, a messaging application popular in Asian markets, and identify a replay attack and an attack on a lack of forward secrecy. Based on our analysis and communications with LINE about the vulnerabilities we discuss challenges and new research directions to better bridge vendors, researchers, and end-users around security issues.

UR - http://www.scopus.com/inward/record.url?scp=85084161706&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85084161706&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:85084161706

Y2 - 14 August 2017

ER -

Alice and bob, who the foci are they? Analysis of end-to-end encryption in the line messaging application

Abstract

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this