survey

Security and Privacy in Unified Communication

Authors:

Thomas Reisinger,

Eerke Albert BoitenAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 55, Issue 3

Article No.: 55, Pages 1 - 36

https://doi.org/10.1145/3498335

Published: 03 February 2022 Publication History

Abstract

The use of unified communication; video conferencing, audio conferencing, and instant messaging has skyrocketed during the COVID-19 pandemic. However, security and privacy considerations have often been neglected. This article provides a comprehensive survey of security and privacy in Unified Communication (UC). We systematically analyze security and privacy threats and mitigations in a generic UC scenario. Based on this, we analyze security and privacy features of the major UC market leaders, and we draw conclusions on the overall UC landscape. While confidentiality in communication channels is generally well protected through encryption, other privacy properties are mostly lacking on UC platforms.

References

[1]

Nasser M. Al-Fannah. 2017. One leak will sink a ship: WebRTC IP address leaks. In Proceedings of the 2017 International Carnahan Conference on Security Technology. IEEE, 1–5. DOI:https://doi.org/10.1109/CCST.2017.8167801

[2]

Ryan Amos, Gunes Acar, Elena Lucherini, Mihir Kshirsagar, Arvind Narayanan, and Jonathan Mayer. 2021. Privacy policies over time: Curation and analysis of a million-document dataset. In Proceedings of the Web Conference 2021. ACM, Ljubljana, Slovenia, 22. DOI:https://doi.org/10.1145/3442381.3450048

Digital Library

[3]

Ross J. Anderson and Fabien A. P. Petitcolas. 1998. On the limits of steganography. IEEE Journal on Selected Areas in Communications 16, 4 (1998), 474–481. DOI:https://doi.org/10.1109/49.668971

Digital Library

[4]

Benjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman. 2020. Actions speak louder than words: entity-sensitive privacy policy and data flow analysis with policheck. In Proceedings of the 29th {USENIX} security Symposium ({USENIX} security 20). USENIX, 985–1002.

Digital Library

[5]

Iosif Androulidakis. 2012. SMS Security Issues. Springer US, Boston, MA, 63–74. https://doi.org/10.1007/978-1-4614-1650-0_5

[6]

Cosimo Anglano. 2014. Forensic analysis of whatsapp messenger on android smartphones. Digital Investigation 11, 3 (2014), 201–213. DOI:https://doi.org/10.1016/j.diin.2014.04.003Special Issue: Embedded Forensics.

Digital Library

[7]

AN.ON. [n.d.]. AN.ON - anonymity.online. Retrieved from https://anon.inf.tu-dresden.de/index_en.html. Accessed: 15-03-2020.

[8]

Josep Balasch, Alfredo Rial, Carmela Troncoso, Bart Preneel, Ingrid Verbauwhede, and Christophe Geuens. 2010. PrETP: privacy-preserving electronic toll pricing. In Proceedings of the 19th USENIX Security Symposium. USENIX Association, Washington, DC, 63–78.

Digital Library

[9]

Salman Baset and Henning Schulzrinne. 2005. An analysis of the skype peer-to-peer internet telephony protocol. In Proceedings of the IEEE INFOCOM (01 2005). DOI:https://doi.org/10.1109/INFOCOM.2006.312

[10]

M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman. 2004. The Secure Real-time Transport Protocol (SRTP). RFC 3711 (Proposed Standard). 56 pages. DOI:https://doi.org/10.17487/RFC3711Updated by RFCs 5506, 6904.

Digital Library

[11]

Cullen Jennings, Henrik Boström, Jan-Ivar Bruaroey, Adam Bergkvist, Daniel C. Burnett, Anant Narayanan, Bernard Aboba, Taylor Brandstetter. 2017. WebRTC 1.0 Real-time.Communication between browsers. https://www.w3.org/TR/webrtc/ Accessed: 30-06-2021.

[12]

Berliner Datenschutz Beauftragte. 2020. Hinweise für berliner verantwortliche zu anbietern vonvideokonferenz-diensten. Retrieved from https://www.datenschutz-berlin.de/fileadmin/user_upload/pdf/orientierungshilfen/2020-BlnBDI-Hinweise_Berliner_Verantwortliche_zu_Anbietern_Videokonferenz-Dienste.pdf. Accessed: 24-09-2020.

[13]

Daniel J. Bernstein. 2006. Curve25519: New diffie-hellman speed records. In Proceedings of the Public Key Cryptography - PKC 2006, Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin (Eds.). Springer Berlin Heidelberg, Berlin, 207–228.

Digital Library

[14]

Daniel J. Bernstein. 2008. Chacha, a variant of Salsa20. In Proceedings of the Workshop Record of SASC, Vol. 8. 3–5.

[15]

Tom Berson. 2005. Skype security evaluation. Retrieved from http://www.anagram.com/berson/skyeval.pdf. Accessed: 18-07-2019.

