SlideShare ist ein Scribd-Unternehmen logo

A 5 security x line platform

LINE Corporation
LINE Corporation

TBD

Technologie
1 von 47
Downloaden Sie, um offline zu lesen
1 LINE Architecture 2 Transport Security 3 Messaging and VoIP Security 4 Device Security
LINE Architecture LINE Android Talk Server User DB LINE LINE iOS LINE Desktop Timeline Auth Media LEGY Bot / OA LEGY encryption SPDY/2 LEGY encryption SPDY/2 LEGY encryption SPDY/2 HTTP/HTTPS
LEGY Line Event GatewaY And more Routing Transport encryption http://developers.linecorp.com/blog/?p=2381 http://developers.linecorp.com/blog/?p=2709
TLS Problems Current version – TLS v1.2 TLS v1.3 aims to provide some solutions Requires several round-trips to complete handshake High RTT on mobile networks • simplified handshake • 0-RTT • but not final yet (draft status) https://tlswg.github.io/tls13-spec/
Current version • pinned RSA keys +AES • no X.509 certificates • 0-RTT handshake • no forward secrecy (FS) LEGY Encryption Lightweight TLS alternative
LEGY Encryption FS Forward secrecy (FS) Elliptic curve cryptography (ECC) 0-RTT handshake AES-GCM for app data encryption ECDH-based key exchange first message under client ephemeral/server static subsequent messages under ephemeral/ephemeral
Messaging E2EE • End-to-end encryption (E2EE) for LINE - Letter Sealing • Introduced in Oct 2015/ LINE 5.3.0 • Initially iOS/Android only • Applied to text and location messages h t t p : / / d e v e l o p e r s . l i n e c o r p . c o m / b l o g / ? p = 3 6 7 9
Letter Sealing Evolution • Group chat support • Secondary device support • Status indicator • ON by default iOS/Android 6.5.0+ Mac/Win 4.8.0+ • Planned enhancements Media encryption h t t p : / / d e v e l o p e r s . l i n e c o r p . c o m / b l o g / ? p = 3 6 7 9
Sending an Encrypted Message LINE User 1 Talk Server 1.user2’s public key? 2.send message (ID:456, pub key) LINE User 2 Message AES encrypt Message to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’
Receiving an Encrypted Message LINE User 1 Talk Server 3.push message 4.user1’s public key? (ID:123, pub key) LINE User 2 Message Message AES decrypt to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’
Encrypted Message Exchange LINE User 1 Talk Server 1.user2’s public key? 2.send message (ID:456, pub key) 3.push message 4.user1’s public key? (ID:123, pub key) LINE User 2 Message Message AES encrypt to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’ AES decrypt Message to:user2 from:user1 text:’Hello’
Encryption Method Messageuser 1 shared secret KDF (SS, salt) KDF (SS, salt) user1 priv key user2 pub key Keychain keyID:123 [priv key] [user2 pub key] [userN pub key] ECDH (Curve22519) user2 priv key user1 pub key Message AES encrypt to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’ AES decrypt Message to:user2 from:user1 text:’Hello’ Keychain keyID:456 [priv key] [user1 pub key] [userN pub key] user 2
Key Verification Android Chat Settings > Encryption Key iOS Settings > Encryption Key
Group Chat Support Dedicated shared key is generated for each group Encrypted shared key distributed to all members Principle is same as 1:1 chats Shared key is replaced when members leave or join Key-encryption key derived for each member ECDH key exchange AES encryption
Group Key Registration LINE User 1 Talk Server 1.group1 member pub keys? (user1 pubK,user2 pubK,user3 pubK) 3.enc. group skey Keychain keyID:123 [priv key] [group shared key] [user3 pub key] [user2 pub key] Group Key for user1* [encrypted skey] for user2 [encrypted skey] for user3 [encrypted skey] 2.gen. group shared key 4.register group1 shared key Group 1 Group Key for user1* [encrypted skey] for user2 [encrypted skey] for user3 [encrypted skey] user1 user2 user3
Group Key Distribution LINE User 2 Talk Server 1.group1 shared key? (enc. skey for user2) 1.group1 shared key? (enc. skey for user3) LINE User 3 Message Keychain keyID:456 [priv key] [group1 shared key] Group Key for user1* [encrypted skey] for user2 [encrypted skey] for user3 [encrypted skey] Keychain keyID:789 [priv key] [group1 shared key] 2.decrypt & save group shared key 2.decrypt & save group shared key
VoIP E2EE • LINE 6.5.0+ • ECDH key exchange ephemeral keys server-mediated custom SIP headers • Media stream encryption SRTP AES-CTR + HMAC-SHA1
Device Security True Delete - Since 5.3.0 More advanced data protection features coming soon Overwriting NULL http://developers.linecorp.com/blog/?p=3660
LINE Encryption Whitepaper Detailed cryptographic protocol specification Covers Available now at transport encryption Letter Sealing https://linecorp.com/en/security/article/37 messaging E2EE VoIP E2EE
1 Risk Assessment 2 Anti-Spam/Game Abusing 3 Bug Bounty Program
Risk Assessment Monitoring Bug Bounty Design Implement QA Operate
Risk Assessment Server • XSS • CSRF • Path Traversal • Open-Redirect Client Web Server • Analyzing the protocol • Abusing/Cheating • Bot (un-official client) Client LINE / Game • Reversing • Modifying
Risk Assessment Server • Analyzing the protocol • Abusing/Cheating • Bot (un-official client) Client LINE / Game • Reversing • Modifying
Reverse engineering Malware analysis Vulnerability diagnosis/ investigation Illegal copy of contents Software tracking, cheating Reverse engineering is a process of analyzing software/hardware and examining operating principles, source code, and development methods. Purpose of use (examples)
Change in game environment Cheat tools are created Possible to level up without spending money and time Bots are created Online, item purchase Android, iOS opening up of the platform
Security Measures Enhance security to the level where it is difficulty to abuse/cheat Bot/abuser detection is performed on the server side General cheat tool counter measure Encryption of locally stored data Encryption of communication between games and servers ARM/IL analysis measure Abuser detection/automation
RA for LINE Games Memory / file cheat • Possible to prevent it by storing score and other data on the server • Status data, such as attack power and HP, are fully handled on the client, and there is no counter measure for them. From GameHacker
RA for LINE Games Speed hack Ex.1: Stamina power recovery (possible to prevent) Stamina: 40 / 100 Time: 12:54 Stamina: 40 / 100 Sync Abuser: added extra 20 min to in-game time Time: 12:34 Notice Stamina power recovery Time: 12:34Time: 12:34 Sync Since it does not match server-side time, the notice is rejected.
RA for LINE Games Speed hack Ex.2: Time attack (impossible to prevent) Time: 12:20 Time: 12:21 Time: 12:20 Sync Start a stage Time: 12:21 Notice Stage clear notice • Play game at twice the speed • Fake a stage clear notice If set to a realistic time, the server cannot detect the hack.
RA for LINE Games MITM (Man-In-The-Middle) • If it is just HTTPS, communication is analyzed by MITM • SSL pinning should be performed in the game However, the data is decrypted in the game. Hence, there is no perfect counter measure. certificate Possible to view communication
RA for LINE Games MITM (Man-In-The-Middle) • Place proxy certificate in device • With only HTTPS, communication is cryptanalyzed by MITM • [Measure]Execute SSL Pinning (certificate check) in game Check certificate
SSL Pinning public static bool ValidateServerCertificate (object sender,System.Security.Cryptograp hy.X509Certificates.X509Certificate certificate, X509Chain chain, System.Net.Security. SslPolicyErrors sslPolicyErrors) { string chash = certificate.GetCertHashString (); if (chash == " (hardcoded hash)") return true; // SSL certificate check ok return false; } Examples of code to check certificate of communication partner in game (Check routine may be removed)
RA for LINE Games Unity C# -> CIL (DLL) -> Decompile *.dll C# -> CIL -> ASM(il2cpp) -> Disassemble libil2cpp.so Cocos2d-x C++ -> .so -> Disassemble *.so
RA for LINE Games Unity C# -> CIL (DLL) -> Decompile *.dll From ILSpy public void TakeDamage (int amount) { damaged = true; currentHealth -= amount; healthSlider.value = currentHealth; playerAudio.Play (); if(currentHealth <= 0 && !isDead) Death (); } public void TakeDamage(int amount) { this.damaged = true; this.currentHealth -= amount; this.healthSlider.set_value( (float)this.currentHealth); this.playerAudio.Play(); if (this.currentHealth <= 0 && !this.isDead) { this.Death(); } }
RA for LINE Games Unity C# -> CIL -> ASM(il2cpp) -> Disassemble libil2cpp.so From IDA public void TakeDamage (int amount) { damaged = true; currentHealth -= amount; healthSlider.value = currentHealth; playerAudio.Play (); if(currentHealth <= 0 && !isDead) Death (); }
RA for LINE Games From IDA
Security Measures Enhance security to the level where it is difficulty to abuse/cheat Bot/abuser detection is performed on the server side General cheat tool counter measure Encryption of locally stored data Encryption of communication between games and servers ARM/IL analysis measure Abuser detection/automation
Security Measures Duration/period/frequency of game play Timing of level up Timing of stage clear Item usage history (including payment) IP bandwidth Detect anomalies based on the characteristics below, while taking false positives into utmost consideration Human Bot
Anti-Spam Message Spammer’s Account SecurityCS spam message Users Anti-Spam block Report Query LINE • Block rule • Text mining • Human check Check flow
Anti-Spam/Abusing Operator takes necessary measures (e.g. adding rules) Finds potential loopholes for the abuser (measures for the measure) Operator takes additional measures (return to 2.) Datasets change Datasets change Datasets change
Anti-Spam/Abusing Datasets change periodically False positives of less than 0.01% Datasets change Datasets change Datasets change Able to explain the cause of false positives There is a limit to detection by machine learning based on similarity. (Manual check is essential.)
Anti-Spam/Abusing Bring client (app) measure to a certain level Automate server-side as much as possible Final check to be done manually (as needed) We intend to explore this area and implement further automation
Bug Bounty Program https://bugbounty.linecorp.com/ja/
Bug Bounty Program 0 5 10 15 20 25 The number of reports 6/2 6/16 6/30 7/14 7/28 8/11 Category XSS CSRF RCE Auth bypass Purchase bypass Encryption break Other
A 5 security x line platform

