Easier and Safer LINE Account Transfer

Slide 1

Slide 1 text

Easier and Safer LINE Account Transfer Sangwook Ma / LINE Plus

Slide 2

Slide 2 text

Agenda - Background - Challenges of LINE Account Transfer - Easier transfer using biometric authentication - Letter Sealing key transfer via secure backup - Summary and upcoming plans

Slide 3

Slide 3 text

Agenda - Background - Challenges of LINE Account Transfer - Easier transfer using biometric authentication - Letter Sealing key transfer via secure backup - Summary and upcoming plans

Slide 4

Slide 4 text

User-first Development in LINE - LINE developer’s goal - Providing convenient features without compromising security - We are often at a crossroads between user experience and security - We always endeavor to find a solution to achieve both for our users

Slide 5

Slide 5 text

LINE Account Transfer LINE Servers Current Device’s LINE Client New Device’s LINE Client LINE Account Account Identification & Authentication

Slide 6

Slide 6 text

LINE Account Transfer - Available authentication factors - Phone number, password, PIN, device ownership, … - Some are not good as a means of identification - Phone number ownership is mutable - And not good as a means of authentication - Knowledge factors(password, PIN, …) are too easy to forget & be leaked - We cannot expect users to use highly secure password

Slide 7

Slide 7 text

LINE Letter Sealing LINE Official Blog: New generation of safe messaging: "Letter Sealing"

Slide 8

Slide 8 text

Agenda - Background - Challenges of LINE Account Transfer - Easier login using biometric authentication - Letter Sealing key transfer via secure backup - Summary and upcoming plans

Slide 9

Slide 9 text

Challenges of Account Transfer Seamless Transfer of Chat history Easy Feature for users Prevention of Account Takeovers

Slide 10

Slide 10 text

Easy Feature for users - Knowledge factors are vulnerable to account takeover attacks - Our familiar weapon: Multi-factor authentication - Ex) Device ownership verification - Transfer sequence becomes longer and longer.. - Longer the transfer sequence is, harder for users to complete the transfer - More than 30% of incoming CS inquiries are about Account Transfer

Slide 11

Slide 11 text

Prevention of Account Takeovers - Account takeover can cause severe damages to users - Data leakage, financial losses, … - Phishing page dupes user to provide ID, password, PIN code, … - Not easy to detect and find from service side - Our countermeasures: History of LINE's Phishing Fraud Countermeasures LINE Official Webpage: Real Examples of Phishing Scams

Slide 12

Slide 12 text

Seamless Transfer of Chat history - Users usually expect to see all of previous chats on the new device - Not only chat history but Letter Sealing key should also be transferred - Limitation of the current cloud-based backup feature - It depends on external services like iCloud or Google Drive - Currently it cannot be restored across different device platforms

Slide 13

Slide 13 text

Agenda - Background - Challenges of LINE Account Transfer - Easier transfer using biometric authentication - Letter Sealing key transfer via secure backup - Summary and upcoming plans

Slide 14

Slide 14 text

Advantages of Biometric Auth - Biometric authentication on your device - More secure auth factor than password - Enabling better identification via device ownership - Easier transfer feature utilizes biometric authentication for user before accessing device’s key store - Note: LINE also supports biometric auth via FIDO2 - Applied to account login on LINE desktop clients

Slide 15

Slide 15 text

LINE Account Transfer using Biometric Auth Initialize a session Generate and show QR code Scan QR code Receive current device’s data (encrypted) Notify to send current device’s data Wait for current device’s data Decrypt and save data Server New Device Current Device Ask user to confirm the transfer & proceed biometric auth to unlock client’s key store Send current device’s data (encrypted)

Slide 16

Slide 16 text

LINE Account Transfer using Biometric Auth Initialize a session Generate and show QR code Scan QR code Receive current device’s data (encrypted) Notify to send current device’s data Wait for current device’s data Decrypt and save data Server New Device Current Device Send current device’s data (encrypted) Ask user to confirm the transfer & proceed biometric auth to unlock client’s key store