[16]

Nikita Borisov, Ian Goldberg, and Eric Brewer. 2004. Off-the-record communication, or, why not to use PGP. In Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society. Association for Computing Machinery, New York, NY, 77–84. DOI:https://doi.org/10.1145/1029179.1029200

Digital Library

[17]

Jan Camenisch, Maria Dubovitskaya, Anja Lehmann, Gregory Neven, Christian Paquin, and Franz-Stefan Preiss. 2013. Concepts and languages for privacy-preserving attribute-based authentication. In Proceedings of the Policies and Research in Identity Management, Simone Fischer-Hübner, Elisabeth de Leeuw, and Chris Mitchell (Eds.). Springer Berlin Heidelberg, Berlin, 34–52.

[18]

Dell Cameron. 2020. Edward snowden tells you what encrypted messaging apps you should use. Retrieved from https://www.dailydot.com/layer8/edward-snowden-signal-encryption-privacy-messaging/. Accessed: 04-08-2019.

[19]

Dana Casielles. 2020. Cisco, microsoft, zoom: Comparing one to another. Retrieved from https://www.nojitter.com/team-collaboration-tools-workspaces/cisco-microsoft-zoom-comparing-one-another?_mc=NL_NJ_EDT_NJ_weekly_20200901cid=NL_NJ_EDT_NJ_weekly_20200901elq_cid=26974084elq_mid=99292. Accessed: 24-09-2020.

[20]

Chi-Tung Chen and Cheng-Chi Lee. 2015. A two-factor authentication scheme with anonymity for multi-server environments. Security and Communication Networks 8, 8 (2015), 1608–1625. DOI:https://doi.org/10.1002/sec.1109 arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/sec.1109.

Digital Library

[21]

Cohn-Gordon Katriel, Cremers Cas, Dowling Benjamin, Garratt Luke, and Stebila Douglas. 2017. A formal security analysis of the signal messaging protocol. In Proceedings of the 2017 IEEE European Symposium on Security and Privacy. 451–466. DOI:https://doi.org/10.1109/EuroSP.2017.27

[22]

Josh Constine. 2014. The whatsapp architecture facebook bought for 19 billion USD. High Scalability. Retrieved from http://highscalability.com/blog/2014/2/26/the-whatsapp-architecture-facebook-bought-for-19-billion.html. Accessed: 11-05-2019.

[23]

Stéphanie Delaune, Steve Kremer, and Mark Ryan. 2009. Verifying privacy-type properties of electronic voting protocols. Journal of Computer Security 17, 4 (2009), 435–487.

Digital Library

[24]

Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. 2011. A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering 16, 1 (2011), 3–32.

Digital Library

[25]

B. Desruisseaux. 2009. Internet Calendaring and Scheduling Core Object Specification (iCalendar). RFC 5545 (Proposed Standard). 168 pages. DOI:https://doi.org/10.17487/RFC5545Updated by RFCs 5546, 6868, 7529, 7953, 7986.

[26]

Cynthia Dwork. 2006. Differential privacy. In Proceedings of the International Colloquium on Automata, Languages, and Programming. LNCS, Vol. 4052. Springer, Venice, Italy, 1–12.

Digital Library

[27]

European Commission. 2017. Commission fines facebook 110 million euro for providing misleading information about whatsapp takeover. (2017). Retrieved from http://europa.eu/rapid/press-release_IP-17-1369_en.htm. Accessed: 19-06-2019.

[28]

European Data Protection Supervisor (EDPS). 2020. Outcome of own-initiative investigation into EU institutions’ use of microsoft products and services. Retrieved from https://edps.europa.eu/sites/edp/files/publication/20-07-02_edps_euis_microsoft_contract_investigation_en.html. Accessed: 24-09-2020.

[29]

European Union. 2016. General data protection regulation. Retrieved from https://eur-lex.europa.eu/eli/reg/2016/679/oj. Accessed: 26-04-2020.

[30]

Alexandros Fakis, Georgios Karopoulos, and Georgios Kambourakis. 2020. Neither denied nor exposed: Fixing WebRTC privacy leaks. Future Internet 12, 5 (2020), 92.

[31]

David Fifield. 2017. Threat modeling and circumvention of internet censorship. Ph.D. Dissertation. EECS Department, University of California, Berkeley.

[32]

David Fifield and Mia Gil Epner. 2016. Fingerprintability of WebRTC. arxiv:1605.08805. Retrieved from https://arxiv.org/abs/1605.08805.

[33]

J. Fischl, H. Tschofenig, and E. Rescorla. 2010. Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS). RFC 5763 (Proposed Standard). 37 pages. DOI:https://doi.org/10.17487/RFC5763

[34]

Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, and Thorsten Holz. 2016. How secure is textsecure?. In Proceedings of the 2016 IEEE European Symposium on Security and Privacy. IEEE, 457–472.

