End-to-End Encrypted Zoom Meetings: Proving Security and Strengthening Liveness

Yevgeniy Dodis; Daniel Jost; Balachandar Kesavan; Antonio Marcedone

Paper 2023/1829

End-to-End Encrypted Zoom Meetings: Proving Security and Strengthening Liveness

Yevgeniy Dodis

, New York University

Daniel Jost

, New York University

Balachandar Kesavan, Zoom Video Communications

Antonio Marcedone

, Zoom Video Communications

Abstract

In May 2020, Zoom Video Communications, Inc. (Zoom) announced a multi-step plan to comprehensively support end-to-end encrypted (E2EE) group video calls and subsequently rolled out basic E2EE support to customers in October 2020. In this work we provide the first formal security analysis of Zoom's E2EE protocol, and also lay foundation to the general problem of E2EE group video communication. We observe that the vast security literature analyzing asynchronous messaging does not translate well to synchronous video calls. Namely, while strong forms of forward secrecy and post compromise security are less important for (typically short-lived) video calls, various liveness properties become crucial. For example, mandating that participants quickly learn of updates to the meeting roster and key, media streams being displayed are recent, and banned participants promptly lose any access to the meeting. Our main results are as follows: 1. Propose a new notion of leader-based continuous group key agreement with liveness, which accurately captures the E2EE properties specific to the synchronous communication scenario. 2. Prove security of the core of Zoom's E2EE meetings protocol in the above well-defined model. 3. Propose ways to strengthen Zoom's liveness properties by simple modifications to the original protocol, which subsequently influenced updates implemented in production.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: A major revision of an IACR publication in EUROCRYPT 2023
DOI: 10.1007/978-3-031-30589-4_6
Contact author(s): dodis @ cs nyu edu
daniel jost @ cs nyu edu
balachandar kesavan @ zoom us
antonio marcedone @ zoom us
History: 2023-12-01: revised; 2023-11-28: received; See all versions
Short URL: https://ia.cr/2023/1829
License: CC BY-NC-SA

BibTeX

@misc{cryptoeprint:2023/1829,
      author = {Yevgeniy Dodis and Daniel Jost and Balachandar Kesavan and Antonio Marcedone},
      title = {End-to-End Encrypted Zoom Meetings: Proving Security and Strengthening Liveness},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1829},
      year = {2023},
      doi = {10.1007/978-3-031-30589-4_6},
      url = {https://eprint.iacr.org/2023/1829}
}