A 5 security x line platform

1 LINE Architecture
2 Transport Security
3 Messaging and VoIP Security
4 Device Security

LINE Architecture
LINE Android Talk Server
User
DB
LINE
LINE iOS
LINE Desktop
Timeline
Auth
Media
LEGY Bot / OA
LEGY
encryption
SPDY/2
LEGY
encryption
SPDY/2
LEGY
encryption
SPDY/2
HTTP/HTTPS

LEGY
Line Event GatewaY
And more
Routing
Transport encryption
http://developers.linecorp.com/blog/?p=2381

TLS Problems
Current version – TLS v1.2
TLS v1.3 aims to provide some solutions
Requires several round-trips to complete handshake
High RTT on mobile networks
• simplified handshake
• 0-RTT
• but not final yet (draft status)
https://tlswg.github.io/tls13-spec/

Current version
• pinned RSA keys +AES
• no X.509 certificates
• 0-RTT handshake
• no forward secrecy (FS)
LEGY Encryption
Lightweight TLS
alternative

LEGY Encryption FS
Forward secrecy (FS)
Elliptic curve cryptography (ECC)
0-RTT handshake
AES-GCM for app data encryption
ECDH-based key exchange
first message under client ephemeral/server static
subsequent messages under ephemeral/ephemeral

Messaging E2EE
• End-to-end encryption (E2EE)
for LINE - Letter Sealing
• Introduced in Oct 2015/
LINE 5.3.0
• Initially iOS/Android only
• Applied to text and location
messages
h t t p : / / d e v e l o p e r s . l i n e c o r p . c o m / b l o g / ? p = 3 6 7 9

Letter Sealing
Evolution
• Group chat support
• Secondary device support
• Status indicator
• ON by default
iOS/Android 6.5.0+
Mac/Win 4.8.0+
• Planned enhancements
Media encryption
h t t p : / / d e v e l o p e r s . l i n e c o r p . c o m / b l o g / ? p = 3 6 7 9

Sending an Encrypted Message
LINE User 1
Talk
Server
1.user2’s public key?
2.send message
(ID:456, pub key)
LINE User 2
Message
AES encrypt
Message
to:user2
from:user1
toKeyID:456
fromKeyID:123
[salt]
[encrypted data]
Message
to:user2
from:user1
text:’Hello’

Receiving an Encrypted Message
LINE User 1
Talk
Server
3.push message
(ID:123, pub key)
LINE User 2
Message
Message
AES decrypt
to:user2
from:user1
toKeyID:456
fromKeyID:123
[salt]
[encrypted data]
Message
to:user2
from:user1
text:’Hello’

Encrypted Message Exchange
LINE User 1
Talk
Server
2.send message
(ID:456, pub key)
3.push message
(ID:123, pub key)
LINE User 2
Message
Message
AES encrypt
to:user2
from:user1
toKeyID:456
fromKeyID:123
[salt]
[encrypted data]
Message
to:user2
from:user1
text:’Hello’
AES decrypt
Message
to:user2
from:user1
text:’Hello’

Encryption Method
Messageuser 1
shared secret
KDF
(SS, salt)
KDF
(SS, salt)
user1 priv key
user2 pub key
Keychain
keyID:123 [priv key]
[user2 pub key]
[userN pub key]
ECDH
(Curve22519)
user2 priv key
user1 pub key
Message
AES encrypt
to:user2
from:user1
toKeyID:456
fromKeyID:123
[salt]
[encrypted data]
Message
to:user2
from:user1
text:’Hello’
AES decrypt
Message
to:user2
from:user1
text:’Hello’
Keychain
[user1 pub key]
[userN pub key]
user 2

Key Verification
Android
Chat Settings > Encryption Key
iOS
Settings > Encryption Key

Group Chat Support
Dedicated shared key is generated for each group
Encrypted shared key distributed to all members
Principle is same as 1:1 chats
Shared key is replaced when members leave or join
Key-encryption key derived for each member
ECDH key exchange
AES encryption

Group Key Registration
LINE User 1
Talk
Server
1.group1 member pub keys?
(user1 pubK,user2 pubK,user3 pubK)
3.enc.
group skey
Keychain
[group shared key]
[user3 pub key]
[user2 pub key]
Group Key
for user1*
[encrypted skey]
for user2
[encrypted skey]
for user3
[encrypted skey]
2.gen. group
shared key
4.register group1 shared key
Group 1
Group Key
for user1*
[encrypted skey]
for user2
[encrypted skey]
for user3
[encrypted skey]
user1
user2
user3

Group Key Distribution
LINE User 2
Talk
Server
1.group1 shared key?
(enc. skey for user2)
1.group1 shared key?
(enc. skey for user3)
LINE User 3
Message
Keychain
[group1 shared key]
Group Key
for user1*
[encrypted skey]
for user2
[encrypted skey]
for user3
[encrypted skey]
Keychain
[group1 shared key]
2.decrypt & save
group shared key
2.decrypt & save
group shared key

VoIP E2EE
• LINE 6.5.0+
• ECDH key exchange
ephemeral keys
server-mediated
custom SIP headers
• Media stream encryption
SRTP
AES-CTR + HMAC-SHA1

Device Security
True Delete - Since 5.3.0
More advanced data
protection features
coming soon
Overwriting NULL

LINE Encryption Whitepaper
Detailed cryptographic protocol specification
Covers
Available now at
transport encryption
Letter Sealing
https://linecorp.com/en/security/article/37
messaging E2EE
VoIP E2EE

