WEKO3
アイテム
Cryptanalysis on End-to-End Encryption Schemes of Communication Tools and Its Research Trend
https://ipsj.ixsq.nii.ac.jp/records/227697
https://ipsj.ixsq.nii.ac.jp/records/2276973605ef7e-8441-4511-939e-3b52e7d82602
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6409002.pdf (1.1 MB)
|
Copyright (c) 2023 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2023-09-15 | |||||||||||
| タイトル | ||||||||||||
| タイトル | Cryptanalysis on End-to-End Encryption Schemes of Communication Tools and Its Research Trend | |||||||||||
| タイトル | ||||||||||||
| 言語 | en | |||||||||||
| タイトル | Cryptanalysis on End-to-End Encryption Schemes of Communication Tools and Its Research Trend | |||||||||||
| 言語 | ||||||||||||
| 言語 | eng | |||||||||||
| キーワード | ||||||||||||
| 主題Scheme | Other | |||||||||||
| 主題 | [特集:サイバー空間を安全にするコンピュータセキュリティ技術(招待論文)] End-to-End Encryption, LINE, SFrame, Zoom, Impersonation Attack, Forgery Attack | |||||||||||
| 資源タイプ | ||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||
| 資源タイプ | journal article | |||||||||||
| 著者所属 | ||||||||||||
| University of Hyogo/NICT | ||||||||||||
| 著者所属 | ||||||||||||
| NICT | ||||||||||||
| 著者所属 | ||||||||||||
| NEC/Yokohama National University | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| University of Hyogo / NICT | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| NICT | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| NEC / Yokohama National University | ||||||||||||
| 著者名 |
Takanori, Isobe
× Takanori, Isobe
× Ryoma, Ito
× Kazuhiko, Minematsu
|
|||||||||||
| 著者名(英) |
Takanori, Isobe
× Takanori, Isobe
× Ryoma, Ito
× Kazuhiko, Minematsu
|
|||||||||||
| 論文抄録 | ||||||||||||
| 内容記述タイプ | Other | |||||||||||
| 内容記述 | This paper summarizes our cryptanalysis results on real-world End-to-End Encryption (E2EE) schemes published in recent years. Our targets are LINE (a major messaging application), SFrame (an E2EE protocol adopted by major video/audio applications), and Zoom (a major video communication application). For LINE, we show several attacks against the message integrity of Letter Sealing, the E2EE protocol of LINE, that allow forgery and impersonation. For SFrame, we reveal a critical issue that leads to an impersonation (forgery) attack by a malicious group member with a practical complexity. For Zoom, we discover several attacks more powerful than those expected by Zoom according to their whitepaper. Specifically, if insiders collude with meeting participants, they can impersonate any Zoom user in target meetings, whereas Zoom indicates that they can impersonate only the current meeting participants. We also describe several important works in the area of E2EE security research. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.31(2023) (online) DOI http://dx.doi.org/10.2197/ipsjjip.31.523 ------------------------------ |
|||||||||||
| 論文抄録(英) | ||||||||||||
| 内容記述タイプ | Other | |||||||||||
| 内容記述 | This paper summarizes our cryptanalysis results on real-world End-to-End Encryption (E2EE) schemes published in recent years. Our targets are LINE (a major messaging application), SFrame (an E2EE protocol adopted by major video/audio applications), and Zoom (a major video communication application). For LINE, we show several attacks against the message integrity of Letter Sealing, the E2EE protocol of LINE, that allow forgery and impersonation. For SFrame, we reveal a critical issue that leads to an impersonation (forgery) attack by a malicious group member with a practical complexity. For Zoom, we discover several attacks more powerful than those expected by Zoom according to their whitepaper. Specifically, if insiders collude with meeting participants, they can impersonate any Zoom user in target meetings, whereas Zoom indicates that they can impersonate only the current meeting participants. We also describe several important works in the area of E2EE security research. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.31(2023) (online) DOI http://dx.doi.org/10.2197/ipsjjip.31.523 ------------------------------ |
|||||||||||
| 書誌レコードID | ||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||
| 収録物識別子 | AN00116647 | |||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 64, 号 9, 発行日 2023-09-15 |
|||||||||||
| ISSN | ||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||
| 公開者 | ||||||||||||
| 言語 | ja | |||||||||||
| 出版者 | 情報処理学会 | |||||||||||