[35]

Oded Gal. 2020. The facts around zoom and encryption for Meetings/Webinars. Retrieved from https://blog.zoom.us/wordpress/2020/04/01/facts-around-zoom-encryption-for-meetings-webinars/. Accessed: 11-05-2020.

[36]

Gartner I. T. Glossary. [n.d.]. Unified Communications (UC). Retrieved from https://www.gartner.com/it-glossary/unified-communications-uc. Accessed: 30-10-2018.

[37]

Google. [n.d.]. Google meet audit log. Retrieved from https://support.google.com/a/answer/9186729?hl=en. Accessed: 15-06-2021.

[38]

Google. [n.d.]. Prepare your network for meet video calls. Retrieved from https://support.google.com/a/answer/1279090. Accessed: 14-06-2021.

[39]

Google. [n.d.]. Real-time communication for the web. Retrieved from https://webrtc.org/. Accessed: 29-12-2020.

[40]

Google. 2017. encryption in transit in google cloud. Retrieved from https://cloud.google.com/security/encryption-in-transit. Accessed: 14-06-2021.

[41]

Google. 2019. Google security whitepaper. Retrieved from https://cloud.google.com/security/overview/whitepaper. Accessed: 13-06-2021.

[42]

Google. 2021. Google meet security and privacy for admins. Retrieved from https://support.google.com/a/answer/7582940?hl=en&ref_topic=7302923. Accessed: 14-06-2021.

[43]

M. Handley, V. Jacobson, and C. Perkins. 2006. SDP: Session description protocol. RFC 4566 (Proposed Standard). 49 pages. DOI:https://doi.org/10.17487/RFC4566

Digital Library

[44]

Marit Hansen, Peter Berlich, Jan Camenisch, Sebastian Clauß, Andreas Pfitzmann, and Michael Waidner. 2004. Privacy-enhancing identity management. Information Security Technical Report 9, 1 (2004), 35–44. DOI:https://doi.org/10.1016/S1363-4127(04)00014-7

[45]

Hamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G. Shin, and Karl Aberer. 2018. Polisis: automated analysis and presentation of privacy policies using deep learning. In Proceedings of the 27th {USENIX} Security Symposium ({USENIX} Security 18). 531–548.

Digital Library

[46]

Bill Haskins. 2018. 2018 Worldwide unified communications forecast. Retrieved from https://insight.wainhouse.com/reportaction/UC-FCST18-UCaaS-WW/Marketing. Accessed: 01-11-2018.

[47]

Howard and Lipner. 2006. The Security Development Lifecycle. Microsoft Press. DOI:https://blogs.msdn.microsoft.com/microsoft_press/2016/04/19/free-ebook-the-security-development-lifecycle/.

Digital Library

[48]

David Huerta. 2013. [tor-talk] WebRTC via tor. Retrieved from https://www.mail-archive.com/[email protected]/msg08733.html. Accessed: 12-08-2021.

[49]

Hyperledger FABRIC. [n.d.]. MSP implementation with identity mixer. Retrieved from https://hyperledger-fabric.readthedocs.io/en/release-1.4/idemix.html. Accessed: 12-03-2020.

[50]

Ian Goldberg, David Goulet, and Jurre van Bergen. [n. d.]. Off-the-Record Messaging. https://otr.cypherpunks.ca/ Accessed: 13-05-2019.

[51]

Emil Ivov. 2020. This is what end-to-end encryption should look like. Retrieved from https://jitsi.org/e2ee. Accessed: 27-04-2020.

[52]

jitsi.org. [n.d.]. Jitsi meet security and privacy. Retrieved from https://jitsi.org/security/. Accessed: 27-04-2020.

[53]

jitsi.org Community. 2018. Information about jitsi. Jitsi Community Forum. Retrieved from https://community.jitsi.org/t/information-about-jitsi/15426/3. Accessed: 02-10-2019.

[54]

Scott Johnston. 2017. Meet the new hangouts. Retrieved from https://www.blog.google/products/g-suite/meet-the-new-enterprise-focused-hangouts/. Accessed: 16-06-2021.

[55]

Smita Hashim Karthik Lakshminarayanan. 2020. Secure connections: How google meet keeps your video conferences protected. Retrieved from https://cloud.google.com/blog/products/g-suite/how-google-meet-keeps-video-conferences-secure. Accessed: 13-06-2021.

[56]

Jonathan Katz, Alfred J. Menezes, Paul C. Van Oorschot, and Scott A. Vanstone. 1996. Handbook of Applied Cryptography. CRC press.

Digital Library

[57]

Girard Kelly. 2020. What zoom’s privacy policy changes mean for you. Common Sense. Retrieved from https://www.commonsense.org/education/articles/what-zooms-privacy-policy-changes-mean-for-you. Accessed: 13-12-2020.

[58]

Kenneth E. Kendall, Julie E. Kendall. 2019. Systems Analysis and Design. Pearson Education Limited.

