Multi-Stage Group Key Distribution and PAKEs: Securing Zoom Groups against Malicious Servers without New Security Elements

The study investigates improving the security of video conferencing applications, like Zoom, against malicious servers. Using a formalized cryptographic protocol model, the researchers propose a transformation integrating password-authenticated key exchange (PAKE) to enhance security without adding new elements or message flows. The methodology involves analyzing Zoom's version 4.0 protocol, defining a new security model, and applying the transformation to create the "ZoomPAKE" protocol, which prevents attacks by ensuring group passwords remain unknown to the server. This work has significant societal implications, as video conferencing apps are critical tools for communication worldwide. By addressing vulnerabilities, the study contributes to safeguarding user privacy and data security in a highly interconnected digital landscape.