Slide 17

Slide 17 text

LINE Account Transfer using Biometric Auth Initialize a session Generate and show QR code Scan QR code Receive current device’s data (encrypted) Notify to send current device’s data Send current device’s data (encrypted) Wait for current device’s data Decrypt and save data Server New Device Current Device Ask user to confirm the transfer & proceed biometric auth to unlock client’s key store

Slide 18

Slide 18 text

LINE Account Transfer using Biometric Auth Initialize a session Generate and show QR code Scan QR code Receive current device’s data (encrypted) Notify to send current device’s data Wait for current device’s data Decrypt and save data Server New Device Current Device Send current device’s data (encrypted) Ask user to confirm the transfer & proceed biometric auth to unlock client’s key store

Slide 19

Slide 19 text

Current Device New Device

Slide 20

Slide 20 text

Current Device New Device

Slide 21

Slide 21 text

Current Device New Device

Slide 22

Slide 22 text

Current Device New Device

Slide 23

Slide 23 text

Current Device New Device

Slide 24

Slide 24 text

Current Device New Device

Slide 25

Slide 25 text

Current Device New Device

Slide 26

Slide 26 text

Current Device New Device

Slide 27

Slide 27 text

Advantages over existing flow Key Transfer via E2EE Simple and Intuitive More Secure against Phishing

Slide 28

Slide 28 text

Advantages over existing flow Key Transfer via E2EE Simple and Intuitive More Secure against Phishing

Slide 29

Slide 29 text

LINE Account Transfer using Biometric Auth Server New Device Current Device Data (ex. Letter Sealing Key)

Slide 30

Slide 30 text

LINE Account Transfer using Biometric Auth Initialize a session Server New Device Current Device C-PUB C-PVT Data Nonce

Slide 31

Slide 31 text

LINE Account Transfer using Biometric Auth Initialize a session Server New Device Current Device N-PUB N-PVT C-PUB C-PVT Data Nonce

Slide 32

Slide 32 text

LINE Account Transfer using Biometric Auth Initialize a session Scan QR code Server New Device Current Device C-PUB C-PVT Data Nonce N-PUB N-PVT Nonce C-PUB

Slide 33

Slide 33 text

LINE Account Transfer using Biometric Auth Initialize a session Server New Device Current Device N-PUB Nonce Shared Secret to decrypt data Scan QR code C-PUB C-PVT Data Nonce

Slide 34

Slide 34 text

LINE Account Transfer using Biometric Auth Initialize a session Server New Device Current Device Wait for current device’s data N-PUB Nonce Shared Secret to decrypt data Scan QR code C-PUB C-PVT Data Nonce N-PUB Nonce

Slide 35

Slide 35 text

LINE Account Transfer using Biometric Auth Server New Device Current Device Data Notify to send current device’s data N-PUB Nonce C-PUB C-PVT N-PUB Nonce

Slide 36

Slide 36 text

LINE Account Transfer using Biometric Auth Server New Device Current Device Notify to send current device’s data Data C-PUB Nonce Shared Secret to encrypt data N-PUB Nonce

Slide 37

Slide 37 text

LINE Account Transfer using Biometric Auth Server New Device Current Device Notify to send current device’s data Send current device’s encrypted data Encrypted data Data C-PUB Nonce Shared Secret to encrypt data N-PUB Nonce

Slide 38

Slide 38 text

LINE Account Transfer using Biometric Auth Server New Device Current Device Notify to send current device’s data Send current device’s encrypted data Receive current device’s data Encrypted data Data C-PUB Nonce Shared Secret to encrypt data Encrypted data N-PUB Nonce N-PUB Nonce Shared Secret to decrypt data

Slide 39

Slide 39 text

LINE Account Transfer using Biometric Auth Server New Device Current Device Notify to send current device’s data Data C-PUB Nonce Shared Secret to encrypt data N-PUB Nonce Shared Secret to decrypt data Data Receive current device’s data Encrypted data N-PUB Nonce Send current device’s encrypted data