[59]

Swati Khandelwal. 2020. Zoom bug could have let uninvited people join private meetings. Retrieved from https://thehackernews.com/2020/01/zoom-meeting-password.html. Accessed: 11-05-2020.

[60]

Paul C. Kocher. 1996. Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In Proceedings of the Advances in Cryptology — CRYPTO’96, Neal Koblitz (Ed.). Springer Berlin Heidelberg, Berlin, 104–113.

Digital Library

[61]

Christian Kratzer, Jana Dittmann, Thomas Vogel, and Reyk Hillert. 2006. Design and evaluation of steganography for voice-over-IP. In Proceedings of the 2006 IEEE International Symposium on Circuits and Systems. IEEE, 4–pp.

[62]

H. Krawczyk, M. Bellare, and R. Canetti. 1997. HMAC: Keyed-hashing for message authentication. RFC 2104 (Informational). 11 pages. DOI:https://doi.org/10.17487/RFC2104Updated by RFC 6151.

Digital Library

[63]

H. Krawczyk and P. Eronen. 2010. HMAC-based Extract-and-Expand Key Derivation Function (HKDF). RFC 5869 (Informational). 14 pages. DOI:https://doi.org/10.17487/RFC5869

[64]

Ujjwal Kumar. 2016. Skype has over 300 million monthly active users, microsoft announces at build 2016. Retrieved from https://windowsreport.com/skype-number-of-users/. Accessed: 22-05-2019.

[65]

Ravie Lakshmanan. 2019. Zoom security flaw could let websites turn on your mac’s webcam without permission. Retrieved from https://thenextweb.com/security/2019/07/09/zoom-security-flaw-could-let-websites-turn-on-your-macs-webcam-without-permission/. Accessed: 11-05-2020.

[66]

Scott Lederer, Jason I. Hong, Anind K. Dey, and James A. Landay. 2004. Personal privacy through understanding and action: Five pitfalls for designers. Personal and Ubiquitous Computing 8, 6 (Nov. 2004), 440–454. DOI:https://doi.org/10.1007/s00779-004-0304-9

[67]

Dave Lee. 2011. Profile: How skype connected. Retrieved from https://www.bbc.com/news/technology-13350425Accessed: 21-05-2019.

[68]

Micah Lee. 2016. Battle of the secure messaging apps: How ginal beats whatsapp. The Intercept. Retrieved from https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/. Accessed: 04-08-2019.

[69]

Timothy Libert. 2018. An automated approach to auditing disclosure of third-party data collection in website privacy policies. In Proceedings of the 2018 World Wide Web Conference. International World Wide Web Conferences Steering Committee, Lyon, France, 207–216. DOI:https://doi.org/10.1145/3178876.3186087

Digital Library

[70]

Lorrie Cranor, Marc Langheinrich, Massimo Marchiori, Martin Presler-Marshall, and Joseph Reagle. 2002. The platform for privacy preferences. Retrieved from https://www.w3.org/TR/P3P/. Accessed: 22-03-2020.

[71]

R. Mahy, P. Matthews, and J. Rosenberg. 2010. Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN). RFC 5766 (Proposed Standard). 67 pages. DOI:https://doi.org/10.17487/RFC5766Updated by RFCs 8155, 8553.

[72]

Bill Marczak and John Scott-Railton. 2020. Move fast and roll your own crypto. Retrieved from https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/. Accessed: 11-05-2020.

[73]

Moxie Marlinspike. 2013. Advanced cryptographic ratcheting. Retrieved from https://signal.org/blog/advanced-ratcheting/. Accessed: 19-05-2020.

[74]

Moxie Marlinspike. 2013. Simplifying OTR deniability. Retrieved from https://signal.org/blog/simplifying-otr-deniability/. Accessed: 19-05-2020.

[75]

Moxie Marlinspike. 2014. Free, worldwide, encrypted phone calls for iphone. Signal.org. Retrieved from https://signal.org/blog/signal/. Accessed: 04-08-2019.

[76]

Moxie Marlinspike. 2018. A letter from amazon. Retrieved from https://signal.org/blog/looking-back-on-the-front/. Accessed: 04-08-2019.

[77]

D. McGrew and E. Rescorla. 2010. Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP). RFC 5764 (Proposed Standard). 26 pages. DOI:https://doi.org/10.17487/RFC5764Updated by RFC 7983.

[78]

Yael Grauer Micah Lee. 2020. Zoom meetings aren’t end-to-end encrypted, despite misleading markteing. Retrieved from https://theintercept.com/2020/03/31/zoom-meeting-encryption/. Accessed: 11-05-2020.

[79]

Moni Naor. 2002. Deniable ring authentication. In Proceedings of the Annual International Cryptology Conference. Springer, 481–498.

Digital Library

[80]

National Cyber Security Center. 2020. Video conferencing services: Security guidance for organisations. Retrieved from https://www.ncsc.gov.uk/guidance/video-conferencing-services-security-guidance-organisations. Accessed: 23-04-2020.