Empfohlen

B 4 gravty
B 4 gravtyB 4 gravty
B 4 gravtyLINE Corporation
 
B 2 line game cloud - our personal ec2
B 2 line game cloud - our personal ec2B 2 line game cloud - our personal ec2
B 2 line game cloud - our personal ec2LINE Corporation
 
A 8 line group call
A 8 line group callA 8 line group call
A 8 line group callLINE Corporation
 
A 7 architecture sustaining line live
A 7 architecture sustaining line liveA 7 architecture sustaining line live
A 7 architecture sustaining line liveLINE Corporation
 
A 9 line shop powered by armeria
A 9 line shop powered by armeriaA 9 line shop powered by armeria
A 9 line shop powered by armeriaLINE Corporation
 
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...Amazon Web Services
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyCrowdStrike
 
Scaling Dropbox
Scaling DropboxScaling Dropbox
Scaling DropboxC4Media
 

Empfohlen

B 4 gravty
B 4 gravtyB 4 gravty
B 4 gravtyLINE Corporation
 
B 2 line game cloud - our personal ec2
B 2 line game cloud - our personal ec2B 2 line game cloud - our personal ec2
B 2 line game cloud - our personal ec2LINE Corporation
 
A 8 line group call
A 8 line group callA 8 line group call
A 8 line group callLINE Corporation
 
A 7 architecture sustaining line live
A 7 architecture sustaining line liveA 7 architecture sustaining line live
A 7 architecture sustaining line liveLINE Corporation
 
