Verification of LINE Encryption Version 1.0 Using ProVerif
LINE is currently the most popular messaging service in Japan. Communications using LINE are protected by the original encryption scheme, called LINE Encryption, and specifications of the client-to-server transport encryption protocol and the client-to-client message end-to-end encryption protocol are published by the Technical Whitepaper. Though a spoofing attack (i.e., a malicious client makes another client misunderstand the identity of the peer) and a reply attack (i.e., a message in a session is sent again in another session by a man-in-the-middle adversary, and the receiver accepts these messages) to the end-to-end protocol have been shown, no formal security analysis of these protocols is known.
In this paper, we show a formal verification result of secrecy of application data and authenticity for protocols of LINE Encryption (Version 1.0) by using the automated security verification tool ProVerif. Especially, since it is claimed that the transport protocol satisfies forward secrecy (i.e., even if the static private key is leaked, security of application data is guaranteed), we verify forward secrecy for client’s data and for server’s data of the transport protocol, and we find an attack to break secrecy of client’s application data. Moreover, we find the spoofing attack and the reply attack, which are reported in previous papers.
- 1.LINE Encryption Overview (Ver. 1.0). https://scdn.line-apps.com/stf/linecorp/en/csr/line-encryption-whitepaper-ver1.0.pdf
- 2.LINE Encryption Status Report, 24 August 2018. https://linecorp.com/en/security/encryption_report
- 3.Espinoza, A.M., Tolley, W.J., Crandall, J.R., Crete-Nishihata, M., Hilts, A.: Alice and Bob, who the FOCI are they?: analysis of end-to-end encryption in the LINE messaging application. In: FOCI @ USENIX Security Symposium (2017)Google Scholar
- 4.Isobe, T., Minematsu, K.: Spoofing attack and forgery attack against LINE’s end-to-end encryption. In: SCIS 2018 (2018). (in Japanese)Google Scholar
- 5.Blanchet, B., Smyth, B., Cheval, V., Sylvestre, M.: ProVerif 1.98. http://prosecco.gforge.inria.fr/personal/bblanche/proverif
- 6.McGrew, D., Viega, J.: The Galois/Counter Mode of Operation (GCM). Manuscript, May 2005. NIST websiteGoogle Scholar