[81]

National Cyber Security Centre. 2020. Video conferencing services: Using them securely. Retrieved from https://www.ncsc.gov.uk/guidance/video-conferencing-services-using-them-securely. Accessed: 23-04-2020.

[82]

NSA. 2012. Users guide for PRISM skype collection. Retrieved from https://edwardsnowden.com/2015/01/05/users-guide-for-prism-skype-collection/. Accessed: 22-05-2019.

[83]

Sameer Patil and Alfred Kobsa. 2009. Privacy considerations in awareness systems: Designing with privacy in mind. In Proceedings of the Awareness Systems. Springer, 187–206.

[84]

Colin Percival. 2009. Stronger key derivation via sequential memory-hard functions. Retrieved from http://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf. Accessed: 19-05-2020.

[85]

C. Percival and S. Josefsson. 2016. the scrypt password-based key derivation function. RFC 7914 (Informational). 16 pages. DOI:https://doi.org/10.17487/RFC7914

[86]

Trevor Perrin (editor) and Moxie Marlinspike. 2016. The double ratchet algorithm. Retrieved from https://signal.org/docs/specifications/doubleratchet/. Accessed: 19-05-2020.

[87]

Jay Peters. 2020. Zoom will let paying customers pick which data center their calls are routed from. Retrieved from https://www.theverge.com/2020/4/13/21219835/zoom-data-center-call-routing-china-security-privacy-encryption. Accessed: 11-05-2020.

[88]

Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. Retrieved from https://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf. Accessed: 30-06-2021.

[89]

Philippe Biondi, Fabrice Desclaux. 2006. silver needle in the skype. Retrieved from http://www.oklabs.net/wp-content/uploads/2012/06/bh-eu-06-Biondi.pdf. Accessed: 23-07-2019.

[90]

Blair Pleasant. [n.d.]. UC cutting through the hype - what UC is and isn’t. Retrieved from http://viewer.media.bitpipe.com/1206484657_637/1206511483_362/SearchUC-v5.pdf. Accessed: 04-11-2018.

[91]

Nidhi Rastogi and James Hendler. 2017. Whatsapp security and role of metadata in preserving privacy. In 12th International Conference on Cyber Warfare and Security. Academic Conferences and publishing limited, 269–275.

[92]

Thomas Reisinger. 2020. Zoom security: I’ve researched problems with video conferencing for years – here’s what you need to know. Retrieved from https://theconversation.com/zoom-security-ive-researched-problems-with-video-conferencing-for-years-heres-what-you-need-to-know-136330. Accessed: 25-07-2021.

[93]

E. Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 (Proposed Standard). 160 pages. DOI:https://doi.org/10.17487/RFC8446

[94]

E. Rescorla. 2019. security considerations for WebRTC. IETF. Retrieved from https://tools.ietf.org/html/draft-ietf-rtcweb-security-12. Accessed: 29-12-2020.

[95]

Eric Rescorla. 2019. WebRTC security architecture. Retrieved from https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20. Accessed: 28-04-2020.

[96]

E. Rescorla and B. Korver. 2003. Guidelines for writing RFC text on security considerations. RFC 3552 (Best Current Practice). 44 pages. DOI:https://doi.org/10.17487/RFC3552

Digital Library

[97]

E. Rescorla and N. Modadugu. 2006. Datagram transport layer security. RFC 4347 (Proposed Standard). 25 pages. https://doi.org/10.17487/RFC4347Obsoleted by RFC 6347, updated by RFCs 5746, 7507.

[98]

Alfredo Rial and George Danezis. 2011. Privacy-preserving smart metering. In Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society. ACM, New York, NY, 49–60. DOI:https://doi.org/10.1145/2046556.2046564

Digital Library

[99]

Colleen Rodriguez. 2020. Zoom hits milestone on 90-Day security plan, releases zoom 5.0. Retrieved from https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/. Accessed: 29-04-2020.

[100]

Burton Rosenberg. 2010. Handbook of Financial Cryptography and Security. CRC Press.

Digital Library

[101]

J. Rosenberg. 2010. Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols. RFC 5245 (Proposed Standard). 117 pages. DOI:https://doi.org/10.17487/RFC5245Updated by RFC 6336.

[102]

J. Rosenberg, R. Mahy, P. Matthews, and D. Wing. 2008. Session Traversal Utilities for NAT (STUN). RFC 5389 (Proposed Standard). 51 pages. DOI:https://doi.org/10.17487/RFC5389Updated by RFCs 7350, 8553.

[103]

P. Samarati. 2001. Protecting respondents identities in microdata release. IEEE Transactions on Knowledge and Data Engineering 13, 6 (Nov. 2001), 1010–1027. DOI:https://doi.org/10.1109/69.971193

Digital Library

[104]

Bruce Schneier. 2016. Comparing messaging apps. Retrieved from https://www.schneier.com/blog/archives/2016/06/comparing_messa.html. Accessed: 04-08-2019.

