Appendix A: End-to-End Encryption

Zoom encrypts communications among participants in a meeting in a sort of tiered way. In its basic cloud-based encryption, available and used for all meetings since early 2021, the service generates a shared session key on a server and transmits it over a secure link to each participant.

Zoom says they don’t store or have direct access to that key. But because they employ the key to make cloud-based recordings and to patch in dial-up callers to meetings, that means that the innards of their system handles and moves it around.

This design makes it possible for Zoom to intercept and decrypt meetings in the right circumstances, and for hackers or government agents to do the same if they broke into Zoom’s servers. A national security agency might also compel Zoom to open up its servers or have the assets to intercept a Zoom video session and obtain the encryption key, allowing them to break the encryption later.

That has led Zoom to add end-to-end encryption (E2EE). Security standards and experts almost always use E2EE to mean that every endpoint in a conversation or data exchange—whether that’s a device or an app—generates its own encryption key and keeps that key stored locally. It’s never shared.

Within an E2EE system, a session starts via a clever process of exchanging encryption details unavailable to the company or organization operating the system. This is how Apple iMessage, Signal, and some other systems work.

Zoom’s system relies on each software client generating its own public/private key pair, a system in which the private key is never disclosed or sent anywhere, and the public key can be used to encrypt messages that only the possessor of the private key can decrypt. This is called public-key cryptography and versions of it underpin all security on the internet. This very secure method is almost always used to exchange a session key, which is a strong shared secret used for a period of time—like during a Zoom meeting—to encrypt everything among parties. It can be shared safely through this public-key method.

This approach is designed to let parties who don’t all know each other exchange data securely without prearrangement. It also lets legitimate participants in the group determine whether a so-called man-in-the-middle (MitM) attack is underway. An MitM interposes themselves in a connection so that they invisibly relay data between authorized parties, while attempting to hide from them. (In the analog world, an old-fashioned phone tap—literally splicing into wire—is an MitM interception.)

When a Zoom session with E2EE fires up, the host’s system generates a session key and encrypts it with the public keys of all the attendees. Each attendee’s client decrypts the message with its private key.

In a classic MitM attack, a malicious party sits effectively on a line between the people communicating—imagine someone cutting a phone wire and attaching it to two receivers, one for each ear. They intercept the key exchange, and provide their own public key information to parties on each side. This lets them receive certain information, including the session key, and then they can intercept the session while relaying it to both sides, who are ostensibly none the wiser.

However, because the MitM doesn’t have the private keys, each endpoint—in this case, the Zoom software running on your device—can create a fingerprint using a mix of shared and private data that will be identical on all members of the session. That’s generally represented as a few sets of digits that can be easily read aloud to other parties, which is what Zoom uses (Figure 128). If there’s an MitM, the numbers won’t match between the host and participant, because each party doesn’t have the same information! And the MitM can’t fake it, because it requires data held only on each device.

Figure 128: Zoom’s meeting software generates fingerprint digits that can be used to uncover a spy in the middle.
Figure 128: Zoom’s meeting software generates fingerprint digits that can be used to uncover a spy in the middle.

You can view these numbers by clicking or tapping the E2EE meeting icon, and then selecting Verify (see Validate End-to-End Encryption for more details). Then you can confirm the numbers are the same for everyone by reading them aloud over a Zoom session.

To enable E2EE in a meeting, see Create Safety with Settings. For details on checking the integrity within a meeting, see Validate End-to-End Encryption. For large meetings with paid accounts, E2EE sessions top out at 200 attendees.

With E2EE enabled, some features are unavailable, as they fall outside the end-to-end model. Some features excluded are:

  • Dial-in participants: No dial-in calling is supported, as well as no use of a variety of VoIP, SIP, and similar digital voice systems.

  • Web apps/third-party access: Zoom’s web apps and third-party Zoom apps—integrations with other products—cannot be used.

  • Cloud recording, streaming, and live transcriptions: These features all require a stream of data leaving the session.

  • Polls and breakout rooms: Popular features in meetings, they remain outside of E2EE sessions.

While paid accounts can use E2EE without prearrangement, Zoom requires that free accounts have a valid billing option associated with their account and that they verify their phone number to use E2EE.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset