End-to-End Encrypted Zoom Meetings: Proving Security and Strengthening Liveness

Yevgeniy Dodis, Daniel Jost, Balachandar Kesavan, Antonio Marcedone

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In May 2020, Zoom Video Communications, Inc. (Zoom) announced a multi-step plan to comprehensively support end-to-end encrypted (E2EE) group video calls and subsequently rolled out basic E2EE support to customers in October 2020. In this work we provide the first formal security analysis of Zoom’s E2EE protocol, and also lay foundation to the general problem of E2EE group video communication. We observe that the vast security literature analyzing asynchronous messaging does not translate well to synchronous video calls. Namely, while strong forms of forward secrecy and post compromise security are less important for (typically short-lived) video calls, various liveness properties become crucial. For example, mandating that participants quickly learn of updates to the meeting roster and key, media streams being displayed are recent, and banned participants promptly lose any access to the meeting. Our main results are as follows: 1.Propose a new notion of leader-based continuous group key agreement with liveness, which accurately captures the E2EE properties specific to the synchronous communication scenario.2.Prove security of the core of Zoom’s E2EE meetings protocol in the above well-defined model.3.Propose ways to strengthen Zoom’s liveness properties by simple modifications to the original protocol, which have since been deployed in production.

Original languageEnglish (US)
Title of host publicationAdvances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
EditorsCarmit Hazay, Martijn Stam
PublisherSpringer Science and Business Media Deutschland GmbH
Pages157-189
Number of pages33
ISBN (Print)9783031305887
DOIs
StatePublished - 2023
Event42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2023 - Lyon, France
Duration: Apr 23 2023Apr 27 2023

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14008 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2023
Country/TerritoryFrance
CityLyon
Period4/23/234/27/23

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'End-to-End Encrypted Zoom Meetings: Proving Security and Strengthening Liveness'. Together they form a unique fingerprint.

Cite this