How LINE's engineering team tackles security

LINE security is open with their improvement efforts, reports Tech in Asia

Instant messaging apps are an attractive target for malicious attacks. Understandably so — much of our lives are poured into our conversations with others, including our whereabouts, private information, and photographs.

One such app is LINE. Fresh off the IPO boat, the subsidiary of the Naver Corporation boasts 220 million users. 

To support the many new features that LINE has introduced since their IPO, LINE has expended significant resources to construct a scalable architecture that not only supports these features but protects the information transacted each day.

Meet LEGY

At the heart of LINE’s architecture is the Line Event-delivery GatewaY (or LEGY), a custom-built API gateway server that ensures that everyone can use LINE no matter the device or platform.
 

It was created to support the application-layer protocol SPDY (pronounced speedy) used by the app to safely and efficiently transport messages between users.

End-to-end encryption

E2EE ensures that neither potential eavesdroppers nor LINE can decode (or decrypt) an encrypted conversation.
 

Messaging uses dedicated, per-user static ECDH keys; in contrast, voice calls are encrypted by ephemeral ECDH keys, which are generated only when a call begins and discarded once the call ends.
 

Risk Assessment for games
 

Anyone familiar with game production will understand how treacherous game hackers can be. That’s why part of a platform’s security measures exist to assess risk from hacks. Though not exactly a security risk, gamers often worm their way past an app’s mechanics to manipulate the game. 

Crowdsourcing security
 

What makes LINE’s security exciting to watch is that they’re very open with their improvement efforts; it’s outlined clearly in their engineers’ blog posts and their encryption white paper.
 

As the open-source community has shown, the culture of learning from each other’s experiences and progression goes a long way to improving your abilities and products. 

This is an excerpt from Tech in Asia. You can read the full article here