7.6.8 Liveness

An important security property in video meetings (and other synchronous communications) is liveness: attackers should not be able to significantly delay data streams or meeting management actions (such as adding or removing users). To strengthen liveness, each meeting participant generates and uploads 192-bit unpredictable nonces N at regular intervals14. When the meeting leader rekeys the meeting, each participant’s ciphertext includes their most recent nonce as associated data. Participants only accept ciphertexts whose associated data includes one of their two most recent nonces (to tolerate race conditions). This ensures that received keys have been sent recently, i.e., after the recipient generated the relevant nonce. This mechanism guarantees the recency of meeting keys. Because leaders rotate the meeting key at least every five minutes (more frequently if the set of participants changes), and users stop using old meeting keys for decryption 10 seconds after receiving a newer key, meeting streams are also guaranteed to be relatively recent. Note: Before version 5.13 of the Zoom meetings client, the liveness bounds worsened with the number of leader changes. Despite that, attacking liveness by forcing a high number of leader changes would likely make participants suspicious: the UX notifies users of each leader change, which is not frequent in regular meetings.