Dining on Zoom

The other day I had a video call with my brother in Pakistan. He was enjoying a mouthwatering Nihari on Sunday brunch. Videoconferencing platforms such as Zoom have become normal as people work, study and connect remotely due to corona pandemic.

Videoconferencing uses cryptographic algorithms such as Advanced Encryption standard (AES) for encryption & decryption of the video calls. AES operates on a block of 128 bits and the key size can be 128, 192, or 256 bits.

AES Encryption Flow

AES takes in a 128-bit plain text plus a key and converts into a cipher text. The application breaks the message into 128-bit chunks and invokes AES sequentially to encrypt the entire message.

AES Two modes — ECB and CBC

In ECB (Electronic cook book) mode, each chunk of 128 bits is encrypted independently of the overall message. In CBC (Cipher Block chaining), each encrypted 128-bit text is influenced by the plain text preceding it. You can input the penguin image to both ECB and CBC modes and compare their outputs in this picture below.

ECB, CBC and the famous Penguin

Zoom and AES

You can see a penguin pattern in the ECB output. Because ECB preserves input patterns, it is not recommended to use ECB. Despite this known weakness, a research group reported (on April 3rd, 2020) that Zoom a was using AES-ECB with 128-bit key! Afterwards, the company conceded and replaced AES-ECB with AES-GCM 256-bit in its Zoom 5.0 release.

Nihari fondness:)

Zoom is likely to have more security issues e.g. a hacker may have joined Boris Johnson Zoom cabinet meetings this year! However I will continue to enjoy Nihari on a zoom call with my family:)