[105]

Adam Shostack. 2014. Threat Modeling: Designing for Security (1 Ed.). John Wiley & Sons Ltd, New York.

Digital Library

[106]

Signal.org. [n.d.]. Signal github repository. Retrieved from https://github.com/signalapp. Accessed: 03-08-2021.

[107]

Signal.org. [n.d.]. Signal support - features. Retrieved from https://support.signal.org/hc/en-us. Accessed: 04-08-2019.

[108]

Signal.org. [n.d.]. Signal Terms & Privacy Policy. Retrieved from https://signal.org/legal/. Accessed: 04-08-2019.

[109]

Varun Singh. 2018. Explaining the WebRTC Secure Real-Time Transport Protocol (SRTP). Retrieved from https://www.callstats.io/blog/2018/05/16/explaining-webrtc-secure-real-time-transport-protocol-srtp. Accessed: 11-07-2020.

[110]

Skype Communications SARL. [n.d.]. What is skype? Retrieved from https://www.skype.com/en/about/. Accessed: 21-05-2019.

[111]

Skype Limited. 2010. Skype IT administrators guide - skype for windows version 4.2. Retrieved from https://download.skype.com/share/business/guides/skype-it-administrators-guide.pdf. Accessed: 07-07-2019.

[112]

Javier Soltero. 2020. Google meet premium video meetings–free for everyone. Retrieved from https://blog.google/products/meet/bringing-google-meet-to-more-people. Accessed: 13-06-2021.

[113]

Stackexchange. [n.d.]. Does tor work with WebRTC? Retrieved from https://tor.stackexchange.com/questions/876/does-tor-work-with-webrtc. Accessed: 10-08-2021.

[114]

Statista Research Department. 2021. Whatsapp - statistics and facts. Retrieved from https://www.statista.com/topics/2018/whatsapp/#dossierKeyfigures. Accessed: 2021-11-09.

[115]

Peter Stavroulakis and Mark Stamp. 2010. Handbook of Information and Communication Security. Springer Berlin Heidelberg, Germany. Retrieved from https://www.springer.com/gp/book/9783642041167.

Digital Library

[116]

Shanyu Tang, Qing Chen, Wei Zhang, and Yongfeng Huang. 2016. Universal steganography model for low bit-rate speech codec. Security and Communication Networks 9, 8 (2016), 747–754. Retrieved from https://onlinelibrary.wiley.com/doi/full/10.1002/sec.1183.

[117]

Editorial Team. 2016. End-to-end whatsapp: An opinionated series on why signal protocol is well-designed. Retrieved from https://www.praetorian.com/blog/whatsapp-end-to-end-encryption-why-signal-protocol-is-well-designed/. Accessed: 01-07-2021.

[118]

TeleGeography. 2014. Skype traffic continues to thrive. Retrieved from https://www.telegeography.com/products/commsupdate/articles/2014/01/15/skype-traffic-continues-to-thrive/. Accessed: 22-05-2019.

[119]

The Linux Foundation. [n.d.]. Hyperledger indy. Retrieved from https://www.hyperledger.org/projects/hyperledger-indy. Accessed: 24-03-2020.

[120]

Tor Project. [n.d.]. Tor project. Retrieved from https://www.torproject.org/. Accessed: 15-03-2020.

[121]

Torproject. 2017. UDP over tor. Retrieved from https://gitlab.torproject.org/legacy/trac/-/issues/7830. Accessed: 10-08-2021.

[122]

Zeynep Tufekci. [n.d.]. In response to guardian’s irresponsible reporting on whatsapp: A plea for responsible and contextualized reporting on user security. Retrieved from http://technosociology.org/?page_id=1687. Accessed: 15-09-2019.

[123]

Nate Drake; Brian Turner. 2020. Best video conferencing software in 2020. Techradar. Retrieved from https://www.techradar.com/best/best-video-conferencing-software. Accessed: 26-09-2020.

[124]

J. Uberti. 2019. WebRTC IP address handling requirements. IETF. Retrieved from https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-12. Accessed: 29-12-2020.

[125]

University of Waterloo department Cryptography, Security, and Privacy (CrySP). 2018. Wire. Retrieved from https://crysp.uwaterloo.ca/opinion/wire/. Accessed: 04-08-2020.

[126]

Tobias Urban, Dennis Tatang, Martin Degeling, Thorsten Holz, and Norbert Pohlmann. 2019. A study on subject data access in online advertising after the GDPR. In Proceedings of the Data Privacy Management, Cryptocurrencies and Blockchain Technology (Lecture Notes in Computer Science), Cristina Pérez-Solà, Guillermo Navarro-Arribas, Alex Biryukov, and Joaquin Garcia-Alfaro (Eds.). Springer International Publishing, Cham, 61–79. DOI:https://doi.org/10.1007/978-3-030-31500-9_5

Digital Library

[127]

Vicki Turk. 2020. Zoom took over the world. This is what will happen next. Wired. Retrieved from https://www.wired.co.uk/article/future-of-zoom. Accessed: 20-10-2020.