A 9 line shop powered by armeria
A 9 line shop powered by armeriaA 9 line shop powered by armeria
A 9 line shop powered by armeriaLINE Corporation
 
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...Amazon Web Services
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyCrowdStrike
 
Scaling Dropbox
Scaling DropboxScaling Dropbox
Scaling DropboxC4Media
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...OpenDNS
 
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...Dominik Gruber
 
2018 IterateConf Deconstructing and Evolving REST Security
2018 IterateConf Deconstructing and Evolving REST Security2018 IterateConf Deconstructing and Evolving REST Security
2018 IterateConf Deconstructing and Evolving REST SecurityDavid Blevins
 
Testing Rolling Roots
Testing Rolling RootsTesting Rolling Roots
Testing Rolling RootsAPNIC
 
How to create Treasure Data #dotsbigdata
How to create Treasure Data #dotsbigdataHow to create Treasure Data #dotsbigdata
How to create Treasure Data #dotsbigdataN Masahiro
 
Large scale stream processing with Apache Flink
Large scale stream processing with Apache FlinkLarge scale stream processing with Apache Flink
Large scale stream processing with Apache FlinkNikolay Stoitsev
 
HotPics 2021
HotPics 2021HotPics 2021
HotPics 2021neexemil
 
2017 Devoxx MA Deconstructing and Evolving REST Security
2017 Devoxx MA Deconstructing and Evolving REST Security2017 Devoxx MA Deconstructing and Evolving REST Security
2017 Devoxx MA Deconstructing and Evolving REST SecurityDavid Blevins
 
Consul and Complex Networks
Consul and Complex NetworksConsul and Complex Networks
Consul and Complex Networksslackpad
 
MongoDB World 2018: What's Next? The Path to Sharded Transactions
MongoDB World 2018: What's Next? The Path to Sharded TransactionsMongoDB World 2018: What's Next? The Path to Sharded Transactions
MongoDB World 2018: What's Next? The Path to Sharded TransactionsMongoDB
 
Thoughts about DNS for DDoS
Thoughts about DNS for DDoSThoughts about DNS for DDoS
Thoughts about DNS for DDoSAPNIC
 
Fluentd Overview, Now and Then
Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and ThenSATOSHI TAGOMORI
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
Consolidating DNS with Amazon Toute 53 - Pop-up Loft Tel Aviv
Consolidating DNS with Amazon Toute 53 - Pop-up Loft Tel AvivConsolidating DNS with Amazon Toute 53 - Pop-up Loft Tel Aviv
Consolidating DNS with Amazon Toute 53 - Pop-up Loft Tel AvivAmazon Web Services
 
2017 JavaOne Deconstructing and Evolving REST Security
2017 JavaOne Deconstructing and Evolving REST Security2017 JavaOne Deconstructing and Evolving REST Security
2017 JavaOne Deconstructing and Evolving REST SecurityDavid Blevins
 
Building Cloudscale Networks
Building Cloudscale NetworksBuilding Cloudscale Networks
Building Cloudscale NetworksAmazon Web Services
 
Intro. to static analysis
Intro. to static analysisIntro. to static analysis
Intro. to static analysisChong-Kuan Chen
 
2016 JavaOne Deconstructing REST Security
2016 JavaOne Deconstructing REST Security2016 JavaOne Deconstructing REST Security
2016 JavaOne Deconstructing REST SecurityDavid Blevins
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningChristopher Grayson
 
SnorGen User Guide 2.0
SnorGen User Guide 2.0SnorGen User Guide 2.0
SnorGen User Guide 2.0Sungho Yoon
 
A 6 group app platform
A 6 group app platformA 6 group app platform
A 6 group app platformLINE Corporation
 
A 1 opening & introduction
A 1 opening & introductionA 1 opening & introduction
A 1 opening & introductionLINE Corporation
 

Weitere ähnliche Inhalte

Was ist angesagt?

Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...OpenDNS
 
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...Dominik Gruber
 
2018 IterateConf Deconstructing and Evolving REST Security
2018 IterateConf Deconstructing and Evolving REST Security2018 IterateConf Deconstructing and Evolving REST Security
2018 IterateConf Deconstructing and Evolving REST SecurityDavid Blevins
 
Testing Rolling Roots
Testing Rolling RootsTesting Rolling Roots
Testing Rolling RootsAPNIC
 
How to create Treasure Data #dotsbigdata
How to create Treasure Data #dotsbigdataHow to create Treasure Data #dotsbigdata
How to create Treasure Data #dotsbigdataN Masahiro
 
Large scale stream processing with Apache Flink
Large scale stream processing with Apache FlinkLarge scale stream processing with Apache Flink
Large scale stream processing with Apache FlinkNikolay Stoitsev
 
HotPics 2021
HotPics 2021HotPics 2021
HotPics 2021neexemil
 
2017 Devoxx MA Deconstructing and Evolving REST Security
2017 Devoxx MA Deconstructing and Evolving REST Security2017 Devoxx MA Deconstructing and Evolving REST Security
2017 Devoxx MA Deconstructing and Evolving REST SecurityDavid Blevins
 
Consul and Complex Networks
Consul and Complex NetworksConsul and Complex Networks
Consul and Complex Networksslackpad
 
MongoDB World 2018: What's Next? The Path to Sharded Transactions
MongoDB World 2018: What's Next? The Path to Sharded TransactionsMongoDB World 2018: What's Next? The Path to Sharded Transactions
MongoDB World 2018: What's Next? The Path to Sharded TransactionsMongoDB
 
Thoughts about DNS for DDoS
Thoughts about DNS for DDoSThoughts about DNS for DDoS
Thoughts about DNS for DDoSAPNIC
 
Fluentd Overview, Now and Then
Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and ThenSATOSHI TAGOMORI
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
Consolidating DNS with Amazon Toute 53 - Pop-up Loft Tel Aviv
Consolidating DNS with Amazon Toute 53 - Pop-up Loft Tel AvivConsolidating DNS with Amazon Toute 53 - Pop-up Loft Tel Aviv
Consolidating DNS with Amazon Toute 53 - Pop-up Loft Tel AvivAmazon Web Services
 
