Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A 5 security x line platform

9,840 views

Published on

TBD

Published in: Technology

A 5 security x line platform

  1. 1. 1 LINE Architecture 2 Transport Security 3 Messaging and VoIP Security 4 Device Security
  2. 2. LINE Architecture LINE Android Talk Server User DB LINE LINE iOS LINE Desktop Timeline Auth Media LEGY Bot / OA LEGY encryption SPDY/2 LEGY encryption SPDY/2 LEGY encryption SPDY/2 HTTP/HTTPS
  3. 3. LEGY Line Event GatewaY And more Routing Transport encryption http://developers.linecorp.com/blog/?p=2381 http://developers.linecorp.com/blog/?p=2709
  4. 4. TLS Problems Current version – TLS v1.2 TLS v1.3 aims to provide some solutions Requires several round-trips to complete handshake High RTT on mobile networks • simplified handshake • 0-RTT • but not final yet (draft status) https://tlswg.github.io/tls13-spec/
  5. 5. Current version • pinned RSA keys +AES • no X.509 certificates • 0-RTT handshake • no forward secrecy (FS) LEGY Encryption Lightweight TLS alternative
  6. 6. LEGY Encryption FS Forward secrecy (FS) Elliptic curve cryptography (ECC) 0-RTT handshake AES-GCM for app data encryption ECDH-based key exchange first message under client ephemeral/server static subsequent messages under ephemeral/ephemeral
  7. 7. Messaging E2EE • End-to-end encryption (E2EE) for LINE - Letter Sealing • Introduced in Oct 2015/ LINE 5.3.0 • Initially iOS/Android only • Applied to text and location messages h t t p : / / d e v e l o p e r s . l i n e c o r p . c o m / b l o g / ? p = 3 6 7 9
  8. 8. Letter Sealing Evolution • Group chat support • Secondary device support • Status indicator • ON by default iOS/Android 6.5.0+ Mac/Win 4.8.0+ • Planned enhancements Media encryption h t t p : / / d e v e l o p e r s . l i n e c o r p . c o m / b l o g / ? p = 3 6 7 9
  9. 9. Sending an Encrypted Message LINE User 1 Talk Server 1.user2’s public key? 2.send message (ID:456, pub key) LINE User 2 Message AES encrypt Message to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’
  10. 10. Receiving an Encrypted Message LINE User 1 Talk Server 3.push message 4.user1’s public key? (ID:123, pub key) LINE User 2 Message Message AES decrypt to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’
  11. 11. Encrypted Message Exchange LINE User 1 Talk Server 1.user2’s public key? 2.send message (ID:456, pub key) 3.push message 4.user1’s public key? (ID:123, pub key) LINE User 2 Message Message AES encrypt to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’ AES decrypt Message to:user2 from:user1 text:’Hello’
  12. 12. Encryption Method Messageuser 1 shared secret KDF (SS, salt) KDF (SS, salt) user1 priv key user2 pub key Keychain keyID:123 [priv key] [user2 pub key] [userN pub key] ECDH (Curve22519) user2 priv key user1 pub key Message AES encrypt to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’ AES decrypt Message to:user2 from:user1 text:’Hello’ Keychain keyID:456 [priv key] [user1 pub key] [userN pub key] user 2
  13. 13. Key Verification Android Chat Settings > Encryption Key iOS Settings > Encryption Key
  14. 14. Group Chat Support Dedicated shared key is generated for each group Encrypted shared key distributed to all members Principle is same as 1:1 chats Shared key is replaced when members leave or join Key-encryption key derived for each member ECDH key exchange AES encryption
  15. 15. Group Key Registration LINE User 1 Talk Server 1.group1 member pub keys? (user1 pubK,user2 pubK,user3 pubK) 3.enc. group skey Keychain keyID:123 [priv key] [group shared key] [user3 pub key] [user2 pub key] Group Key for user1* [encrypted skey] for user2 [encrypted skey] for user3 [encrypted skey] 2.gen. group shared key 4.register group1 shared key Group 1 Group Key for user1* [encrypted skey] for user2 [encrypted skey] for user3 [encrypted skey] user1 user2 user3
  16. 16. Group Key Distribution LINE User 2 Talk Server 1.group1 shared key? (enc. skey for user2) 1.group1 shared key? (enc. skey for user3) LINE User 3 Message Keychain keyID:456 [priv key] [group1 shared key] Group Key for user1* [encrypted skey] for user2 [encrypted skey] for user3 [encrypted skey] Keychain keyID:789 [priv key] [group1 shared key] 2.decrypt & save group shared key 2.decrypt & save group shared key
  17. 17. VoIP E2EE • LINE 6.5.0+ • ECDH key exchange ephemeral keys server-mediated custom SIP headers • Media stream encryption SRTP AES-CTR + HMAC-SHA1
  18. 18. Device Security True Delete - Since 5.3.0 More advanced data protection features coming soon Overwriting NULL http://developers.linecorp.com/blog/?p=3660
  19. 19. LINE Encryption Whitepaper Detailed cryptographic protocol specification Covers Available now at transport encryption Letter Sealing https://linecorp.com/en/security/article/37 messaging E2EE VoIP E2EE
  20. 20. 1 Risk Assessment 2 Anti-Spam/Game Abusing 3 Bug Bounty Program
  21. 21. Risk Assessment Monitoring Bug Bounty Design Implement QA Operate
  22. 22. Risk Assessment Server • XSS • CSRF • Path Traversal • Open-Redirect Client Web Server • Analyzing the protocol • Abusing/Cheating • Bot (un-official client) Client LINE / Game • Reversing • Modifying
  23. 23. Risk Assessment Server • Analyzing the protocol • Abusing/Cheating • Bot (un-official client) Client LINE / Game • Reversing • Modifying
