Zoom has released a draft cryptographic design for an end-to-end encryption video communications offering. Security and privacy are the two pillars of the company’s 90-day plan.
In their commitment to maintaining transparency as they develop this end-to-end encryption offering, the company has published a crypto design on GitHub. Additionally, you will host discussions with crypto experts, non-profit organizations, support groups, clients, and others to share more details and request comments or feedback for the final design.
Once the company has evaluated these comments for integration into a final design, Zoom will announce its engineering milestones and goals to roll out end-to-end encryption offering to all of its users.
Zoom Objectives And Threat Model
The filing paper proposes updates to Zoom that achieve end-to-end security against a range of powerful adversaries. In particular, we consider the following classes of adversaries:
- Outsiders: People who are not part of Zoom’s trusted infrastructure and who do not have access to access control information for non-public meetings.
- Meeting Participants: Participants who can access a meeting because they know the meeting ID and password or exercise other qualified credentials.
- Insiders: Those who develop and maintain the Zoom server infrastructure and its cloud providers.
Zoom will announce its engineering milestones and goals to deploy an end-to-end encryption offering for all its users. Against these adversaries we seek the following security goals;
- Confidentiality: Only authorized meeting participants should have access to audio and video broadcasts.
- Integrity: Those who cannot enter a meeting should not have the ability to corrupt its content.
- Abuse Prevention: When authorized meeting participants engage in abusive behavior, an effective mechanism is generated to report to Zoom’s security team to prevent the abuse from continuing.
For its part, the proposal presents a long-term roadmap for E2E security in Zoom in four phases;
- Customer key management
- Transparency Tree
- Real-time security
Also Read: Telecommuting Drives In The SD-WAN Market