Slide 40

Slide 40 text

Agenda - Background - Challenges of LINE Account Transfer - Easier transfer using biometric authentication - Letter Sealing key transfer via secure backup - Summary and upcoming plans

Slide 41

Slide 41 text

Account Transfer without Current Device - It happens when user loses or breaks their current device - No way to transfer current device’s Letter Sealing key without a backup - Challenge: How can we backup & restore Letter Sealing key securely? - Server must not know the raw key value under any circumstances

Slide 42

Slide 42 text

Recap: Securing Letter Sealing Key Backup LINE Dev Day 2019: Seamless device migration using LINE secure backups Worse UX High Entropy Better Security Better UX  Low Entropy Worse Security No Encryption Randomly Generated Password Wordlist Based Password User Chosen Password PIN

Slide 43

Slide 43 text

Slide 44

Slide 44 text

Trusted Execution Environment Recap: Concept of Key Transfer using PIN Encrypt / Decrypt Backup User Input (PIN) Remaining   attempt? Correct PIN? Backup / Restore Chat History Permanently Locked No remaining attempt Attempt counts LINE Dev Day 2019: Seamless device migration using LINE secure backups

Slide 45

Slide 45 text

Core measures of Secure Key Backup 1. Executing backup & restoration in Trusted Execution Environment(TEE) - Based on Intel’s Software Guard Extensions(SGX) - For more details, check our twin session in Tech-Verse Day1: - High Assurance Secure Software Development on the Server Side 2. Enforcing limits in key restoration attempts to prevent brute-force attacks - Must be resistant to internal threats from company network as well - Versioning the backup state and storing the restoration attempt count

Slide 46

Slide 46 text

Slide 47

Slide 47 text

Slide 48

Slide 48 text

Overview of Letter Sealing Key Transfer Tech-Verse 22: High Assurance Secure Software Development on the Server Side Trusted Execution Environment (Isolated servers) Company Network LINE Client LINE Server Backup server Encrypted Backup Internet User PIN Public Key Private Key Backup Data Attempt counts Extended storage

Slide 49

Slide 49 text

Slide 50

Slide 50 text

Attempt counts Private Key Server Trusted Environment (Isolated) Key Backup & Restoration Process Extended storage (Persistent) Attempt counts Encrypted Backup + Encrypt/ Decrypt & count++ Retrieve sealed data containing backup & attempt count Request backup or restore Public Key LINE Client User PIN Data

Slide 51

Slide 51 text

Attempt counts Private Key Server Trusted Environment (Isolated) Key Backup & Restoration Process Extended storage (Persistent) Attempt counts Encrypted Backup + Encrypt/ Decrypt & count++ Execute only when condition meets Retrieve sealed data containing backup & attempt count Request backup or restore Public Key LINE Client User PIN Data Send sealed data containing backup & count

Slide 52

Slide 52 text

Attempt counts Private Key Server Trusted Environment (Isolated) Key Backup & Restoration Process Extended storage (Persistent) Attempt counts Encrypted Backup + Encrypt/ Decrypt & count++ Execute only when condition meets Store sealed data where backup data and count are updated Request backup or restore Public Key LINE Client User PIN Data

Slide 53

Slide 53 text

Attempt counts Private Key Server Trusted Environment (Isolated) Key Backup & Restoration Process Extended storage (Persistent) Attempt counts Encrypted Backup + Encrypt/ Decrypt & count++ Execute only when condition meets Store sealed data where backup data and count are updated Result is returned Public Key LINE Client User PIN Data

Slide 54

Slide 54 text

Slide 55

Slide 55 text

Attempt counts Private Key Server Trusted Environment (Isolated) Prevention of brute-forcing backup PIN Extended storage (Persistent) Attempt counts Encrypted Backup + Encrypt/ Decrypt & count++ Brute-forcing on client app increases counts ✕ Permanently locked when max limit is reached Public Key User PIN Data

