Secure-by-design for Social Digital Identity - case of LINE

Transcript

1. None

2. Secure-by-design for Social Digital Identity - case of LINE Naohisa

   Ichihara LINE Corporation

3. Naohisa Ichihara / 市原尚久 Director, Cyber Security Department サイバーセキュリティ室 室長

   - 90s~2007: - Smart Card OS & Security, CC EAL5+ - Juki-Card, e-Passport, My number Card - 2005〜 - NFC, Mobile, Web, FIDO x Security - Major MNO’s ID security , FIDO - 2015〜 : LINE SECURITY - LINE’s Account Security - Trust & Safety - FIDO Alliance Board member, ..
4. None

5. LINE Account MAU(Monthly Active Users) Japan 80M Taiwan 21M Thailand

   44M ：

6. Mis-Identification, Bypass Parental Control, .. LINE Timeline LINE Pay LINE

   Point Clova Spam, Fake Account, Fake News Campaign Fraud, Money Laundering, Campaign Fraud, Money Laundering, LINE Ticket Multiple Purchase, Illegal resale, .. LINE Talk Room Account Hijack, Spam, Fake Account, Disinformation

7. Account Hijack Spam Functional Abusing Fake Account Payment Fraud LINE

   Point Abuse : L I Trust & Safety PIA (Privacy Impact Assessment) Application Security Bug Bounty Program Infra / Network Protection CSIRT/SOC
8. None

9. • Wikipedia “Secure-by-Design” https://en.wikipedia.org/wiki/Secure_by_design ” Secure by design, in software

   engineering, means that the software has been designed from the foundation to be secure. Malicious practices are taken for granted and care is taken to minimize impact in anticipation of security vulnerabilities, when a security vulnerability is discovered or on invalid user input.[1] Closely related is the practice of using "good" software design, such as Domain-Driven Design or Cloud Native, as a way to increase security by reducing risk of vulnerability-opening mistakes -- even though the design principles used were not originally conceived for security purposes.” • 『サイバーセキュリティ戦略について』 内閣府サイバーセキュリティ戦略（平成27年9月4日閣議決定） セキュリティ・バイ・デザインの推進、説明責任、また関係者の共通価値として認識することについて明示

10. Design Secure-By-Design Development Service Data Analysis Customer Care Issue Handling

11. Side-effects UX Customer Care Impacts Development Costs Reputation Security/UX Concerns

    Requirements Functional requirements Security/Privacy requirements Law/Regulation, .. Account Model Account Lifecycle Enrollment Authentication Federation User Interface/Interaction Block rules Output Account Hijack Sudden Death Account Recovery Issue Mass Registration Fake Account, … Social Connection features Privacy-related features Federated service features

12. Account Hijack Sudden Death Account Recovery Issue

13. Tanaka Tanaka (fake) Suzuki Talk to.. scamming.. (fake) Tanaka ON

14. 090-1234-5678 Yutaka 090-1234-5678 Megumi Yutaka Sudden Death (1)Register (4)Register (2)Release

    SIM (3)Purchase SIM

15. Forget Password Lost Device Stole Device Initialized OS Doesn’t have

    registered SIM Not registered SIM Not registered Email, ..
16. None

17. Web App Mobile App <<Device>> <<Identity Attribute>> 0..* 0..* 1

    *Email *Password 2FA Key Sudden Death Account Recovery Issue Web App

18. <<Device>> <<Identity Attribute>> 1 Mobile App *Phone *Password Email EB

    *Phone Password 1 0..* 1 2 3 Desktop App Mobile App Account Recovery Issue Sudden Death

19. Authentication {email, PW} {phone, PW} {phone, email, PW} {phone} option

    option Enrollment 端末引き継ぎ デスクトップ版ログイン Desktop Login Device Migration ※various types
20. None

21. Customer Care Planning Security Development Data Analysis

22. LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User

    interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue Desktop App Mobile App <<Device>> <<Identity Attribute>> 0..* *Phone *Password Email FB 1

23. Phone + Email + PW Phone + FB + Email

    + PW Phone + PW Phone + FB + PW Faceb FB + Email + PW FB + PW Desktop App Mobile App <<Device>> <<Identity Attribute>> 0..* *Phone *Password Email FB 1 LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue

24. Phone + Email + PW Email + PW (AR issue)

    Phone + FB + Email + PW Phone + PW Phone + FB + PW Sudden Death Faceb FB + Email + PW FB + PW LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue

25. Migration to different smartphone Different Phone number Same Phone number

    Device lost / OS initialization Different Phone number Re-issue Same Phone number Phone + Email + PW Email + PW (#4 AR issue) Phone + FB + Email + PW Phone + PW Phone + FB + PW Email+PW+SMS Email+PW+SMS Email+PW+SMS Email+PW+SMS #3 Sudden Death Sudden Deathが発生するリスクあり。復旧不可能 LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue Before 2016.2 Before 2016.2 Account Hijack!!!! 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ Email+PW+SMS Email+PW+SMS Email+PW+SMS Email+PW+SMS ★2014年以前は 追加認証なし・・・

26. Migration to different smartphone Different Phone number Same Phone number

    Device lost / OS initialization Different Phone number Re-issue Same Phone number Phone + Email + PW Email + PW (#4 AR issue) Phone + FB + Email + PW Phone + PW Phone + FB + PW PIN Code PIN Code PIN Code PIN Code #3 Sudden Death Sudden Deathが発生するリスクあり。復旧不可能 LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue Before 2016.2 Before 2016.2 Account Hijack!!!! 2016. 2 ~ 2019. 2 ~ Now 2011~ Email+PW+SMS Email+PW+SMS Email+PW+SMS Email+PW+SMS ★「4桁PIN Code」追加 2014 ~ 2016. Feb

