Cryptology ePrint Archive: Report 2018/668

Breaking Message Integrity of an End-to-End Encryption Scheme of LINE

Takanori Isobe and Kazuhiko Minematsu

Abstract: In this paper, we analyze the security of an end-to-end encryption scheme (E2EE) of LINE, a.k.a Letter Sealing. LINE is one of the most widely-deployed instant messaging applications, especially in East Asia. By a close inspection of their protocols, we give several attacks against the message integrity of Letter Sealing. Specifically, we propose forgery and impersonation attacks on the one-to-one message encryption and the group message encryption. All of our attacks are feasible with the help of an end-to-end adversary, who has access to the inside of the LINE server (e.g. service provider LINE themselves). We stress that the main purpose of E2EE is to provide a protection against the end-to-end adversary. In addition, we found some attacks that even do not need the help of E2E adversary, which shows a critical security flaw of the protocol. Our results reveal that the E2EE scheme of LINE do not sufficiently guarantee the integrity of messages compared to the state-of-the-art E2EE schemes such as Signal, which is used by WhatApp and Facebook Messenger. We also provide some countermeasures against our attacks. We have shared our findings with LINE corporation in advance. The LINE corporation has confirmed our attacks are valid as long as the E2E adversary is involved, and officially recognizes our results as a vulnerability of encryption break.

Category / Keywords: cryptographic protocols / E2EE, LINE, key exchange, group message, authenticated encryption

Original Publication (with minor differences): ESORICS 2018

Date: received 10 Jul 2018

Contact author: takanori isobe at ai u-hyogo ac jp, k-minematsu@ah jp nec com

Available format(s): PDF | BibTeX Citation

Version: 20180713:140433 (All versions of this report)

Short URL: ia.cr/2018/668


[ Cryptology ePrint archive ]