Paper 2018/668

Breaking Message Integrity of an End-to-End Encryption Scheme of LINE

Takanori Isobe and Kazuhiko Minematsu

Abstract

In this paper, we analyze the security of an end-to-end encryption scheme (E2EE) of LINE, a.k.a Letter Sealing. LINE is one of the most widely-deployed instant messaging applications, especially in East Asia. By a close inspection of their protocols, we give several attacks against the message integrity of Letter Sealing. Specifically, we propose forgery and impersonation attacks on the one-to-one message encryption and the group message encryption. All of our attacks are feasible with the help of an end-to-end adversary, who has access to the inside of the LINE server (e.g. service provider LINE themselves). We stress that the main purpose of E2EE is to provide a protection against the end-to-end adversary. In addition, we found some attacks that even do not need the help of E2E adversary, which shows a critical security flaw of the protocol. Our results reveal that the E2EE scheme of LINE do not sufficiently guarantee the integrity of messages compared to the state-of-the-art E2EE schemes such as Signal, which is used by WhatApp and Facebook Messenger. We also provide some countermeasures against our attacks. We have shared our findings with LINE corporation in advance. The LINE corporation has confirmed our attacks are valid as long as the E2E adversary is involved, and officially recognizes our results as a vulnerability of encryption break.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. ESORICS 2018
Keywords
E2EELINEkey exchangegroup messageauthenticated encryption
Contact author(s)
takanori isobe @ ai u-hyogo ac jp
k-minematsu @ ah jp nec com
History
2018-07-13: received
Short URL
https://ia.cr/2018/668
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/668,
      author = {Takanori Isobe and Kazuhiko Minematsu},
      title = {Breaking Message Integrity of an End-to-End Encryption Scheme of {LINE}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/668},
      year = {2018},
      url = {https://eprint.iacr.org/2018/668}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.