Slide 56

Slide 56 text

Attempt counts Private Key Server Trusted Environment (Isolated) Prevention of brute-forcing backup PIN Extended storage (Persistent) Attempt counts Encrypted Backup + Encrypt/ Decrypt & count++ Company Network Replay attack inside of company network Rejected based on attempt count condition ✕ Public Key User PIN

Slide 57

Slide 57 text

Field Issues during the project 1. Enhancing the access control and monitoring in extended storage - Our colleagues might cover this as a session at future events 🙂 2. Mitigating possible count inconsistency between TEE and extended storage - Attempt count resides at both of TEE and extended storage

Slide 58

Slide 58 text

Mitigating Inconsistency: Backgrounds 1. Independent attempt counts by TEE - TEEs does not sync attempt counts 2. Default routing strategy towards TEE - “Sticky” strategy based on user ID - Same account’s attempts are counted in the same TEE server to limit max count LINE Servers Extended storage User PIN All attempts on account A All attempts on account B TEE Servers

Slide 59

Slide 59 text

Attempt Count Inconsistency - Role of two attempt counts - TEE’s count - “reference count” of limiting attempts - Extended storage’s count - Required for persistence - Storage failures lead to inconsistencies in attempt counts ✕ 5. Count after failure: N (Increased count is not applied) 2. Count after ops: N+1 4. Failed to store backup & count 1. Given count: N LINE Servers Extended storage TEE Servers 3. Returned count: N+1 User PIN

Slide 60

Slide 60 text

Impact of Attempt Count Inconsistency - TEE rejects the next attempt because storage’s count is smaller than TEE’s count - User’s attempt is aborted even though they entered a correct PIN. 0. Current count: N (Inconsistent) 2. Current count: N+1 3. Rejected by TEE ✕ LINE Servers Extended storage User PIN (Next attempt) 4. Aborted 1. Given count: N

Slide 61

Slide 61 text

Mitigating Inconsistency: Measure #1 - Retry until storage update succeeds - Based on Kafka + Decaton (LINE’s streaming task proc framework) - No user impact as inconsistency is fixed - Focus on reducing storage failure’s impact 5. Count after retry succeeds: N+1 (consistent) 4. Retry until storage update succeeds LINE Servers Extended storage 2. Count after ops: N+1 1. Given count: N 3. Returned count: N+1 User PIN

Slide 62

Slide 62 text

Mitigating Inconsistency: Measure #2 - Measure to mitigate storage failure impacts - Changing the routing strategy from ‘sticky’ strategy to round-robin - Attempt count starts on the new TEE without inconsistency - Next attempt succeeds while maintaining the proper resistance to brute-forcing 2. TEE #2’s count starts from N Current count: N TEE #1’s count: N+1 0. Rejected by TEE ✕ 1. Retry Returned count: N + 1 LINE Servers Extended storage User PIN (Next attempt)

Slide 63

Slide 63 text

Agenda - Background - Challenges of LINE Account Transfer - Easier transfer using biometric authentication - Letter Sealing key transfer via secure backup - Summary and upcoming plans

Slide 64

Slide 64 text

Summary - Challenges of LINE account transfer feature - Easy feature for users - Preventing account takeover - Seamless chat transfer - Our improvements balancing UX and security - New transfer flow based on biometric auth for device-on-hand case - New Letter Sealing key transfer function for device-not-on-hand case झ௼݀౟੘ࢿ઺ ӝࠄ੸ਵ۽ठۄ੉٘ղਊਸࢸݺೞחߑೱ

Slide 65

Slide 65 text

Upcoming Plans - Improved Account Transfer feature to protect against phishing - Even when user doesn't have the previous device - Better UX using biometric authentication across our features - Applying LINE client’s biometric auth to LINE login for 3rd parties - Broader coverage of message backup & restoration feature - Supporting cross-platform cloud-based chat backup

Slide 66

Slide 66 text

Remark - This talk’s improvements are outcomes of two major projects - Dozens of people from various teams have worked for several months - We promise to continue our journey - The journey to keep enhancing feature usability and user data security