CISPA
Browse
cispa_all_4014.pdf (510.64 kB)

Multi-Stage Group Key Distribution and PAKEs: Securing Zoom Groups against Malicious Servers without New Security Elements

Download (510.64 kB)
conference contribution
posted on 2024-03-05, 12:21 authored by Cas CremersCas Cremers, Ronen, Eyal, Mang Zhao
Video conferencing apps like Zoom have hundreds of millions of daily users, making them a high-value target for surveillance and subversion. While such apps claim to achieve some forms of end-to-end encryption, they usually assume an incorruptible server that is able to identify and authenticate all the parties in a meeting. Concretely this means that, e.g., even when using the “end-to-end encrypted” setting, malicious Zoom servers could eavesdrop or impersonate in arbitrary groups. In this work, we show how security against malicious servers can be improved by changing the way in which such protocols use passwords (known as passcodes in Zoom) and integrating a password-authenticated key exchange (PAKE) protocol. To formally prove that our approach achieves its goals, we formalize a class of cryptographic protocols suitable for this setting, and define a basic security notion for them, in which group security can be achieved assuming the server is trusted to correctly authorize the group members. We prove that Zoom indeed meets this notion. We then propose a stronger security notion that can provide security against malicious servers, and propose a transformation that can achieve this notion. We show how we can apply our transformation to Zoom to provably achieve stronger security against malicious servers, notably without introducing new security elements.

History

Preferred Citation

Cas Cremers, Eyal Ronen, Mang Zhao. Multi-Stage Group Key Distribution and PAKEs: Securing Zoom Groups against Malicious Servers without New Security Elements. In: IEEE Symposium on Security and Privacy. 2023.

Primary Research Area

  • Reliable Security Guarantees

Name of Conference

IEEE Symposium on Security and Privacy (S&P)

Legacy Posted Date

2023-08-29

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_4014, author = {Cas Cremers AND Eyal Ronen AND Mang Zhao}, title = {Multi-Stage Group Key Distribution and PAKEs: Securing Zoom Groups against Malicious Servers without New Security Elements}, booktitle = {IEEE Symposium on Security and Privacy}, year = {2023} }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC