A 5 security x line platform
47
-
Upload
line-corporation -
Category
Technology
-
view
6.452 -
download
2
Transcript of A 5 security x line platform
1 LINE Architecture 2 Transport Security 3 Messaging and VoIP Security 4 Device Security
LINE Architecture
LINE Android Talk Server User DB
LINE
LINE iOS
LINE Desktop
Timeline
Auth
Media
LEGY Bot / OA
LEGY encryp t ion
SPDY/2
LEGY encryp t ion
SPDY/2
LEGY encryp t ion
SPDY/2
HTTP/HTTPS
LEGY
Line Event GatewaY
And more
Routing
Transport encryption
http://developers.linecorp.com/blog/?p=2381 http://developers.linecorp.com/blog/?p=2709
TLS Problems
Current version – TLS v1.2
TLS v1.3 aims to provide some solutions
Requires several round-trips to complete handshake
High RTT on mobile networks
• simplified handshake • 0-RTT • but not final yet (draft status)
https:// t lswg.github.io/ t ls13-spec/
Current version
• pinned RSA keys +AES • no X.509 certificates • 0-RTT handshake • no forward secrecy (FS)
LEGY Encryption
Lightweight TLS alternative
LEGY Encryption FS
Forward secrecy (FS)
Elliptic curve cryptography (ECC)
0-RTT handshake
AES-GCM for app data encryption
ECDH-based key exchange
first message under client ephemeral/server static subsequent messages under ephemeral/ephemeral
Messaging E2EE • End- to-end enc r yp t ion (E2EE) f o r L INE - Le t t e r Sea l ing • I n t roduced in Oc t 2015/ L INE 5 .3 .0 • I n i t i a l l y iOS/Andro id on ly • Appl i ed to t ex t and loca t ion messages
h t t p : / / d e v e l o p e r s . l i n e c o r p . c o m / b l o g / ? p = 3 6 7 9
Letter Sealing Evolution • Group cha t suppor t • Secondar y dev ice suppor t • Sta tus ind ica to r • ON by de fau l t iOS/Android 6.5.0+ Mac/Win 4.8.0+ • Planned enhancements Media encryption h t t p : / / d e v e l o p e r s . l i n e c o r p . c o m / b l o g / ? p = 3 6 7 9
Sending an Encrypted Message
LINE User 1 Talk
Server
1.user2 ’ s pub l ic key?
2 .send message
( ID :456 , pub key) LINE User 2
Message
AES encryp t
Message
to :user2 f rom:user1 toKeyID :456 f romKey ID :123 [sa l t ] [encryp ted da ta]
Message to :user2 f rom:user1 tex t : ’He l lo ’
Receiving an Encrypted Message
LINE User 1 Talk
Server
3.push message
4 .user1 ’ s pub l ic key?
( ID :123 , pub key)
LINE User 2
Message
Message
AES decryp t to :user2 f rom:user1 toKeyID :456 f romKey ID :123 [sa l t ] [encryp ted da ta]
Message to :user2 f rom:user1 tex t : ’He l lo ’
Encrypted Message Exchange
LINE User 1 Talk
Server
1.user2 ’ s pub l ic key?
2 .send message
( ID :456 , pub key)
3 .push message
4 .user1 ’ s pub l ic key?
( ID :123 , pub key)
LINE User 2
Message
Message
AES encryp t to :user2 f rom:user1 toKeyID :456 f romKey ID :123 [sa l t ] [encryp ted da ta]
Message to :user2 f rom:user1 tex t : ’He l lo ’
AES decryp t
Message to :user2 f rom:user1 tex t : ’He l lo ’
Encryption Method Message user 1
shared secret KDF
(SS, sa l t ) KDF (SS, sa l t )
user1 p r iv key
user2 pub key
Keychain key ID:123 [p r iv key]
[user2 pub key]
[userN pub key]
ECDH (Curve22519)
user2 p r iv key
user1 pub key
Message
AES encryp t to :user2 f rom:user1 toKeyID :456 f romKey ID :123 [sa l t ] [encryp ted da ta]
Message to :user2 f rom:user1 tex t : ’He l lo ’
AES decryp t
Message to :user2 f rom:user1 tex t : ’He l lo ’
Keychain key ID:456 [p r iv key]
[user1 pub key]
[userN pub key]
user 2
Key Verification Android
Chat Settings > Encryption Key iOS
Settings > Encryption Key
Group Chat Support
Dedicated shared key is generated for each group
Encrypted shared key distributed to all members
Principle is same as 1:1 chats
Shared key is replaced when members leave or join
Key-encryption key derived for each member
ECDH key exchange AES encryption
Group Key Registration
LINE User 1
Talk Server
1.group1 member pub keys?