2017 JavaOne Deconstructing and Evolving REST Security
2017 JavaOne Deconstructing and Evolving REST Security2017 JavaOne Deconstructing and Evolving REST Security
2017 JavaOne Deconstructing and Evolving REST SecurityDavid Blevins
 
Intro. to static analysis
Intro. to static analysisIntro. to static analysis
Intro. to static analysisChong-Kuan Chen
 
2016 JavaOne Deconstructing REST Security
2016 JavaOne Deconstructing REST Security2016 JavaOne Deconstructing REST Security
2016 JavaOne Deconstructing REST SecurityDavid Blevins
 
SnorGen User Guide 2.0
SnorGen User Guide 2.0SnorGen User Guide 2.0
SnorGen User Guide 2.0Sungho Yoon
 

Was ist angesagt? (20)

Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
 
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
2014-11-26 | Creating a BitTorrent Client with Scala and Akka, Part 1 (Vienna...
 
2018 IterateConf Deconstructing and Evolving REST Security
2018 IterateConf Deconstructing and Evolving REST Security2018 IterateConf Deconstructing and Evolving REST Security
2018 IterateConf Deconstructing and Evolving REST Security
 
Testing Rolling Roots
Testing Rolling RootsTesting Rolling Roots
Testing Rolling Roots
 
How to create Treasure Data #dotsbigdata
How to create Treasure Data #dotsbigdataHow to create Treasure Data #dotsbigdata
How to create Treasure Data #dotsbigdata
 
Large scale stream processing with Apache Flink
Large scale stream processing with Apache FlinkLarge scale stream processing with Apache Flink
Large scale stream processing with Apache Flink
 
HotPics 2021
HotPics 2021HotPics 2021
HotPics 2021
 
2017 Devoxx MA Deconstructing and Evolving REST Security
2017 Devoxx MA Deconstructing and Evolving REST Security2017 Devoxx MA Deconstructing and Evolving REST Security
2017 Devoxx MA Deconstructing and Evolving REST Security
 
Consul and Complex Networks
Consul and Complex NetworksConsul and Complex Networks
Consul and Complex Networks
 
MongoDB World 2018: What's Next? The Path to Sharded Transactions
MongoDB World 2018: What's Next? The Path to Sharded TransactionsMongoDB World 2018: What's Next? The Path to Sharded Transactions
MongoDB World 2018: What's Next? The Path to Sharded Transactions
 
Thoughts about DNS for DDoS
Thoughts about DNS for DDoSThoughts about DNS for DDoS
Thoughts about DNS for DDoS
 
Fluentd Overview, Now and Then
Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and Then
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
Consolidating DNS with Amazon Toute 53 - Pop-up Loft Tel Aviv
Consolidating DNS with Amazon Toute 53 - Pop-up Loft Tel AvivConsolidating DNS with Amazon Toute 53 - Pop-up Loft Tel Aviv
Consolidating DNS with Amazon Toute 53 - Pop-up Loft Tel Aviv
 
2017 JavaOne Deconstructing and Evolving REST Security
2017 JavaOne Deconstructing and Evolving REST Security2017 JavaOne Deconstructing and Evolving REST Security
2017 JavaOne Deconstructing and Evolving REST Security
 
Building Cloudscale Networks
Building Cloudscale NetworksBuilding Cloudscale Networks
Building Cloudscale Networks
 
Intro. to static analysis
Intro. to static analysisIntro. to static analysis
Intro. to static analysis
 
2016 JavaOne Deconstructing REST Security
2016 JavaOne Deconstructing REST Security2016 JavaOne Deconstructing REST Security
2016 JavaOne Deconstructing REST Security
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
 
SnorGen User Guide 2.0
SnorGen User Guide 2.0SnorGen User Guide 2.0
SnorGen User Guide 2.0
 

Andere mochten auch

A 1 opening & introduction
A 1 opening & introductionA 1 opening & introduction
A 1 opening & introductionLINE Corporation
 
A 3 difficult challenges that line has overcome
A 3 difficult challenges that line has overcomeA 3 difficult challenges that line has overcome
A 3 difficult challenges that line has overcomeLINE Corporation
 
A 4 line login - line platform
A 4 line login - line platformA 4 line login - line platform
A 4 line login - line platformLINE Corporation
 
A 2 new world by the line bot
A 2 new world by the line botA 2 new world by the line bot
A 2 new world by the line botLINE Corporation
 
B 7 a true agile team - global line news
B 7 a true agile team - global line newsB 7 a true agile team - global line news
B 7 a true agile team - global line newsLINE Corporation
 
B 6 new stream processing platform with apache flink
B 6 new stream processing platform with apache flinkB 6 new stream processing platform with apache flink
B 6 new stream processing platform with apache flinkLINE Corporation
 
B 5 stellite -apply chromium open-source to line game
B 5 stellite -apply chromium open-source to line gameB 5 stellite -apply chromium open-source to line game
B 5 stellite -apply chromium open-source to line gameLINE Corporation
 
A 10 working environment and culture for line engineers
A 10 working environment and culture for line engineersA 10 working environment and culture for line engineers
A 10 working environment and culture for line engineersLINE Corporation
 
ディープラーニングで株価予測をやってみた
ディープラーニングで株価予測をやってみたディープラーニングで株価予測をやってみた
ディープラーニングで株価予測をやってみた卓也 安東
 
為替と株の予測の話
為替と株の予測の話為替と株の予測の話
為替と株の予測の話Kentaro Imajo
 
リアルタイム画風変換とその未来
リアルタイム画風変換とその未来リアルタイム画風変換とその未来
リアルタイム画風変換とその未来LINE Corporation
 
データ分析を支えるクローリング環境の構築
データ分析を支えるクローリング環境の構築データ分析を支えるクローリング環境の構築
データ分析を支えるクローリング環境の構築LINE Corporation
 
