TY - GEN
T1 - Forensic analysis of the backup database file in KakaoTalk messenger
AU - Choi, Jusop
AU - Park, Jaewoo
AU - Kim, Hyoungshick
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/3/17
Y1 - 2017/3/17
N2 - Instant messaging services should be designed to securely protect their users' personal contents such as chat messages, photos and video clips against a wide range of attacks. In general, such contents are securely encrypted in storage. In this paper, however, we demonstrated that the backup database file for chat messages in KakaoTalk (the most popularly used instant messaging service in Republic of Korea, http://www.kakao.com/talk/en) can be leaked to unauthorized users. We carefully examined the backup procedure in KakaoTalk through reverse engineering the KakaoTalk application to analyze how the backup database file was encrypted and the encryption key can be generated. Our analysis showed that the encrypted database is susceptible to off-line password guessing attacks. Based on this finding, we recommend that a secure key generation technique should be designed to improve resistance against offline password guessing attacks by using a random secret number to generate the encryption key.
AB - Instant messaging services should be designed to securely protect their users' personal contents such as chat messages, photos and video clips against a wide range of attacks. In general, such contents are securely encrypted in storage. In this paper, however, we demonstrated that the backup database file for chat messages in KakaoTalk (the most popularly used instant messaging service in Republic of Korea, http://www.kakao.com/talk/en) can be leaked to unauthorized users. We carefully examined the backup procedure in KakaoTalk through reverse engineering the KakaoTalk application to analyze how the backup database file was encrypted and the encryption key can be generated. Our analysis showed that the encrypted database is susceptible to off-line password guessing attacks. Based on this finding, we recommend that a secure key generation technique should be designed to improve resistance against offline password guessing attacks by using a random secret number to generate the encryption key.
KW - database encryption
KW - KakaoTalk
KW - key generation
KW - off-line password guessing
KW - reverse-engineering
UR - https://www.scopus.com/pages/publications/85017625497
U2 - 10.1109/BIGCOMP.2017.7881732
DO - 10.1109/BIGCOMP.2017.7881732
M3 - Conference contribution
AN - SCOPUS:85017625497
T3 - 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017
SP - 156
EP - 161
BT - 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017
Y2 - 13 February 2017 through 16 February 2017
ER -