LINE is a popular messaging app in Asia, with more than 200 million monthly active users. It was launched in 2011 by LINE Corporation, a Japanese subsidiary of Naver Corporation in South Korea. Since that time, it has experienced rapid growth in several Asian markets, including Japan, Thailand, and Taiwan, boasting upwards of 200 million users in 2016. Following this growth, LINE experienced government pressure to disclose user data and content regulations as it expanded into new markets.
Recently, LINE has introduced a number of new security features including end-to-end encryption. A new paper published by researchers at the University of New Mexico and the Citizen Lab reports on the first independent analysis of LINE’s end-to-end encryption protocols and reveals security vulnerabilities in the implementation. Through analysis of these vulnerabilities and reflections on the process of disclosing them to LINE, the paper discusses gaps in communication and understanding between researchers, developers, and users.
The paper, entitled Alice and Bob Who the FOCI are they?: Analysis of End-to-End Encryption in the LINE Messaging Application, was authored by Antonio M. Espinoza, William J. Tolley, and Jedidah R. Crandall (University of New Mexico) and Andrew Hilts and Masashi Crete-Nishihata (Citizen Lab). Recently presented at the 7th USENIX Workshop Free and Open Communications on the Internet (FOCI), it reports on a security audit of end-to-end encryption features in LINE using various threat models that a well-resourced attacker might be able to undertake.
End-to-end encryption is a security feature that protects the communications between two users by encrypting them so that only they can read the messages. Beginning in 2015, many popular chat applications began to adopt this feature, including WhatsApp, Facebook Messenger, Viber, and KakaoTalk.
As University of New Mexico Professor and paper author Jedidiah Crandall says, the findings present two main issues:
“One is that a well-designed end-to-end encryption protocol should have the property that if both the sender and receiver delete the message, there should be no way to recover it even if their private keys and devices are compromised,” he says. “LINE does not have this property, and so deleting LINE messages does not give the assurances that it should.”
This means there’s the possibility that even deleted messages could be retrieved by a third-party who has access to LINE’s servers, presenting a security threat.
“The other overarching issue is that the version of LINE that we reverse engineered had many practices that were not consistent with well-known cryptography engineering best practices,” says Crandall.
He likens this last point to constructing a bridge: a company might use custom concrete that has never been tested before and steel beams that weren’t meant for bridges. The bridge might hold, but an independent engineer won’t have access to the necessary blueprints and specs to conduct a proper analysis.
“Similarly, when cryptography engineers don’t follow best practices, it makes it impossible for independent cryptography engineers to attest to its security,” he says.
This challenge presents a larger issue of the gaps that exist between vendors, researchers, and end-users with regards to how they all view and evaluate security threats: vendors have to implement security at a large scale while balancing usability and resources; researchers may be well versed in security best practices, but typically don’t have insight into the decision-making process of vendors; and users may be presented with an increasing number of security features but may not be able to evaluate one over another.
There appears to be a lack of research around how all of these parties interact, especially for researchers and vendors. As the paper says: “While ample literature exists on end-user understanding and implementation of security advice, there is little comparable research examining how security teams at software vendors understand and act upon vulnerability reports.”
So, how can these issues be addressed? The authors say that the aim of the paper is to generate discourse around these gaps. Echoing this, Crandall says there needs to be increased and improved communication between all parties.
“I think we need to work as a community to ground discussions about cryptography, or security in general, in terms that users really care about.”