1 Risk Assessment
2 Anti-Spam/Game Abusing
3 Bug Bounty Program

Risk Assessment
Monitoring
Bug Bounty
Design Implement QA Operate

Risk Assessment
Server
• XSS
• CSRF
• Path Traversal
• Open-Redirect
Client
Web
Server
• Analyzing the protocol
• Abusing/Cheating
• Bot (un-official client)
Client
LINE / Game
• Reversing
• Modifying

Risk Assessment
Server
• Analyzing the protocol
• Abusing/Cheating
• Bot (un-official client)
Client
LINE / Game
• Reversing
• Modifying

Reverse engineering
Malware
analysis
Vulnerability
diagnosis/
investigation
Illegal copy
of contents
Software
tracking,
cheating
Reverse engineering is a process of analyzing software/hardware and
examining operating principles, source code, and development methods.
Purpose of use (examples)

Change in game environment
Cheat tools are created
Possible to level up
without spending
money and time
Bots are created
Online, item purchase
Android, iOS
opening up of the platform

Security Measures
Enhance security to the level where it is difficulty
to abuse/cheat
Bot/abuser detection is performed on the server side
General cheat tool counter measure
Encryption of locally stored data
Encryption of communication between games and servers
ARM/IL analysis measure
Abuser detection/automation

RA for LINE Games
Memory / file cheat
• Possible to prevent it by storing score and other data on the server
• Status data, such as attack power and HP, are fully handled on the client,
and there is no counter measure for them.
From GameHacker

RA for LINE Games
Speed hack
Ex.1: Stamina power recovery (possible to prevent)
Stamina: 40 / 100
Time: 12:54
Stamina: 40 / 100
Sync Abuser: added extra 20 min
to in-game time
Time: 12:34
Notice
Stamina power recovery
Time: 12:34Time: 12:34
Sync Since it does not match server-side
time, the notice is rejected.

RA for LINE Games
Speed hack
Ex.2: Time attack (impossible to prevent)
Time: 12:20
Time: 12:21
Time: 12:20
Sync
Start a stage
Time: 12:21
Notice
Stage clear notice
• Play game at twice the speed
• Fake a stage clear notice
If set to a realistic time, the server cannot detect the hack.

RA for LINE Games
MITM (Man-In-The-Middle)
• If it is just HTTPS, communication is analyzed by MITM
• SSL pinning should be performed in the game
However, the data is decrypted in the game. Hence, there is no perfect counter measure.
certificate
Possible to view communication

RA for LINE Games
MITM (Man-In-The-Middle)
• Place proxy certificate in device
• With only HTTPS, communication is cryptanalyzed by MITM
• [Measure]Execute SSL Pinning (certificate check) in game
Check certificate

SSL Pinning
public static bool ValidateServerCertificate (object sender,System.Security.Cryptograp
hy.X509Certificates.X509Certificate certificate, X509Chain chain, System.Net.Security.
SslPolicyErrors sslPolicyErrors)
{
string chash = certificate.GetCertHashString ();
if (chash == " (hardcoded hash)")
return true; // SSL certificate check ok
return false;
}
Examples of code to check certificate of
communication partner in game (Check routine may be removed)

RA for LINE Games
Unity
C# -> CIL (DLL) -> Decompile *.dll
C# -> CIL -> ASM(il2cpp) -> Disassemble libil2cpp.so
Cocos2d-x
C++ -> .so -> Disassemble *.so

RA for LINE Games
Unity
C# -> CIL (DLL) -> Decompile *.dll
From ILSpy
public void TakeDamage (int amount)
{
damaged = true;
currentHealth -= amount;
healthSlider.value = currentHealth;
playerAudio.Play ();
if(currentHealth <= 0 && !isDead)
Death ();
}
public void TakeDamage(int amount)
{
this.damaged = true;
this.currentHealth -= amount;
this.healthSlider.set_value(
(float)this.currentHealth);
this.playerAudio.Play();
if (this.currentHealth <= 0 && !this.isDead)
{
this.Death();
}
}

RA for LINE Games
Unity
C# -> CIL -> ASM(il2cpp) -> Disassemble libil2cpp.so
From IDA
public void TakeDamage (int amount)
{
damaged = true;
currentHealth -= amount;
healthSlider.value = currentHealth;
playerAudio.Play ();
if(currentHealth <= 0 && !isDead)
Death ();
}

Security Measures
Duration/period/frequency of game play
Timing of level up
Timing of stage clear
Item usage history (including payment)
IP bandwidth
Detect anomalies based on the characteristics below,
while taking false positives into utmost consideration
Human Bot

Anti-Spam Message
Spammer’s
Account
SecurityCS
spam message
Users
Anti-Spam
block Report
Query
LINE
• Block rule
• Text mining
• Human check
Check flow

Anti-Spam/Abusing
Operator takes necessary measures (e.g. adding rules)
Finds potential loopholes for the abuser
(measures for the measure)
Operator takes additional measures (return to 2.)
Datasets change Datasets change Datasets change

Anti-Spam/Abusing
Datasets change periodically
False positives of less than 0.01%
Datasets change Datasets change Datasets change
Able to explain the cause of false positives
There is a limit to detection by machine learning based on similarity.
(Manual check is essential.)

Anti-Spam/Abusing
Bring client (app) measure to a certain level
Automate server-side as much as possible
Final check to be done manually (as needed)
We intend to explore this area and implement further automation

Bug
Bounty
Program
https://bugbounty.linecorp.com/ja/

Bug Bounty Program
0
5
10
15
20
25
The number of reports
6/2 6/16 6/30 7/14 7/28 8/11
Category
XSS
CSRF
RCE
Auth bypass
Purchase bypass
Encryption break
Other

A 5 security x line platform

More Related Content

A 5 security x line platform