Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Secure-by-design for Social Digital Identity - case of LINE

Secure-by-design for Social Digital Identity - case of LINE

LINE Developers
PRO

May 29, 2019
Tweet

More Decks by LINE Developers

Other Decks in Technology

Transcript

  1. None
  2. Secure-by-design for Social Digital Identity - case of LINE Naohisa

    Ichihara LINE Corporation
  3. Naohisa Ichihara / 市原尚久 Director, Cyber Security Department サイバーセキュリティ室 室長

    - 90s~2007: - Smart Card OS & Security, CC EAL5+ - Juki-Card, e-Passport, My number Card - 2005〜 - NFC, Mobile, Web, FIDO x Security - Major MNO’s ID security , FIDO - 2015〜 : LINE SECURITY - LINE’s Account Security - Trust & Safety - FIDO Alliance Board member, ..
  4. None
  5. LINE Account MAU(Monthly Active Users) Japan 80M Taiwan 21M Thailand

    44M :
  6. Mis-Identification, Bypass Parental Control, .. LINE Timeline LINE Pay LINE

    Point Clova Spam, Fake Account, Fake News Campaign Fraud, Money Laundering, Campaign Fraud, Money Laundering, LINE Ticket Multiple Purchase, Illegal resale, .. LINE Talk Room Account Hijack, Spam, Fake Account, Disinformation
  7. Account Hijack Spam Functional Abusing Fake Account Payment Fraud LINE

    Point Abuse : L I Trust & Safety PIA (Privacy Impact Assessment) Application Security Bug Bounty Program Infra / Network Protection CSIRT/SOC
  8. None
  9. • Wikipedia “Secure-by-Design” https://en.wikipedia.org/wiki/Secure_by_design ” Secure by design, in software

    engineering, means that the software has been designed from the foundation to be secure. Malicious practices are taken for granted and care is taken to minimize impact in anticipation of security vulnerabilities, when a security vulnerability is discovered or on invalid user input.[1] Closely related is the practice of using "good" software design, such as Domain-Driven Design or Cloud Native, as a way to increase security by reducing risk of vulnerability-opening mistakes -- even though the design principles used were not originally conceived for security purposes.” • 『サイバーセキュリティ戦略について』 内閣府サイバーセキュリティ戦略(平成27年9月4日閣議決定) セキュリティ・バイ・デザインの推進、説明責任、また関係者の共通価値として認識することについて明示
  10. Design Secure-By-Design Development Service Data Analysis Customer Care Issue Handling

  11. Side-effects UX Customer Care Impacts Development Costs Reputation Security/UX Concerns

    Requirements Functional requirements Security/Privacy requirements Law/Regulation, .. Account Model Account Lifecycle Enrollment Authentication Federation User Interface/Interaction Block rules Output Account Hijack Sudden Death Account Recovery Issue Mass Registration Fake Account, … Social Connection features Privacy-related features Federated service features
  12. Account Hijack Sudden Death Account Recovery Issue

  13. Tanaka Tanaka (fake) Suzuki Talk to.. scamming.. (fake) Tanaka ON

  14. 090-1234-5678 Yutaka 090-1234-5678 Megumi Yutaka Sudden Death (1)Register (4)Register (2)Release

    SIM (3)Purchase SIM
  15. Forget Password Lost Device Stole Device Initialized OS Doesn’t have

    registered SIM Not registered SIM Not registered Email, ..
  16. None
  17. Web App Mobile App <<Device>> <<Identity Attribute>> 0..* 0..* 1

    *Email *Password 2FA Key Sudden Death Account Recovery Issue Web App
  18. <<Device>> <<Identity Attribute>> 1 Mobile App *Phone *Password Email EB

    *Phone Password 1 0..* 1 2 3 Desktop App Mobile App Account Recovery Issue Sudden Death
  19. Authentication {email, PW} {phone, PW} {phone, email, PW} {phone} option

    option Enrollment 端末引き継ぎ デスクトップ版ログイン Desktop Login Device Migration ※various types
  20. None
  21. Customer Care Planning Security Development Data Analysis