LINE Platform Development Chronicle
LINE Platform Development ChronicleLINE Platform Development Chronicle
LINE Platform Development ChronicleLINE Corporation
 

Andere mochten auch (20)

A 6 group app platform
A 6 group app platformA 6 group app platform
A 6 group app platform
 
A 1 opening & introduction
A 1 opening & introductionA 1 opening & introduction
A 1 opening & introduction
 
A 3 difficult challenges that line has overcome
A 3 difficult challenges that line has overcomeA 3 difficult challenges that line has overcome
A 3 difficult challenges that line has overcome
 
A 4 line login - line platform
A 4 line login - line platformA 4 line login - line platform
A 4 line login - line platform
 
A 2 new world by the line bot
A 2 new world by the line botA 2 new world by the line bot
A 2 new world by the line bot
 
B 7 a true agile team - global line news
B 7 a true agile team - global line newsB 7 a true agile team - global line news
B 7 a true agile team - global line news
 
B 6 new stream processing platform with apache flink
B 6 new stream processing platform with apache flinkB 6 new stream processing platform with apache flink
B 6 new stream processing platform with apache flink
 
B 3 line bot live coding
B 3 line bot live codingB 3 line bot live coding
B 3 line bot live coding
 
B 5 stellite -apply chromium open-source to line game
B 5 stellite -apply chromium open-source to line gameB 5 stellite -apply chromium open-source to line game
B 5 stellite -apply chromium open-source to line game
 
A 10 working environment and culture for line engineers
A 10 working environment and culture for line engineersA 10 working environment and culture for line engineers
A 10 working environment and culture for line engineers
 
B 1 rinna and rinna
B 1 rinna and rinnaB 1 rinna and rinna
B 1 rinna and rinna
 
ディープラーニングで株価予測をやってみた
ディープラーニングで株価予測をやってみたディープラーニングで株価予測をやってみた
ディープラーニングで株価予測をやってみた
 
為替と株の予測の話
為替と株の予測の話為替と株の予測の話
為替と株の予測の話
 
リアルタイム画風変換とその未来
リアルタイム画風変換とその未来リアルタイム画風変換とその未来
リアルタイム画風変換とその未来
 
The monad fear
The monad fearThe monad fear
The monad fear
 
データ分析を支えるクローリング環境の構築
データ分析を支えるクローリング環境の構築データ分析を支えるクローリング環境の構築
データ分析を支えるクローリング環境の構築
 
LINE TW PARTY 2017_DEC
LINE TW PARTY 2017_DECLINE TW PARTY 2017_DEC
LINE TW PARTY 2017_DEC
 
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job? Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
 
LINE Platform Development Chronicle
LINE Platform Development ChronicleLINE Platform Development Chronicle
LINE Platform Development Chronicle
 
S10 line bot awards
S10 line bot awardsS10 line bot awards
S10 line bot awards
 

Ähnlich wie A 5 security x line platform

Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Paula Januszkiewicz
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseDEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseFelipe Prado
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...DefconRussia
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureqqlan
 
Akka for realtime multiplayer mobile games
Akka for realtime multiplayer mobile gamesAkka for realtime multiplayer mobile games
Akka for realtime multiplayer mobile gamesYan Cui
 
Track c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eveTrack c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -evechiportal
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Designjonmccoy
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebula Project
 
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...Dmytro Korzhevin
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 
게임을 위한 아마존웹서비스(AWS) (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
게임을 위한 아마존웹서비스(AWS) (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018게임을 위한 아마존웹서비스(AWS) (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
게임을 위한 아마존웹서비스(AWS) (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018Amazon Web Services Korea
 
Information security programming in ruby
Information security programming in rubyInformation security programming in ruby
Information security programming in rubyHiroshi Nakamura
 
How to be a smart contract engineer
How to be a smart contract engineerHow to be a smart contract engineer
How to be a smart contract engineerOded Noam
 
Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)Peter Sabev
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.Louis Göhl
 
Akka for realtime multiplayer mobile games
Akka for realtime multiplayer mobile gamesAkka for realtime multiplayer mobile games
Akka for realtime multiplayer mobile gamesYan Cui
 

Ähnlich wie A 5 security x line platform (20)

Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
 
Stu t17 a
Stu t17 aStu t17 a
Stu t17 a
 
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseDEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
 
Akka for realtime multiplayer mobile games
Akka for realtime multiplayer mobile gamesAkka for realtime multiplayer mobile games
Akka for realtime multiplayer mobile games
 
Pycon - Python for ethical hackers
Pycon - Python for ethical hackers Pycon - Python for ethical hackers
Pycon - Python for ethical hackers
 
Track c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eveTrack c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eve
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
 
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
 
Application Security
Application SecurityApplication Security
Application Security
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocols
 
게임을 위한 아마존웹서비스(AWS) (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
게임을 위한 아마존웹서비스(AWS) (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018게임을 위한 아마존웹서비스(AWS) (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
게임을 위한 아마존웹서비스(AWS) (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
 
Information security programming in ruby
Information security programming in rubyInformation security programming in ruby
Information security programming in ruby
 
How to be a smart contract engineer
How to be a smart contract engineerHow to be a smart contract engineer
How to be a smart contract engineer
 
Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
 
Akka for realtime multiplayer mobile games
Akka for realtime multiplayer mobile gamesAkka for realtime multiplayer mobile games
Akka for realtime multiplayer mobile games
 

Mehr von LINE Corporation

JJUG CCC 2018 Fall 懇親会LT
JJUG CCC 2018 Fall 懇親会LTJJUG CCC 2018 Fall 懇親会LT
JJUG CCC 2018 Fall 懇親会LTLINE Corporation
 
Reduce dependency on Rx with Kotlin Coroutines
Reduce dependency on Rx with Kotlin CoroutinesReduce dependency on Rx with Kotlin Coroutines
Reduce dependency on Rx with Kotlin CoroutinesLINE Corporation
 
