Paper 2021/424
Security Analysis of SFrame
Abstract
Increasing privacy consciousness has popularized the use of end-to-end encryption (E2EE). In this paper, we discuss the security of SFrame, an E2EE mechanism proposed to the Internet Engineering Task Force for video/audio group communications over the Internet. Despite being a quite recent project, SFrame has been deployed in several real-world applications. The original specification of SFrame is evaluated herein to find critical issues that can cause impersonation (forgery) attacks with a practical complexity by a malicious group member. Further investigations have revealed that these issues are present in several publicly available SFrame implementations. Therefore, we provide several countermeasures against all the proposed attacks and considerations from performance and security perspectives toward their implementation.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. ESORICS 2021
- Keywords
- End-to-End EncryptionSFrameAuthenticated EncryptionSignatureImpersonation
- Contact author(s)
-
takanori isobe @ ai u-hyogo ac jp
itorym @ nict go jp
k-minematsu @ nec com - History
- 2024-12-23: last of 3 revisions
- 2021-04-06: received
- See all versions
- Short URL
- https://ia.cr/2021/424
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/424, author = {Takanori Isobe and Ryoma Ito and Kazuhiko Minematsu}, title = {Security Analysis of {SFrame}}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/424}, year = {2021}, url = {https://eprint.iacr.org/2021/424} }