Paper 2023/1829

End-to-End Encrypted Zoom Meetings: Proving Security and Strengthening Liveness

Yevgeniy Dodis, New York University
Daniel Jost, New York University
Balachandar Kesavan, Zoom Video Communications
Antonio Marcedone, Zoom Video Communications
Abstract

In May 2020, Zoom Video Communications, Inc. (Zoom) announced a multi-step plan to comprehensively support end-to-end encrypted (E2EE) group video calls and subsequently rolled out basic E2EE support to customers in October 2020. In this work we provide the first formal security analysis of Zoom's E2EE protocol, and also lay foundation to the general problem of E2EE group video communication. We observe that the vast security literature analyzing asynchronous messaging does not translate well to synchronous video calls. Namely, while strong forms of forward secrecy and post compromise security are less important for (typically short-lived) video calls, various liveness properties become crucial. For example, mandating that participants quickly learn of updates to the meeting roster and key, media streams being displayed are recent, and banned participants promptly lose any access to the meeting. Our main results are as follows: 1. Propose a new notion of leader-based continuous group key agreement with liveness, which accurately captures the E2EE properties specific to the synchronous communication scenario. 2. Prove security of the core of Zoom's E2EE meetings protocol in the above well-defined model. 3. Propose ways to strengthen Zoom's liveness properties by simple modifications to the original protocol, which subsequently influenced updates implemented in production.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in EUROCRYPT 2023
DOI
10.1007/978-3-031-30589-4_6
Contact author(s)
dodis @ cs nyu edu
daniel jost @ cs nyu edu
balachandar kesavan @ zoom us
antonio marcedone @ zoom us
History
2023-12-01: revised
2023-11-28: received
See all versions
Short URL
https://ia.cr/2023/1829
License
Creative Commons Attribution-NonCommercial-ShareAlike
CC BY-NC-SA

BibTeX 

@misc{cryptoeprint:2023/1829,
      author = {Yevgeniy Dodis and Daniel Jost and Balachandar Kesavan and Antonio Marcedone},
      title = {End-to-End Encrypted Zoom Meetings: Proving Security and Strengthening Liveness},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1829},
      year = {2023},
      doi = {10.1007/978-3-031-30589-4_6},
      note = {\url{https://eprint.iacr.org/2023/1829}},
      url = {https://eprint.iacr.org/2023/1829}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.