27. Migration to different smartphone Different Phone number Same Phone number

    Device lost / OS initialization Different Phone number Re-issue Same Phone number Phone + Email + PW Email + PW (#4 AR issue) Phone + FB + Email + PW Phone + PW Phone + FB + PW 2-step Auth 2-step Auth 2-step Auth 2-step Auth #3 Sudden Death (2段階認証) Sudden Deathが発生するリスクあり。復旧不可能 LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue After 2016.2 After 2016.2 ★2016.2月以降 機種変更時、電話番号が変わる 場合は、前の端末保持が必須 Account Hijack Account Recovery Issue.. 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ Email+PW+SMS Email+PW+SMS Email+PW+SMS Email+PW+SMS

28. LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User

    interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ Reverse Brute-force Attack

29. Enter the 6-digit verification code sent as a SMS message

    Open LINE and tap “Start” Enter your phone number 1 2 3 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue Reverse Brute-force Attack

30. Migration to different smartphone Different Phone number Same Phone number

    Device lost / OS initialization Different Phone number Re-issue Same Phone number Phone + Email + PW Email + PW (#4 AR issue) Phone + FB + Email + PW Phone + PW Phone + FB + PW 2-step Auth 2-step Auth 2-step Auth 2-step Auth #3 Sudden Death (2段階認証) UnRecoverable after “Sudden death” 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue Email+PW+SMS Email+PW+SMS Email+PW+SMS Email+PW+SMS Sudden Deathが発生するリスクあり。復旧不可能

31. PW+SMS 2-step auth using old phone 2-step auth using old

    phone (if he/she still has) Recoverable! (after Sudden Death) Migration to different smartphone Different Phone number Same Phone number Device lost / OS initialization Different Phone number Re-issue Same Phone number Phone + Email + PW Email + PW (#4 AR issue) Phone + FB + Email + PW Phone + PW Phone + FB + PW 2-step Auth 2-step Auth 2-step Auth 2-step Auth #3 Sudden Death (2段階認証) 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ PW+SMS PW+SMS Email+PW+SMS Email+PW+SMS LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death (Improved!) Account Recovery Issue

32. Registration Mandatory Attribute Registration Optional Attribute Registration Optional Info Registration

    Phone or Facebook Email, PW, .. Account Authentication & Identification Two-Step authenticatio n Attributes Configuration Migration (skip) Phone, Facebook, Email, PW 2FA condition check Active Phone Phone +Email+PW Phone+PW Phone +Facebook Phone +Email+PW+ Facebook Phone+PW +Facebook Facebook Facebook +Email+PW Facebook +PW Suspended Email+PW PW Dormant InActive Before-active Deleted Deskto p App Mobile App <<Device>> 0..* *Phone *Password Email FB 1 Account Model Account Lifecycle User Interface/Interaction Enrollment Authentication Federation

33. 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016.

    Feb 2011~ x Data Analysis / Machine Learning, and implementing Block Rules 2-step Auth (2段階認証)

34. Please don’t post in SNS the next 2 slides

35. Good Bad Account Hijack Sudden Death Account Recovery Issue Password-list

    /Brute-force attack Phone verification abuse Via Social Engineering N/A Account Migration UX Talk History Migration UX Account Registration UX N/A N/A N/A N/A N/A N/A N/A N/A Digital Identity Risks UX N/A Phishing ※This table is crated based-on our theoretical analysis for Risks, and subjective evaluation for UX

36. Good Bad Account Hijack Sudden Death Account Recovery Issue Password-list

    /Brute-force attack Phone verification abuse Via Social Engineering N/A Account Migration UX Talk History Migration UX Account Registration UX N/A N/A N/A N/A N/A N/A N/A N/A Digital Identity Risks UX N/A Phishing Secure or Good UX? ※This table is crated based-on our theoretical analysis for Risks, and subjective evaluation for UX

37. Good Bad Account Hijack Sudden Death Account Recovery Issue Password-list

    /Brute-force attack Phone verification abuse Via Social Engineering N/A Account Migration UX Talk History Migration UX Account Registration UX N/A N/A N/A N/A N/A N/A N/A N/A Digital Identity Risks UX N/A Phishing Privacy or Good UX? ※This table is crated based-on our theoretical analysis for Risks, and subjective evaluation for UX Privacy Privacy Privacy
38. None

39. • In the case of device changes, UX is sacrificed

    at the cost of enforcing tighter security. LINEは、機種変更時の乗っ取り対策を重視、UXを犠牲にしている Account Hijack Account Recovery Issue Sudden Death 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ 2018. 9 ~ Zero! Improved but.. Still… • SbD+ Data Science/ML has been improving LINE’s account security and UX issues LINEは、SbDと データ分析/MLにより、セキュリティとUXの問題を 段階的な改善を進めてきた 。

40. ‘e-KYC’ in LINE Pay, launched in April, 2019

41. Mis-Identification, Bypass Parental Control, .. LINE Timeline LINE Pay LINE

    Point Clova Spam, Fake Account, Fake News Campaign Fraud, Money Laundering, Campaign Fraud, Money Laundering, LINE Ticket Multiple Purchase, Illegal resale, .. LINE Talk Room Account Hijack, Spam, Fake Account, Disinformation Trust & Safety for LINE’s Service
42. None