by LINE Engineer on 2015.10.13
Hello, my name is JI and I am working at LINE as a security engineer.
People might have wondered how safe mobile applications are. Message security is surely something most of you have thought about before. As we are centered around mobile messaging, all the engineers at LINE do take extra care to make our app even safer. But when companies are asked about how safe their message transfer process actually is, not many mobile messaging app companies are able to clearly explain about their security.
Today, I proudly present the newest security feature called “Letter Sealing.” A new feature added in version 5.3.0 of LINE.
Safe delivery of messages
Since time immemorial, methods to transfer secrets between one another have existed, and were an important part of human history. People would whisper secrets in dark alleyways or sometimes even devise a code to prevent any potential eavesdroppers from understanding what they were saying.
However, these methods would only work if the speaker and listener were in close proximity. Without the advanced internet technology that lets us easily communicate long-distance, people in the past had to put their messages into envelopes and deliver them by conventional means. Only, there was one problem: the envelope could be intercepted during delivery and resealed once read, unbeknownst to the actual intended recipient. Even when messages were altered or falsified, the recipient had no way of knowing. You can imagine how difficult it must have been for a message to be sent and received safe and sound.
So there was a need for a new method of security. While it may have been impossible to prevent someone from reading the message, people thought of a way to mark the message with a seal that would let the recipient know who wrote the message and if someone had opened the envelope while it was being delivered. This was how sealing became a regular practice. Once the message was inside the envelope, the writer would pour melted wax onto the flaps and push down on the heated wax with a seal engraved with a unique pattern. Anyone attempting to read the message would have had to damage the seal, and the actual recipient would know if the message was compromised by checking if the seal was intact. Unique patterns were engraved onto these seals to prevent anyone from trying to apply a seal of their own after damaging the original. Sometimes, messages were hidden so that they would only be revealed by using a special ink.
Sealing acted as a way of protecting messages from the many problems that may arise while it was being delivered, but the sealing method lost its significance with the waning popularity of hand-written messages. How are messages protected today? What methods are used to keep messages secure on modern communication methods? In the following sections, we will go over how LINE messages are kept secure from prying eyes.
The default encryption method used in LINE
Any modern mobile messaging app or social networking service has servers that store and send message data. Servers decrypt messages or other data that are sent by users and then send them back to the recipient. If the server cannot immediately deliver the data to the recipient, the data will be temporarily stored while the recipient receives a push notification that lets them know there is a new message.
Encryption is a vital piece of technology that keeps a message safe while being delivered from the messaging app to the server. LINE has also encrypted messages so that the various user information sent to the servers cannot be acquired and read by third parties. The process of encrypted communication between the messaging app on user devices and the server looks like [Figure 2] below.
Encryption alone is not the answer. The encryption key required for encrypting and decrypting data cannot be included inside the LINE app. If the key were to be included in the app itself, someone that has access to the same decryption key would be able to view every message that goes through the network. LINE uses a public key encryption method instead.
We include a public key into the LINE app that can encrypt messages, and then create a secure encrypted channel that can only be decrypted by the LINE server when the user device is connected with the servers. This is both a better lightweight solution compared to a secure socket layer (SSL) and provides an encryption method that can be used across all versions of LINE. It additionally eliminates the possibility of a man-in-the-middle (MITM) attack, where someone can snoop on the messages between delivery.
LINE uses the Rivest-Shamir-Adleman (RSA) method of public key encryption, a commonly used cryptosystem in SSLs. How LINE uses RSA will be explained in more detail below.
Using the RSA key issued by the server, the LINE client shares the encryption key value used when encrypting data. Later this key is used to encrypt the data, preventing any third party from looking at the message. This method is considered safe because the private RSA key is only stored on the LINE servers. In other words, unless someone hacks the LINE servers and creates a fake server with the same key, messages cannot be decrypted under the current system.
While only hypothetical, there is one flaw with this method. A hacker inside the LINE servers could still be able to compromise the safety of message data. For simplicity’s sake, let’s imagine that the current way of message protection at LINE is like keeping hundreds of mass-produced wax seals in a warehouse, which would be the LINE servers. These seals will be used to re-seal messages that had their seals removed.
These seals only exist inside the LINE servers, but they can be compromised if there was an inside hacker. Also, whether intentionally or unintentionally LINE messages are very briefly exposed in plain text during the encryption process. If a hacker with server access privileges attempts to read these messages during this brief opening, there is technically no perfect way of preventing that from happening.