(user1 pubK,user2 pubK,user3 pubK)
3 .enc . g roup skey
Keychain
key ID:123 [p r iv key]
[g roup shared key]
[user3 pub key]
[user2 pub key]
Group Key fo r user1* [encryp ted skey]
fo r user2 [encryp ted skey]
fo r user3 [encryp ted skey]
2 .gen . g roup shared key
4 . reg is t e r g roup1 shared key
Group 1
Group Key fo r user1* [encryp ted skey]
fo r user2 [encryp ted skey]
fo r user3 [encryp ted skey]
user1
user2
user3
Group Key Distribution
LINE User 2 Talk
Server
1.group1 shared key?
(enc . skey fo r user2)
1 .g roup1 shared key?
(enc . skey fo r user3)
LINE User 3
Message
Keychain
key ID:456 [p r iv key]
[g roup1 shared key]
Group Key fo r user1* [enc ryp ted skey]
fo r user2 [enc ryp ted skey]
fo r user3 [enc ryp ted skey]
Keychain
key ID:789 [p r iv key]
[g roup1 shared key]
2 .decryp t & save g roup shared key
2 .decryp t & save g roup shared key
VoIP E2EE • L INE 6 .5 .0+ • ECDH key exchange ephemeral keys server-mediated custom SIP headers • Media s t ream enc r yp t ion SRTP AES-CTR + HMAC-SHA1
Device Security
True Delete - Since 5.3.0
More advanced data protection features
coming soon
Overwrit ing NULL
http://developers.linecorp.com/blog/?p=3660
LINE Encryption Whitepaper
Detailed cryptographic protocol specification
Covers
Available now at
transport encryption Letter Sealing
https://linecorp.com/en/security/artic le/37
messaging E2EE VoIP E2EE
1 Risk Assessment 2 Anti-Spam/Game Abusing 3 Bug Bounty Program
Risk Assessment Monitoring Bug Bounty
Design Implement QA Operate
Risk Assessment
Server
• XSS • CSRF • Path Traversal • Open-Redirect
Client
Web
Server
• Analyzing the protocol • Abusing/Cheating • Bot (un-off ic ial cl ient)
Client
LINE / Game
• Reversing • Modifying
Risk Assessment
Server
• Analyzing the protocol • Abusing/Cheating • Bot (un-off ic ial cl ient)
Client
LINE / Game
• Reversing • Modifying
Reverse engineering
Malware analysis
Vulnerability diagnosis/
investigation
Illegal copy of contents
Software tracking, cheating
Reverse engineering is a process of analyzing software/hardware and examining operating principles, source code, and development methods.
Purpose of use (examples)
Change in game environment
Cheat tools are created
Possible to level up without spending money and time
Bots are created Online, item purchase
Android, iOS opening up of the platform
Security Measures
Enhance security to the level where it is difficulty to abuse/cheat
Bot/abuser detection is performed on the server side
General cheat tool counter measure Encryption of locally stored data Encryption of communication between games and servers ARM/IL analysis measure
Abuser detection/automation
RA for LINE Games Memory / file cheat
• Possible to prevent it by storing score and other data on the server • Status data, such as attack power and HP, are fully handled on the client, and there is no counter measure for them.
From GameHacker
RA for LINE Games Speed hack
Ex.1: Stamina power recovery (possible to prevent)
Stamina: 40 / 100
Time: 12:54
Stamina: 40 / 100 Sync Abuser: added extra 20 min
to in-game t ime
Time: 12:34 Not ice
Stamina power recovery
Time: 12:34 Time: 12:34 Sync Since i t does not match server-side
t ime, the notice is rejected.
