E2E encryption plans “complicated by the product requirements for an enterprise conferencing product and some legitimate safety issues”
Zoom continues to grapple with its demons over the planned roll-out of end-to-end (E2E) encryption, its earning call revealed, with challenges including marrying safeguarding, security and user experience (UX).
The company ultimately aims to make E2E encryption available for paying users only. Those on its free tier, meanwhile, get 256-bit GCM encryption as standard as of May 30 2020. (This encrypts the data stream, but does not give final key management to end-users; Zoom itself can decrypt and access streams; e.g. in order to provide cloud-based recordings.)
This approach is hardly unusual, and true E2E encryption for large-scale meetings is a non-trivial challenge. Encrypted group chats need to ensure that messages can only be accessed by members of a given group; they need to ensure “forward secrecy”: i.e. that full compromise of a node at a point in time does not reveal past messages sent within the group, and they ultimately need to be scalable to the enterprise level: encryption keys can hog bandwidth.
They also need to work in-browser, and more.
Then, Zoom suggests, there’s safeguarding issues.
“Zoom’s plans for E2E encryption… are complicated by the product requirements for an enterprise conferencing product and some legitimate safety issues”, its security advisor Alex Stamos acknowledged today in a lengthy Twitter thread detailing the balancing act.
Zoom E2E Encryption: The Focus Grows
Zoom remains under the spotlight, primarily due to its resounding success: this week it revealed a 169 percent rise in revenues to $328 million in Q1; with the surge in growth forcing its infrastructure partner AWS to add “several thousand” new servers daily “for several days in a row” to meet demand. (A staggering effort that paid off: performance has been largely solid).
Yet despite concerted efforts to bolster security (many of which were tackled with the release of Zoom 5.0) E2E encryption remains elusive.
The company published a a draft cryptographic design for its planned E2E encryption offering on GitHub on May 22, and is taking feedback from security experts, but as its whitepaper shows, the issue is a challenging one: both for technical reasons and, as Stamos noted, safeguarding ones.
(CEO Alex Yuan said the company “got a lot of feedback” on the whitepaper and his team is “working on execution now.”
“I think soon”, he added, “we’re going know our release date.”
Zoom Encryption: How Does it Currently Work?
Zoom’s current encryption set up lets its own servers decrypt meeting streams. This is often to necessary simply to make certain components of the service possible, e.g. letting people call in from PSTN (traditional telephone lines).
As its recently published whitepaper [pdf] notes: “If a PSTN or SIP client is authorized to join, the MMR [multimedia routers] provides the per meeting encryption key to specialized connector servers in Zoom’s infrastructure. These servers act as a proxy: they decrypt and composite the meeting content streams in the same manner as a Zoom client and then re-encode the content in a manner appropriate for the connecting client.
“Zoom’s optional Cloud Recording feature works similarly, recording the decrypted streams and hosting the resulting file in Zoom’s cloud for the user to access. In the current design, Zoom’s infrastructure brokers access to the meeting key… In the current implementation, a passive adversary who can monitor Zoom’s server infrastructure and who has access to the memory of the relevant Zoom servers may be able to defeat encryption.
In theory, the whitepaper notes, any adversary in this privileged position (or Zoom itself) can “observe the shared meeting key (MK), derive session keys, and decrypt all meeting data. Zoom’s current setup, as well as virtually every other cloud product, relies on securing that infrastructure in order to achieve overall security; end-to-end encryption, using keys at the endpoints only, allows us to reduce reliance on the security of Zoom infrastructure.”
Fixing this is a huge challenge: dial-in phones or SIP/H.323 devices cannot be modified to support end-to-end encryption and require meeting content to be decrypted and re-encoded in an “end” in Zoom’s data center.
Users accessing Zoom meetings through their web browser also throws up challenges: “Secure, long-term storage for cryptographic private keys might be unavailable; and worse, malicious web servers could feed backdoored source code to web users with little chance for discovery” Zoom’s security team notes, adding that “we intend to participate in the web standards development process [to help create browsers offering] dependable E2E security.”
Regardless, the company aims to find a way to make this work.
So why leave out free users?
That decision has drawn flak, including from those who say the safeguarding argument is a thin veneer for a simple commercial decision: premium customers will get premium features, what’s wrong with that?
Former Facebook CISO Alex Stamos, who co-authored the whitepaper, said today on Twitter that it is more complicated than that. “Zoom is dealing with some serious safety issues. When people disrupt meetings (sometimes with hate speech, CSAM, exposure to children and other illegal behaviors) that can be reported by the host. Zoom is working with law enforcement on the worst repeat offenders.”
That’s tricky with Zoom E2E encryption, but not impossible.
“Making it possible for hosts to report people disrupting their meetings even under E2EE is solvable. The likely solution will be a content ring-buffer of the last X seconds on the host’s system that can be submitted to Zoom for triage and action”, he noted.
“The other safety issue is related to hosts creating meetings that are meant to facilitate really horrible abuse. These hosts mostly come in from VPNs, using throwaway email addresses, create self-service orgs and host a handful of meetings before creating a new identity. Zoom’s Trust and Safety team can, if they have a strong belief that the meeting is abusive, enter the meeting visibly and report it if necessary.
“As you see from the E2E design, there is a big focus on authenticating both the people and the devices involved in E2E meetings. If properly implemented, this would prevent Zoom’s employees from entering a meeting, even visibly. There will not be a backdoor to allow this.
“… this creates a difficult balancing act for Zoom, which is trying to both improve the privacy guarantees it can provide while reducing the human impact of the abuse of its product. Lots of companies are facing this balancing act, but as a paid enterprise product that has to offer E2EE as an option due to legitimate product needs, Zoom has a slightly different calculus.
Stamos concluded: “Since the vast majority of harm comes from self-service users with fake identities this will create friction and reduce harm.”