  22. LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User

    interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue Desktop App Mobile App <<Device>> <<Identity Attribute>> 0..* *Phone *Password Email FB 1
  23. Phone + Email + PW Phone + FB + Email

    + PW Phone + PW Phone + FB + PW Faceb FB + Email + PW FB + PW Desktop App Mobile App <<Device>> <<Identity Attribute>> 0..* *Phone *Password Email FB 1 LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue
  24. Phone + Email + PW Email + PW (AR issue)

    Phone + FB + Email + PW Phone + PW Phone + FB + PW Sudden Death Faceb FB + Email + PW FB + PW LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue
  25. Migration to different smartphone Different Phone number Same Phone number

    Device lost / OS initialization Different Phone number Re-issue Same Phone number Phone + Email + PW Email + PW (#4 AR issue) Phone + FB + Email + PW Phone + PW Phone + FB + PW Email+PW+SMS Email+PW+SMS Email+PW+SMS Email+PW+SMS #3 Sudden Death Sudden Deathが発生するリスクあり。復旧不可能 LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue Before 2016.2 Before 2016.2 Account Hijack!!!! 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ Email+PW+SMS Email+PW+SMS Email+PW+SMS Email+PW+SMS ★2014年以前は 追加認証なし・・・
  26. Migration to different smartphone Different Phone number Same Phone number

    Device lost / OS initialization Different Phone number Re-issue Same Phone number Phone + Email + PW Email + PW (#4 AR issue) Phone + FB + Email + PW Phone + PW Phone + FB + PW PIN Code PIN Code PIN Code PIN Code #3 Sudden Death Sudden Deathが発生するリスクあり。復旧不可能 LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue Before 2016.2 Before 2016.2 Account Hijack!!!! 2016. 2 ~ 2019. 2 ~ Now 2011~ Email+PW+SMS Email+PW+SMS Email+PW+SMS Email+PW+SMS ★「4桁PIN Code」追加 2014 ~ 2016. Feb
  27. Migration to different smartphone Different Phone number Same Phone number

    Device lost / OS initialization Different Phone number Re-issue Same Phone number Phone + Email + PW Email + PW (#4 AR issue) Phone + FB + Email + PW Phone + PW Phone + FB + PW 2-step Auth 2-step Auth 2-step Auth 2-step Auth #3 Sudden Death (2段階認証) Sudden Deathが発生するリスクあり。復旧不可能 LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue After 2016.2 After 2016.2 ★2016.2月以降 機種変更時、電話番号が変わる 場合は、前の端末保持が必須 Account Hijack Account Recovery Issue.. 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ Email+PW+SMS Email+PW+SMS Email+PW+SMS Email+PW+SMS
  28. LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User

    interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ Reverse Brute-force Attack
  29. Enter the 6-digit verification code sent as a SMS message

    Open LINE and tap “Start” Enter your phone number 1 2 3 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue Reverse Brute-force Attack
  30. Migration to different smartphone Different Phone number Same Phone number

    Device lost / OS initialization Different Phone number Re-issue Same Phone number Phone + Email + PW Email + PW (#4 AR issue) Phone + FB + Email + PW Phone + PW Phone + FB + PW 2-step Auth 2-step Auth 2-step Auth 2-step Auth #3 Sudden Death (2段階認証) UnRecoverable after “Sudden death” 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death Account Recovery Issue Email+PW+SMS Email+PW+SMS Email+PW+SMS Email+PW+SMS Sudden Deathが発生するリスクあり。復旧不可能
  31. PW+SMS 2-step auth using old phone 2-step auth using old