RA for LINE Games Speed hack
Ex.2: Time attack (impossible to prevent)
Time: 12:20
Time: 12:21
Time: 12:20 Sync
Star t a stage
Time: 12:21 Not ice
Stage clear notice
• Play game at twice the speed • Fake a stage clear notice
I f set to a real ist ic t ime, the server cannot detect the hack.
RA for LINE Games MITM (Man-In-The-Middle)
• I f i t is just HTTPS, communication is analyzed by MITM • SSL pinning should be performed in the game
However, the data is decrypted in the game. Hence, there is no perfect counter measure.
certificate
Possible to view communication
RA for LINE Games MITM (Man-In-The-Middle)
• Place proxy certif icate in device • With only HTTPS, communication is cryptanalyzed by MITM • [Measure]Execute SSL Pinning (certif icate check) in game
Check certificate
SSL Pinning
public static bool ValidateServerCertificate (object sender,System.Security.Cryptography.X509Certificates.X509Certificate certificate, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { string chash = certificate.GetCertHashString (); if (chash == " (hardcoded hash)") return true; // SSL certificate check ok return false; }
Examples of code to check certif icate of communication partner in game (Check routine may be removed)
RA for LINE Games
Unity C# -> CIL (DLL) -> Decompile *.dll C# -> CIL -> ASM(il2cpp) -> Disassemble libil2cpp.so
Cocos2d-x C++ -> .so -> Disassemble *.so
RA for LINE Games
Unity C# -> CIL (DLL) -> Decompile *.dll
From ILSpy
public void TakeDamage (int amount) { damaged = true; currentHealth -= amount; healthSlider.value = currentHealth; playerAudio.Play (); if(currentHealth <= 0 && !isDead) Death (); }
public void TakeDamage(int amount) { this.damaged = true; this.currentHealth -= amount; this.healthSlider.set_value( (float)this.currentHealth); this.playerAudio.Play(); if (this.currentHealth <= 0 && !this.isDead) { this.Death(); } }
RA for LINE Games
Unity C# -> CIL -> ASM(il2cpp) -> Disassemble libil2cpp.so
From IDA
public void TakeDamage (int amount) { damaged = true; currentHealth -= amount; healthSlider.value = currentHealth; playerAudio.Play (); if(currentHealth <= 0 && !isDead) Death (); }
RA for LINE Games
From IDA
Security Measures
Enhance security to the level where it is difficulty to abuse/cheat
Bot/abuser detection is performed on the server side
General cheat tool counter measure Encryption of locally stored data Encryption of communication between games and servers ARM/IL analysis measure
Abuser detection/automation
Security Measures
Duration/period/frequency of game play
Timing of level up Timing of stage clear Item usage history (including payment) IP bandwidth
Detect anomalies based on the characteristics below, while taking false positives into utmost consideration
Human Bot
Anti-Spam Message
Spammer’s Account
Security CS
spam message
Users
Anti-Spam
block Repor t Query
LINE • Block rule • Text mining • Human check
Check flow
Anti-Spam/Abusing
Operator takes necessary measures (e.g. adding rules)
Finds potential loopholes for the abuser (measures for the measure)
Operator takes additional measures (return to 2.)
Datasets change
Datasets change
Datasets change
Anti-Spam/Abusing
Datasets change periodically
False positives of less than 0.01%
Datasets change
Datasets change
Datasets change
Able to explain the cause of false positives
There is a limit to detection by machine learning based on similarity. (Manual check is essential.)
Anti-Spam/Abusing
Bring client (app) measure to a certain level
Automate server-side as much as possible
Final check to be done manually (as needed)
We intend to explore this area and implement further automation
Bug Bounty Program https://bugbounty. l inecorp.com/ja/
Bug Bounty Program
0
5
10
15
20
25
The number of reports
6/2 6/16 6/30 7/14 7/28 8/11
Category
XSS
CSRF
RCE
Auth bypass
Purchase bypass
Encryption break
Other