These kinds of security flaws were not legitimate concerns until recently. But the online environment of today is not the same as it were. First of all, the amount of potential damage to normal everyday users has risen exponentially due to how the number of people with internet access has increased. The advancements in computer technology has also brought upon new hacking methods with unforeseen consequences. Hackers have become more organized. Hacker attacks can now critically damage servers, a place that was considered safe until now. As new dangers arose, so did a need for a reassessment of the threats. And ultimately, research for how to combat them.
We at LINE reevaluated the many potential security threats and have concluded that we need a better way to protect messages. The solution we have come up with was to bring back the old practice of sealing into the modern age of digital messaging. Instead of using mass-produced seals that were handed down from the LINE servers, we wanted to let each user have their own unique seal. To make the whole process simple and easier to understand, we have named it “Letter Sealing.”
Letter Sealing: How is it better?
You might be asking how Letter Sealing actually makes things better.
First of all, we have used a secure algorithm to allow safe key exchanges between a sender and a recipient. Letter Sealing uses the Diffie-Hellman (DH) method of key exchange instead of the RSA method. With this method, each user has a public key and a private key. Each user holds on to their private keys and only exchange the public keys with other users. When two public keys are exchanged, obfuscated data is created between the two users. This prevents any third party from intercepting the messages..
When the values are exchanged, users are able to exchange shared secret data without the risk of exposure. While the RSA method also had a similar system, it was replaced with the DH method because it was more efficient than storing each individual RSA key on user devices.
The DH method uses discrete logarithm and elliptic curve calculation. Among the two, Letter Sealing uses the Elliptic Curve Diffie-Hellman (ECDH) method. As it is known as one of the most secure cryptosystems. The ECDH methods allows stronger encryption with a smaller amount of data compared to the discrete logarithm method or the RSA method. Letter Sealing has both better security and efficiency by using the ECDH method.
Under the current method, the message is encrypted and only sends the minimum required information to the recipient user. The encryption algorithm used is AES-CBC-256, known as the most advanced encryption algorithm available today. The only problem with this encryption method was that the device encrypting the data and the device decrypting the data had to have identical keys. Our solution was to use the DH method.
After sharing the agreed upon common value, (shared secret) the message data is encrypted. LINE uses the ECDH method to create a 256-bit (32-byte) shared value that is then used to create an encryption key. The key data is also transferred along with the encrypted message, but simply encrypting a message does not make it completely secure. While the actual message cannot be seen, it is possible to make the message unreadable or to change the contents.
To prevent these kinds of attacks, we have added a feature called Message Authentication Code (MAC) to Letter Sealing. When messages are sent, they are summarized in a cryptographic form. Once the recipient receives the message it will be compared with the MAC value to see if there was any tampering involved.
Letter Sealing is also functionally different from existing methods, using the technologies that were explained above. One key difference is that with Letter Sealing, encryption is performed by the sender instead of the server. This technically prevents any possibilities of messages being decrypted and re-encrypted, and also makes sure messages are never exposed in plain text on the server. Additionally, the message keys used to exchange messages are safely stored on the devices of the sender and recipient instead of the server. This eliminates the possibility of a third party, including the LINE servers, from removing the seal on messages.
Previous encryption methods ran the risk of compromising messages if there was a direct attack on the LINE servers, but Letter Sealing will now make those concerns a thing of the past. Like how the wax seals of the past had protected messages from prying eyes, this new method of digital sealing will protect your messages until it safely arrives to your intended recipient.
How to use Letter Sealing
Unlike many other new features that are added to the app, the benefits of Letter Sealing may not be immediately apparent. While not visibly groundbreaking, the security implications are more than meets the eye1. We hope you find Letter Sealing to be worth your while, along with other features currently in development.
You must take the following steps in order to enable Letter Sealing. In any version later than LINE 5.3.0, navigate to More > Settings > Chats & Voice Calls > Letter Sealing. LINE for iOS and Android can enable Letter Sealing just by toggling this option.
For Android users that have never used the Windows, Windows desktop, OS X, iPad, or Chrome version of LINE, Letter Sealing has already started to roll out to certain countries since September. Android users that have Letter Sealing enabled in settings or have it on by default can benefit from the security of Letter Sealing when sharing text messages, location information in a one-on-one conversation with another user. One caveat is that the other user must have also opted in to Letter Sealing in order for it to work. So keep in mind that you will need to convince other users to opt in if you wish to to enjoy the security of Letter Sealing when you are talking with them.
We plan to implement Letter Sealing into more types of messages and group chats as well. Keep posted to the blog for more information on new security features for LINE.
1: The current version of LINE does not display whether Letter Sealing is enabled or not. We are planning to add this in future versions.