Kotlin/NativeでAndroidのNativeメソッドを実装してみた
Kotlin/NativeでAndroidのNativeメソッドを実装してみたKotlin/NativeでAndroidのNativeメソッドを実装してみた
Kotlin/NativeでAndroidのNativeメソッドを実装してみたLINE Corporation
 
Use Kotlin scripts and Clova SDK to build your Clova extension
Use Kotlin scripts and Clova SDK to build your Clova extensionUse Kotlin scripts and Clova SDK to build your Clova extension
Use Kotlin scripts and Clova SDK to build your Clova extensionLINE Corporation
 
The Magic of LINE 購物 Testing
The Magic of LINE 購物 TestingThe Magic of LINE 購物 Testing
The Magic of LINE 購物 TestingLINE Corporation
 
UI Automation Test with JUnit5
UI Automation Test with JUnit5UI Automation Test with JUnit5
UI Automation Test with JUnit5LINE Corporation
 
Feature Detection for UI Testing
Feature Detection for UI TestingFeature Detection for UI Testing
Feature Detection for UI TestingLINE Corporation
 
LINE 新星計劃介紹與新創團隊分享
LINE 新星計劃介紹與新創團隊分享LINE 新星計劃介紹與新創團隊分享
LINE 新星計劃介紹與新創團隊分享LINE Corporation
 
​LINE 技術合作夥伴與應用分享
​LINE 技術合作夥伴與應用分享​LINE 技術合作夥伴與應用分享
​LINE 技術合作夥伴與應用分享LINE Corporation
 
LINE 開發者社群經營與技術推廣
LINE 開發者社群經營與技術推廣LINE 開發者社群經營與技術推廣
LINE 開發者社群經營與技術推廣LINE Corporation
 
日本開發者大會短講分享
日本開發者大會短講分享日本開發者大會短講分享
日本開發者大會短講分享LINE Corporation
 
LINE Chatbot - 活動報名報到設計分享
LINE Chatbot - 活動報名報到設計分享LINE Chatbot - 活動報名報到設計分享
LINE Chatbot - 活動報名報到設計分享LINE Corporation
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed KubernetesLINE Corporation
 
LINE TODAY高效率的敏捷測試開發技巧
LINE TODAY高效率的敏捷測試開發技巧LINE TODAY高效率的敏捷測試開發技巧
LINE TODAY高效率的敏捷測試開發技巧LINE Corporation
 
LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹
LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹
LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹LINE Corporation
 
LINE Things - LINE IoT平台新技術分享
LINE Things - LINE IoT平台新技術分享LINE Things - LINE IoT平台新技術分享
LINE Things - LINE IoT平台新技術分享LINE Corporation
 
LINE Pay - 一卡通支付新體驗
LINE Pay - 一卡通支付新體驗LINE Pay - 一卡通支付新體驗
LINE Pay - 一卡通支付新體驗LINE Corporation
 
LINE Platform API Update - 打造一個更好的Chatbot服務
LINE Platform API Update - 打造一個更好的Chatbot服務LINE Platform API Update - 打造一個更好的Chatbot服務
LINE Platform API Update - 打造一個更好的Chatbot服務LINE Corporation
 
Keynote - ​LINE 的技術策略佈局與跨國產品開發
Keynote - ​LINE 的技術策略佈局與跨國產品開發Keynote - ​LINE 的技術策略佈局與跨國產品開發
Keynote - ​LINE 的技術策略佈局與跨國產品開發LINE Corporation
 

Mehr von LINE Corporation (20)

JJUG CCC 2018 Fall 懇親会LT
JJUG CCC 2018 Fall 懇親会LTJJUG CCC 2018 Fall 懇親会LT
JJUG CCC 2018 Fall 懇親会LT
 
Reduce dependency on Rx with Kotlin Coroutines
Reduce dependency on Rx with Kotlin CoroutinesReduce dependency on Rx with Kotlin Coroutines
Reduce dependency on Rx with Kotlin Coroutines
 
Kotlin/NativeでAndroidのNativeメソッドを実装してみた
Kotlin/NativeでAndroidのNativeメソッドを実装してみたKotlin/NativeでAndroidのNativeメソッドを実装してみた
Kotlin/NativeでAndroidのNativeメソッドを実装してみた
 
Use Kotlin scripts and Clova SDK to build your Clova extension
Use Kotlin scripts and Clova SDK to build your Clova extensionUse Kotlin scripts and Clova SDK to build your Clova extension
Use Kotlin scripts and Clova SDK to build your Clova extension
 
The Magic of LINE 購物 Testing
The Magic of LINE 購物 TestingThe Magic of LINE 購物 Testing
The Magic of LINE 購物 Testing
 
GA Test Automation
GA Test AutomationGA Test Automation
GA Test Automation
 
UI Automation Test with JUnit5
UI Automation Test with JUnit5UI Automation Test with JUnit5
UI Automation Test with JUnit5
 
Feature Detection for UI Testing
Feature Detection for UI TestingFeature Detection for UI Testing
Feature Detection for UI Testing
 
LINE 新星計劃介紹與新創團隊分享
LINE 新星計劃介紹與新創團隊分享LINE 新星計劃介紹與新創團隊分享
LINE 新星計劃介紹與新創團隊分享
 
​LINE 技術合作夥伴與應用分享
​LINE 技術合作夥伴與應用分享​LINE 技術合作夥伴與應用分享
​LINE 技術合作夥伴與應用分享
 
LINE 開發者社群經營與技術推廣
LINE 開發者社群經營與技術推廣LINE 開發者社群經營與技術推廣
LINE 開發者社群經營與技術推廣
 
日本開發者大會短講分享
日本開發者大會短講分享日本開發者大會短講分享
日本開發者大會短講分享
 
LINE Chatbot - 活動報名報到設計分享
LINE Chatbot - 活動報名報到設計分享LINE Chatbot - 活動報名報到設計分享
LINE Chatbot - 活動報名報到設計分享
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes
 
LINE TODAY高效率的敏捷測試開發技巧
LINE TODAY高效率的敏捷測試開發技巧LINE TODAY高效率的敏捷測試開發技巧
LINE TODAY高效率的敏捷測試開發技巧
 
LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹
LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹
LINE 區塊鏈平台及代幣經濟 - LINK Chain及LINK介紹
 
LINE Things - LINE IoT平台新技術分享
LINE Things - LINE IoT平台新技術分享LINE Things - LINE IoT平台新技術分享
LINE Things - LINE IoT平台新技術分享
 
LINE Pay - 一卡通支付新體驗
LINE Pay - 一卡通支付新體驗LINE Pay - 一卡通支付新體驗
LINE Pay - 一卡通支付新體驗
 
LINE Platform API Update - 打造一個更好的Chatbot服務
LINE Platform API Update - 打造一個更好的Chatbot服務LINE Platform API Update - 打造一個更好的Chatbot服務
LINE Platform API Update - 打造一個更好的Chatbot服務
 
Keynote - ​LINE 的技術策略佈局與跨國產品開發
Keynote - ​LINE 的技術策略佈局與跨國產品開發Keynote - ​LINE 的技術策略佈局與跨國產品開發
Keynote - ​LINE 的技術策略佈局與跨國產品開發
 

Kürzlich hochgeladen

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Kürzlich hochgeladen (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

A 5 security x line platform

  • 1.
  • 2. 1 LINE Architecture 2 Transport Security 3 Messaging and VoIP Security 4 Device Security
  • 3. LINE Architecture LINE Android Talk Server User DB LINE LINE iOS LINE Desktop Timeline Auth Media LEGY Bot / OA LEGY encryption SPDY/2 LEGY encryption SPDY/2 LEGY encryption SPDY/2 HTTP/HTTPS
  • 4. LEGY Line Event GatewaY And more Routing Transport encryption http://developers.linecorp.com/blog/?p=2381 http://developers.linecorp.com/blog/?p=2709
  • 5. TLS Problems Current version – TLS v1.2 TLS v1.3 aims to provide some solutions Requires several round-trips to complete handshake High RTT on mobile networks • simplified handshake • 0-RTT • but not final yet (draft status) https://tlswg.github.io/tls13-spec/
  • 6. Current version • pinned RSA keys +AES • no X.509 certificates • 0-RTT handshake • no forward secrecy (FS) LEGY Encryption Lightweight TLS alternative
  • 7. LEGY Encryption FS Forward secrecy (FS) Elliptic curve cryptography (ECC) 0-RTT handshake AES-GCM for app data encryption ECDH-based key exchange first message under client ephemeral/server static subsequent messages under ephemeral/ephemeral
  • 8. Messaging E2EE • End-to-end encryption (E2EE) for LINE - Letter Sealing • Introduced in Oct 2015/ LINE 5.3.0 • Initially iOS/Android only • Applied to text and location messages h t t p : / / d e v e l o p e r s . l i n e c o r p . c o m / b l o g / ? p = 3 6 7 9
  • 9. Letter Sealing Evolution • Group chat support • Secondary device support • Status indicator • ON by default iOS/Android 6.5.0+ Mac/Win 4.8.0+ • Planned enhancements Media encryption h t t p : / / d e v e l o p e r s . l i n e c o r p . c o m / b l o g / ? p = 3 6 7 9
  • 10. Sending an Encrypted Message LINE User 1 Talk Server 1.user2’s public key? 2.send message (ID:456, pub key) LINE User 2 Message AES encrypt Message to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’
  • 11. Receiving an Encrypted Message LINE User 1 Talk Server 3.push message 4.user1’s public key? (ID:123, pub key) LINE User 2 Message Message AES decrypt to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’
  • 12. Encrypted Message Exchange LINE User 1 Talk Server 1.user2’s public key? 2.send message (ID:456, pub key) 3.push message 4.user1’s public key? (ID:123, pub key) LINE User 2 Message Message AES encrypt to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’ AES decrypt Message to:user2 from:user1 text:’Hello’
  • 13. Encryption Method Messageuser 1 shared secret KDF (SS, salt) KDF (SS, salt) user1 priv key user2 pub key Keychain keyID:123 [priv key] [user2 pub key] [userN pub key] ECDH (Curve22519) user2 priv key user1 pub key Message AES encrypt to:user2 from:user1 toKeyID:456 fromKeyID:123 [salt] [encrypted data] Message to:user2 from:user1 text:’Hello’ AES decrypt Message to:user2 from:user1 text:’Hello’ Keychain keyID:456 [priv key] [user1 pub key] [userN pub key] user 2
  • 14. Key Verification Android Chat Settings > Encryption Key iOS Settings > Encryption Key
  • 15. Group Chat Support Dedicated shared key is generated for each group Encrypted shared key distributed to all members Principle is same as 1:1 chats Shared key is replaced when members leave or join Key-encryption key derived for each member ECDH key exchange AES encryption
  • 16. Group Key Registration LINE User 1 Talk Server 1.group1 member pub keys? (user1 pubK,user2 pubK,user3 pubK) 3.enc. group skey Keychain keyID:123 [priv key] [group shared key] [user3 pub key] [user2 pub key] Group Key for user1* [encrypted skey] for user2 [encrypted skey] for user3 [encrypted skey] 2.gen. group shared key 4.register group1 shared key Group 1 Group Key for user1* [encrypted skey] for user2 [encrypted skey] for user3 [encrypted skey] user1 user2 user3
  • 17. Group Key Distribution LINE User 2 Talk Server 1.group1 shared key? (enc. skey for user2) 1.group1 shared key? (enc. skey for user3) LINE User 3 Message Keychain keyID:456 [priv key] [group1 shared key] Group Key for user1* [encrypted skey] for user2 [encrypted skey] for user3 [encrypted skey] Keychain keyID:789 [priv key] [group1 shared key] 2.decrypt & save group shared key 2.decrypt & save group shared key
  • 18. VoIP E2EE • LINE 6.5.0+ • ECDH key exchange ephemeral keys server-mediated custom SIP headers • Media stream encryption SRTP AES-CTR + HMAC-SHA1
  • 19. Device Security True Delete - Since 5.3.0 More advanced data protection features coming soon Overwriting NULL http://developers.linecorp.com/blog/?p=3660
  • 20. LINE Encryption Whitepaper Detailed cryptographic protocol specification Covers Available now at transport encryption Letter Sealing https://linecorp.com/en/security/article/37 messaging E2EE VoIP E2EE
  • 21.
  • 22. 1 Risk Assessment 2 Anti-Spam/Game Abusing 3 Bug Bounty Program