  24. 24. Reverse engineering Malware analysis Vulnerability diagnosis/ investigation Illegal copy of contents Software tracking, cheating Reverse engineering is a process of analyzing software/hardware and examining operating principles, source code, and development methods. Purpose of use (examples)
  25. 25. Change in game environment Cheat tools are created Possible to level up without spending money and time Bots are created Online, item purchase Android, iOS opening up of the platform
  26. 26. Security Measures Enhance security to the level where it is difficulty to abuse/cheat Bot/abuser detection is performed on the server side General cheat tool counter measure Encryption of locally stored data Encryption of communication between games and servers ARM/IL analysis measure Abuser detection/automation
  27. 27. RA for LINE Games Memory / file cheat • Possible to prevent it by storing score and other data on the server • Status data, such as attack power and HP, are fully handled on the client, and there is no counter measure for them. From GameHacker
  28. 28. RA for LINE Games Speed hack Ex.1: Stamina power recovery (possible to prevent) Stamina: 40 / 100 Time: 12:54 Stamina: 40 / 100 Sync Abuser: added extra 20 min to in-game time Time: 12:34 Notice Stamina power recovery Time: 12:34Time: 12:34 Sync Since it does not match server-side time, the notice is rejected.
  29. 29. RA for LINE Games Speed hack Ex.2: Time attack (impossible to prevent) Time: 12:20 Time: 12:21 Time: 12:20 Sync Start a stage Time: 12:21 Notice Stage clear notice • Play game at twice the speed • Fake a stage clear notice If set to a realistic time, the server cannot detect the hack.
  30. 30. RA for LINE Games MITM (Man-In-The-Middle) • If it is just HTTPS, communication is analyzed by MITM • SSL pinning should be performed in the game However, the data is decrypted in the game. Hence, there is no perfect counter measure. certificate Possible to view communication
  31. 31. RA for LINE Games MITM (Man-In-The-Middle) • Place proxy certificate in device • With only HTTPS, communication is cryptanalyzed by MITM • [Measure]Execute SSL Pinning (certificate check) in game Check certificate
  32. 32. SSL Pinning public static bool ValidateServerCertificate (object sender,System.Security.Cryptograp hy.X509Certificates.X509Certificate certificate, X509Chain chain, System.Net.Security. SslPolicyErrors sslPolicyErrors) { string chash = certificate.GetCertHashString (); if (chash == " (hardcoded hash)") return true; // SSL certificate check ok return false; } Examples of code to check certificate of communication partner in game (Check routine may be removed)
  33. 33. RA for LINE Games Unity C# -> CIL (DLL) -> Decompile *.dll C# -> CIL -> ASM(il2cpp) -> Disassemble libil2cpp.so Cocos2d-x C++ -> .so -> Disassemble *.so
  34. 34. RA for LINE Games Unity C# -> CIL (DLL) -> Decompile *.dll From ILSpy public void TakeDamage (int amount) { damaged = true; currentHealth -= amount; healthSlider.value = currentHealth; playerAudio.Play (); if(currentHealth <= 0 && !isDead) Death (); } public void TakeDamage(int amount) { this.damaged = true; this.currentHealth -= amount; this.healthSlider.set_value( (float)this.currentHealth); this.playerAudio.Play(); if (this.currentHealth <= 0 && !this.isDead) { this.Death(); } }
  35. 35. RA for LINE Games Unity C# -> CIL -> ASM(il2cpp) -> Disassemble libil2cpp.so From IDA public void TakeDamage (int amount) { damaged = true; currentHealth -= amount; healthSlider.value = currentHealth; playerAudio.Play (); if(currentHealth <= 0 && !isDead) Death (); }
  36. 36. RA for LINE Games From IDA
  37. 37. Security Measures Enhance security to the level where it is difficulty to abuse/cheat Bot/abuser detection is performed on the server side General cheat tool counter measure Encryption of locally stored data Encryption of communication between games and servers ARM/IL analysis measure Abuser detection/automation
  38. 38. Security Measures Duration/period/frequency of game play Timing of level up Timing of stage clear Item usage history (including payment) IP bandwidth Detect anomalies based on the characteristics below, while taking false positives into utmost consideration Human Bot
  39. 39. Anti-Spam Message Spammer’s Account SecurityCS spam message Users Anti-Spam block Report Query LINE • Block rule • Text mining • Human check Check flow
  40. 40. Anti-Spam/Abusing Operator takes necessary measures (e.g. adding rules) Finds potential loopholes for the abuser (measures for the measure) Operator takes additional measures (return to 2.) Datasets change Datasets change Datasets change
  41. 41. Anti-Spam/Abusing Datasets change periodically False positives of less than 0.01% Datasets change Datasets change Datasets change Able to explain the cause of false positives There is a limit to detection by machine learning based on similarity. (Manual check is essential.)
  42. 42. Anti-Spam/Abusing Bring client (app) measure to a certain level Automate server-side as much as possible Final check to be done manually (as needed) We intend to explore this area and implement further automation
  43. 43. Bug Bounty Program https://bugbounty.linecorp.com/ja/
  44. 44. Bug Bounty Program 0 5 10 15 20 25 The number of reports 6/2 6/16 6/30 7/14 7/28 8/11 Category XSS CSRF RCE Auth bypass Purchase bypass Encryption break Other

×