The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Neste artigo, analisamos a segurança de um esquema de criptografia ponta a ponta (E2EE) do LINE, também conhecido como Letter Sealing. LINE é um dos aplicativos de mensagens instantâneas mais amplamente implantados, especialmente no Leste Asiático. Através de uma inspeção minuciosa de seus protocolos, damos vários ataques contra a integridade da mensagem do Letter Sealing. Especificamente, propomos ataques de falsificação e personificação na criptografia de mensagens um-para-um e na criptografia de mensagens em grupo. Todos os nossos ataques são viáveis com a ajuda de um adversário ponta a ponta, que tem acesso ao interior do servidor LINE (por exemplo, o próprio provedor de serviços LINE). Ressaltamos que o principal objetivo do E2EE é fornecer proteção contra o adversário de ponta a ponta. Além disso, encontramos alguns ataques que ainda não necessitam da ajuda do adversário E2E, o que mostra uma falha crítica de segurança do protocolo. Nossos resultados revelam que o esquema E2EE do LINE não garante suficientemente a integridade das mensagens em comparação com os esquemas E2EE de última geração, como o Signal, que é usado pelo WhatApp e Facebook Messenger. Também fornecemos algumas contramedidas contra nossos ataques. Compartilhamos nossas descobertas com a corporação LINE antecipadamente. A corporação LINE confirmou que nossos ataques são válidos enquanto o adversário E2E estiver envolvido e reconhece oficialmente nossos resultados como uma vulnerabilidade de quebra de criptografia.
Takanori ISOBE
University of Hyogo
Kazuhiko MINEMATSU
NEC corporation
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Takanori ISOBE, Kazuhiko MINEMATSU, "Security Analysis and Countermeasures of an End-to-End Encryption Scheme of LINE" in IEICE TRANSACTIONS on Fundamentals,
vol. E103-A, no. 1, pp. 313-324, January 2020, doi: 10.1587/transfun.2019EAP1041.
Abstract: In this paper, we analyze the security of an end-to-end encryption scheme (E2EE) of LINE, a.k.a Letter Sealing. LINE is one of the most widely-deployed instant messaging applications, especially in East Asia. By a close inspection of their protocols, we give several attacks against the message integrity of Letter Sealing. Specifically, we propose forgery and impersonation attacks on the one-to-one message encryption and the group message encryption. All of our attacks are feasible with the help of an end-to-end adversary, who has access to the inside of the LINE server (e.g. service provider LINE themselves). We stress that the main purpose of E2EE is to provide a protection against the end-to-end adversary. In addition, we found some attacks that even do not need the help of E2E adversary, which shows a critical security flaw of the protocol. Our results reveal that the E2EE scheme of LINE do not sufficiently guarantee the integrity of messages compared to the state-of-the-art E2EE schemes such as Signal, which is used by WhatApp and Facebook Messenger. We also provide some countermeasures against our attacks. We have shared our findings with LINE corporation in advance. The LINE corporation has confirmed our attacks are valid as long as the E2E adversary is involved, and officially recognizes our results as a vulnerability of encryption break.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2019EAP1041/_p
Copiar
@ARTICLE{e103-a_1_313,
author={Takanori ISOBE, Kazuhiko MINEMATSU, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Security Analysis and Countermeasures of an End-to-End Encryption Scheme of LINE},
year={2020},
volume={E103-A},
number={1},
pages={313-324},
abstract={In this paper, we analyze the security of an end-to-end encryption scheme (E2EE) of LINE, a.k.a Letter Sealing. LINE is one of the most widely-deployed instant messaging applications, especially in East Asia. By a close inspection of their protocols, we give several attacks against the message integrity of Letter Sealing. Specifically, we propose forgery and impersonation attacks on the one-to-one message encryption and the group message encryption. All of our attacks are feasible with the help of an end-to-end adversary, who has access to the inside of the LINE server (e.g. service provider LINE themselves). We stress that the main purpose of E2EE is to provide a protection against the end-to-end adversary. In addition, we found some attacks that even do not need the help of E2E adversary, which shows a critical security flaw of the protocol. Our results reveal that the E2EE scheme of LINE do not sufficiently guarantee the integrity of messages compared to the state-of-the-art E2EE schemes such as Signal, which is used by WhatApp and Facebook Messenger. We also provide some countermeasures against our attacks. We have shared our findings with LINE corporation in advance. The LINE corporation has confirmed our attacks are valid as long as the E2E adversary is involved, and officially recognizes our results as a vulnerability of encryption break.},
keywords={},
doi={10.1587/transfun.2019EAP1041},
ISSN={1745-1337},
month={January},}
Copiar
TY - JOUR
TI - Security Analysis and Countermeasures of an End-to-End Encryption Scheme of LINE
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 313
EP - 324
AU - Takanori ISOBE
AU - Kazuhiko MINEMATSU
PY - 2020
DO - 10.1587/transfun.2019EAP1041
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E103-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2020
AB - In this paper, we analyze the security of an end-to-end encryption scheme (E2EE) of LINE, a.k.a Letter Sealing. LINE is one of the most widely-deployed instant messaging applications, especially in East Asia. By a close inspection of their protocols, we give several attacks against the message integrity of Letter Sealing. Specifically, we propose forgery and impersonation attacks on the one-to-one message encryption and the group message encryption. All of our attacks are feasible with the help of an end-to-end adversary, who has access to the inside of the LINE server (e.g. service provider LINE themselves). We stress that the main purpose of E2EE is to provide a protection against the end-to-end adversary. In addition, we found some attacks that even do not need the help of E2E adversary, which shows a critical security flaw of the protocol. Our results reveal that the E2EE scheme of LINE do not sufficiently guarantee the integrity of messages compared to the state-of-the-art E2EE schemes such as Signal, which is used by WhatApp and Facebook Messenger. We also provide some countermeasures against our attacks. We have shared our findings with LINE corporation in advance. The LINE corporation has confirmed our attacks are valid as long as the E2E adversary is involved, and officially recognizes our results as a vulnerability of encryption break.
ER -