E2E Encryption and Identity Properties for Zoom Meetings
Zoom’s platform provides video conferencing services for hundreds of millions of daily meeting participants. They use Zoom to conduct business, learn among classmates scattered by recent events, connect with friends and family, collaborate with colleagues, and in some cases, discuss critical matters of state. Zoom is working hard to improve meeting security for its users. In May 2020, Zoom published an incrementally deployable proposal (https://github.com/zoom/zoom-e2e-whitepaper), describing not only a design for its improved end-to-end encryption (E2EE), but also a plan to build an auditable and persistent notion of identity for all Zoom users, which will provide additional security even against active attacks from a compromised Zoom server.
In this talk, I will first describe our improved end-to-end design, report on our progress deploying it, and comment on some lessons we learned along the way. Then, I will look to the future and present our vision for user identity protocols. I will argue why it matters, discuss the issues which make this problem hard, and how we plan to address them.
Antonio Marcedone is a Cryptography Engineer at Zoom, where he designs protocols and systems that leverage cryptography to deliver the strongest security guarantees to Zoom users. He received his PhD from Cornell University in 2019, where he was advised by Professor Rafael Pass. His PhD research focused on practical secure computation and its applications to federated machine learning, arithmetic computation and cryptocurrency hardware wallets.