[128]

Isabel Wagner. 2022. Auditing Corporate Surveillance Systems: Research Methods for Greater Transparency. Cambridge University Press.

[129]

Isabel Wagner and Eerke Boiten. 2018. Privacy risk assessment: from art to science, by metrics. In Proceedings of the 13th International DPM Workshop on Data Privacy Management, Vol. LNCS 11025. Springer, Barcelona, Spain, 225–241. DOI:https://doi.org/10.1007/978-3-030-00305-0_17

[130]

Chungyi Wang and Quincy Wu. 2007. Information hiding in real-time VoIP streams. In Proceedings of the 9th IEEE International Symposium on Multimedia. IEEE, 255–262.

Digital Library

[131]

WhatsApp. 2017. Whatsapp encryption overview. Retrieved from https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf. Accessed: 07-05-2019.

[132]

WhatsApp. 2021. Whatsapp privacy policy. Retrieved from https://www.whatsapp.com/legal/updates/privacy-policy/?lang=en. Accessed: 11-01-2021.

[133]

WhatsApp FAQ. [n.d.]. How we work with the facebook companies. Retrieved from https://faq.whatsapp.com/general/26000112/?eea=1. Accessed: 15-09-2019.

[134]

Whonix.org. [n.d.]. whonix.org. Retrieved from https://www.whonix.org/. Accessed: 12-08-2021.

[135]

Wire Swiss GmbH. [n.d.]. About wire. Retrieved from https://wire.com/en/about/. Accessed: 23-07-2020.

[136]

Wire Swiss GmbH. [n.d.]. Proteus. Retrieved from https://github.com/wireapp/proteus. Accessed: 13-06-2020.

[137]

Wire Swiss GmbH. [n.d.]. Wire audits. Retrieved from https://wire.com/en/security/#audits. Accessed: 23-07-2020.

[138]

Wire Swiss GmbH. 2018. Wire privacy whitepaper. Retrieved from https://wire-docs.wire.com/download/WirePrivacyWhitepaper.pdf. Accessed: 19-05-2020.

[139]

Wire Swiss GmbH. 2018. Wire security whitepaper. Retrieved from https://wire-docs.wire.com/download/WireSecurityWhitepaper.pdf. Accessed: 19-05-2020.

[140]

Gabriel Wood. 2018. phone porting: How hackers can hijack your mobile phone number. NextAdvisor. Retrieved from https://www.nextadvisor.com/phone-porting-how-hackers-can-hijack-your-mobile-phone-number/. Accessed: 03-11-2019.

[141]

Eric Yuan. 2020. A message to our users. Retrieved from https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/. Accessed: 11-05-2020.

[142]

Eric Yuan. 2020. Zoom’s use of facebook’s SDK in iOS client. Retrieved from https://blog.zoom.us/wordpress/2020/03/27/zoom-use-of-facebook-sdk-in-ios-client/. Accessed: 11-05-2020.

[143]

Ali Zafar. 2018. Countries where whatsapp is banned. Retrieved from https://www.privacyend.com/countries-where-whatsapp-banned/. Accessed: 21-05-2019.

[144]

Zoom. 2020. 90-Day security plan: Key updates. Retrieved from https://blog.zoom.us/wp-content/uploads/2020/07/Security-90-day-Plan-Key-Updates.pdf. Accessed: 13-12-2020.

[145]

Zoom. 2020. Privacy policy. Retrieved from https://zoom.us/privacyAccessed: 11-05-2020.

[146]

Zoom. 2020. Security guide. Retrieved from https://zoom.us/docs/doc/Zoom-Security-White-Paper.pdf. Accessed: 15-07-2020.

[147]

Zoom. 2020. Zoom encryption. Retrieved from https://zoom.us/docs/doc/ZoomEncryptionWhitepaper.pdf. Accessed: 11-05-2020.

[148]

Zoom. 2021. government requests guide. Retrieved from https://zoom.us/docs/en-us/government-requests-guide.html. Accessed: 18-08-2021.