  • 24. Risk Assessment Server • XSS • CSRF • Path Traversal • Open-Redirect Client Web Server • Analyzing the protocol • Abusing/Cheating • Bot (un-official client) Client LINE / Game • Reversing • Modifying
  • 25. Risk Assessment Server • Analyzing the protocol • Abusing/Cheating • Bot (un-official client) Client LINE / Game • Reversing • Modifying
  • 26. Reverse engineering Malware analysis Vulnerability diagnosis/ investigation Illegal copy of contents Software tracking, cheating Reverse engineering is a process of analyzing software/hardware and examining operating principles, source code, and development methods. Purpose of use (examples)
  • 27. Change in game environment Cheat tools are created Possible to level up without spending money and time Bots are created Online, item purchase Android, iOS opening up of the platform
  • 28. Security Measures Enhance security to the level where it is difficulty to abuse/cheat Bot/abuser detection is performed on the server side General cheat tool counter measure Encryption of locally stored data Encryption of communication between games and servers ARM/IL analysis measure Abuser detection/automation
  • 29. RA for LINE Games Memory / file cheat • Possible to prevent it by storing score and other data on the server • Status data, such as attack power and HP, are fully handled on the client, and there is no counter measure for them. From GameHacker
  • 30. RA for LINE Games Speed hack Ex.1: Stamina power recovery (possible to prevent) Stamina: 40 / 100 Time: 12:54 Stamina: 40 / 100 Sync Abuser: added extra 20 min to in-game time Time: 12:34 Notice Stamina power recovery Time: 12:34Time: 12:34 Sync Since it does not match server-side time, the notice is rejected.
  • 31. RA for LINE Games Speed hack Ex.2: Time attack (impossible to prevent) Time: 12:20 Time: 12:21 Time: 12:20 Sync Start a stage Time: 12:21 Notice Stage clear notice • Play game at twice the speed • Fake a stage clear notice If set to a realistic time, the server cannot detect the hack.
  • 32. RA for LINE Games MITM (Man-In-The-Middle) • If it is just HTTPS, communication is analyzed by MITM • SSL pinning should be performed in the game However, the data is decrypted in the game. Hence, there is no perfect counter measure. certificate Possible to view communication
  • 33. RA for LINE Games MITM (Man-In-The-Middle) • Place proxy certificate in device • With only HTTPS, communication is cryptanalyzed by MITM • [Measure]Execute SSL Pinning (certificate check) in game Check certificate
  • 34. SSL Pinning public static bool ValidateServerCertificate (object sender,System.Security.Cryptograp hy.X509Certificates.X509Certificate certificate, X509Chain chain, System.Net.Security. SslPolicyErrors sslPolicyErrors) { string chash = certificate.GetCertHashString (); if (chash == " (hardcoded hash)") return true; // SSL certificate check ok return false; } Examples of code to check certificate of communication partner in game (Check routine may be removed)
  • 35. RA for LINE Games Unity C# -> CIL (DLL) -> Decompile *.dll C# -> CIL -> ASM(il2cpp) -> Disassemble libil2cpp.so Cocos2d-x C++ -> .so -> Disassemble *.so
  • 36. RA for LINE Games Unity C# -> CIL (DLL) -> Decompile *.dll From ILSpy public void TakeDamage (int amount) { damaged = true; currentHealth -= amount; healthSlider.value = currentHealth; playerAudio.Play (); if(currentHealth <= 0 && !isDead) Death (); } public void TakeDamage(int amount) { this.damaged = true; this.currentHealth -= amount; this.healthSlider.set_value( (float)this.currentHealth); this.playerAudio.Play(); if (this.currentHealth <= 0 && !this.isDead) { this.Death(); } }
  • 37. RA for LINE Games Unity C# -> CIL -> ASM(il2cpp) -> Disassemble libil2cpp.so From IDA public void TakeDamage (int amount) { damaged = true; currentHealth -= amount; healthSlider.value = currentHealth; playerAudio.Play (); if(currentHealth <= 0 && !isDead) Death (); }
  • 38. RA for LINE Games From IDA
  • 39. Security Measures Enhance security to the level where it is difficulty to abuse/cheat Bot/abuser detection is performed on the server side General cheat tool counter measure Encryption of locally stored data Encryption of communication between games and servers ARM/IL analysis measure Abuser detection/automation
  • 40. Security Measures Duration/period/frequency of game play Timing of level up Timing of stage clear Item usage history (including payment) IP bandwidth Detect anomalies based on the characteristics below, while taking false positives into utmost consideration Human Bot
  • 41. Anti-Spam Message Spammer’s Account SecurityCS spam message Users Anti-Spam block Report Query LINE • Block rule • Text mining • Human check Check flow
  • 42. Anti-Spam/Abusing Operator takes necessary measures (e.g. adding rules) Finds potential loopholes for the abuser (measures for the measure) Operator takes additional measures (return to 2.) Datasets change Datasets change Datasets change
  • 43. Anti-Spam/Abusing Datasets change periodically False positives of less than 0.01% Datasets change Datasets change Datasets change Able to explain the cause of false positives There is a limit to detection by machine learning based on similarity. (Manual check is essential.)
  • 44. Anti-Spam/Abusing Bring client (app) measure to a certain level Automate server-side as much as possible Final check to be done manually (as needed) We intend to explore this area and implement further automation
  • 46. Bug Bounty Program 0 5 10 15 20 25 The number of reports 6/2 6/16 6/30 7/14 7/28 8/11 Category XSS CSRF RCE Auth bypass Purchase bypass Encryption break Other