    phone (if he/she still has) Recoverable! (after Sudden Death) Migration to different smartphone Different Phone number Same Phone number Device lost / OS initialization Different Phone number Re-issue Same Phone number Phone + Email + PW Email + PW (#4 AR issue) Phone + FB + Email + PW Phone + PW Phone + FB + PW 2-step Auth 2-step Auth 2-step Auth 2-step Auth #3 Sudden Death (2段階認証) 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ PW+SMS PW+SMS Email+PW+SMS Email+PW+SMS LINE’s Account Model Enrollment Authentication Functional Requirements Account Lifecycle User interface/Interaction Block rules Account Hijack Sudden Death (Improved!) Account Recovery Issue
  32. Registration Mandatory Attribute Registration Optional Attribute Registration Optional Info Registration

    Phone or Facebook Email, PW, .. Account Authentication & Identification Two-Step authenticatio n Attributes Configuration Migration (skip) Phone, Facebook, Email, PW 2FA condition check Active Phone Phone +Email+PW Phone+PW Phone +Facebook Phone +Email+PW+ Facebook Phone+PW +Facebook Facebook Facebook +Email+PW Facebook +PW Suspended Email+PW PW Dormant InActive Before-active Deleted Deskto p App Mobile App <<Device>> 0..* *Phone *Password Email FB 1 Account Model Account Lifecycle User Interface/Interaction Enrollment Authentication Federation
  33. 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016.

    Feb 2011~ x Data Analysis / Machine Learning, and implementing Block Rules 2-step Auth (2段階認証)
  34. Please don’t post in SNS the next 2 slides

  35. Good Bad Account Hijack Sudden Death Account Recovery Issue Password-list

    /Brute-force attack Phone verification abuse Via Social Engineering N/A Account Migration UX Talk History Migration UX Account Registration UX N/A N/A N/A N/A N/A N/A N/A N/A Digital Identity Risks UX N/A Phishing ※This table is crated based-on our theoretical analysis for Risks, and subjective evaluation for UX
  36. Good Bad Account Hijack Sudden Death Account Recovery Issue Password-list

    /Brute-force attack Phone verification abuse Via Social Engineering N/A Account Migration UX Talk History Migration UX Account Registration UX N/A N/A N/A N/A N/A N/A N/A N/A Digital Identity Risks UX N/A Phishing Secure or Good UX? ※This table is crated based-on our theoretical analysis for Risks, and subjective evaluation for UX
  37. Good Bad Account Hijack Sudden Death Account Recovery Issue Password-list

    /Brute-force attack Phone verification abuse Via Social Engineering N/A Account Migration UX Talk History Migration UX Account Registration UX N/A N/A N/A N/A N/A N/A N/A N/A Digital Identity Risks UX N/A Phishing Privacy or Good UX? ※This table is crated based-on our theoretical analysis for Risks, and subjective evaluation for UX Privacy Privacy Privacy
  38. None
  39. • In the case of device changes, UX is sacrificed

    at the cost of enforcing tighter security. LINEは、機種変更時の乗っ取り対策を重視、UXを犠牲にしている Account Hijack Account Recovery Issue Sudden Death 2016. 2 ~ 2019. 2 ~ Now 2014 ~ 2016. Feb 2011~ 2018. 9 ~ Zero! Improved but.. Still… • SbD+ Data Science/ML has been improving LINE’s account security and UX issues LINEは、SbDと データ分析/MLにより、セキュリティとUXの問題を 段階的な改善を進めてきた 。
  40. ‘e-KYC’ in LINE Pay, launched in April, 2019

  41. Mis-Identification, Bypass Parental Control, .. LINE Timeline LINE Pay LINE

    Point Clova Spam, Fake Account, Fake News Campaign Fraud, Money Laundering, Campaign Fraud, Money Laundering, LINE Ticket Multiple Purchase, Illegal resale, .. LINE Talk Room Account Hijack, Spam, Fake Account, Disinformation Trust & Safety for LINE’s Service
  42. None