Cited By

Jerlin MShrivastav RAnusha KDevarajan GNagarajan S(2025)Secure Chat System: Harnessing the Power of Hybrid Encryption for Enhanced Security and ConfidentialityProceedings of International Conference on Recent Trends in Computing10.1007/978-981-97-8836-1_10(109-124)Online publication date: 2-Mar-2025
https://doi.org/10.1007/978-981-97-8836-1_10
De Oliveira VLima SRibeiro J(2024)Embracing Unified Communication and Collaboration: Business and Technological Trends2024 9th International Conference on Smart and Sustainable Technologies (SpliTech)10.23919/SpliTech61897.2024.10612601(1-6)Online publication date: 25-Jun-2024
https://doi.org/10.23919/SpliTech61897.2024.10612601
Shahid AImteaj A(2024)Securing User Privacy in Cloud-Based Whiteboard Services Against Health Attribute Inference AttacksIEEE Transactions on Artificial Intelligence10.1109/TAI.2024.33525295:8(3872-3885)Online publication date: Aug-2024
https://doi.org/10.1109/TAI.2024.3352529
Show More Cited By

Index Terms

Security and Privacy in Unified Communication
1. Information systems
  1. World Wide Web
    1. Web applications
      1. Internet communications tools
        Web conferencing
2. Security and privacy
  1. Network security
    1. Denial-of-service attacks
    2. Web protocol security
  2. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

Are RNGs Achilles' Heel of RFID Security and Privacy Protocols?

Security and privacy concerns have been growing with the increased utilisation of RFID technology in our daily lives. To mitigate these issues, numerous privacy-friendly authentication protocols have been published in the last decade. Random number ...
PUF-enhanced offline RFID security and privacy

RFID (Radio Frequency IDentification) based communication solutions have been widely used nowadays for mobile environments such as access control for secure system, ticketing systems for transportation, and sport events. These systems usually depend on ...
A Privacy Preserving Security Protocol-Based Application for Wireless Communication System
HPCC-CSS-ICESS '15: Proceedings of the 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conf on Embedded Software and Systems

The evolution of digital communication era includes both devices and applications running on different platforms. Specifics applications are needed for a safeguard communication ensuring protection and trust services to the users. The growing need to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 55, Issue 3

March 2023

772 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3514180

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 February 2022

Accepted: 01 November 2021

Revised: 01 August 2021

Received: 01 February 2021

Published in CSUR Volume 55, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
1,536
Total Downloads

Downloads (Last 12 months)330
Downloads (Last 6 weeks)36

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jerlin MShrivastav RAnusha KDevarajan GNagarajan S(2025)Secure Chat System: Harnessing the Power of Hybrid Encryption for Enhanced Security and ConfidentialityProceedings of International Conference on Recent Trends in Computing10.1007/978-981-97-8836-1_10(109-124)Online publication date: 2-Mar-2025
https://doi.org/10.1007/978-981-97-8836-1_10
De Oliveira VLima SRibeiro J(2024)Embracing Unified Communication and Collaboration: Business and Technological Trends2024 9th International Conference on Smart and Sustainable Technologies (SpliTech)10.23919/SpliTech61897.2024.10612601(1-6)Online publication date: 25-Jun-2024
https://doi.org/10.23919/SpliTech61897.2024.10612601
Shahid AImteaj A(2024)Securing User Privacy in Cloud-Based Whiteboard Services Against Health Attribute Inference AttacksIEEE Transactions on Artificial Intelligence10.1109/TAI.2024.33525295:8(3872-3885)Online publication date: Aug-2024
https://doi.org/10.1109/TAI.2024.3352529
Liu YChen HYang Z(2024)Enforcing End-to-end Security for Remote Conference Applications2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00236(2630-2647)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00236
Tian YJiang Z(2024)Design of Real-Time Media Encrypted Conference System Based on WebRTC2024 13th International Conference of Information and Communication Technology (ICTech)10.1109/ICTech63197.2024.00067(326-331)Online publication date: 12-Apr-2024
https://doi.org/10.1109/ICTech63197.2024.00067
Reisinger TBoiten EWagner I(2024)SEPPI: Secure and Privacy-Preserving Invitation for Unified Communication Meetings2024 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICNC59896.2024.10556130(730-736)Online publication date: 19-Feb-2024
https://doi.org/10.1109/ICNC59896.2024.10556130
Zhang XCai YLiu FZhou F(2024)How to dissolve the “privacy paradox” in social networks? A game approach based on privacy calculusKybernetes10.1108/K-03-2024-0544Online publication date: 11-Jun-2024
https://doi.org/10.1108/K-03-2024-0544
Almeida F(2024)Implementation of a chatbot in a unified communication channelJournal of Systems and Information Technology10.1108/JSIT-08-2023-016027:1(94-115)Online publication date: 26-Nov-2024
https://doi.org/10.1108/JSIT-08-2023-0160
Mahmoud HAbozariba R(2024)A systematic review on WebRTC for potential applications and challenges beyond audio video streamingMultimedia Tools and Applications10.1007/s11042-024-20448-984:6(2909-2946)Online publication date: 23-Nov-2024
https://doi.org/10.1007/s11042-024-20448-9
Issaoui AÖrtensjö JIslam M(2023)Exploring the General Data Protection Regulation (GDPR) compliance in cloud services: insights from Swedish public organizations on privacy complianceFuture Business Journal10.1186/s43093-023-00285-29:1Online publication date: 15-Dec-2023
https://doi.org/10.1186/s43093-023-00285-2
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View full text|Download PDF

View Issue’s Table of Contents