{"date_created":"2024-05-23T11:15:39Z","status":"public","date_updated":"2024-05-23T11:20:29Z","doi":"10.1007/978-3-031-54776-8_8","place":"Cham","publication":"Applied Cryptography and Network Security","citation":{"apa":"Heitmann, N., Siewert, H., Moog, S., & Somorovsky, J. (2024). Security Analysis of BigBlueButton and eduMEET. Applied Cryptography and Network Security. https://doi.org/10.1007/978-3-031-54776-8_8","ieee":"N. Heitmann, H. Siewert, S. Moog, and J. Somorovsky, “Security Analysis of BigBlueButton and eduMEET,” Abu Dhabi, 2024, doi: 10.1007/978-3-031-54776-8_8.","chicago":"Heitmann, Nico, Hendrik Siewert, Sven Moog, and Juraj Somorovsky. “Security Analysis of BigBlueButton and EduMEET.” In Applied Cryptography and Network Security. Cham: Springer Nature Switzerland, 2024. https://doi.org/10.1007/978-3-031-54776-8_8.","mla":"Heitmann, Nico, et al. “Security Analysis of BigBlueButton and EduMEET.” Applied Cryptography and Network Security, Springer Nature Switzerland, 2024, doi:10.1007/978-3-031-54776-8_8.","short":"N. Heitmann, H. Siewert, S. Moog, J. Somorovsky, in: Applied Cryptography and Network Security, Springer Nature Switzerland, Cham, 2024.","bibtex":"@inproceedings{Heitmann_Siewert_Moog_Somorovsky_2024, place={Cham}, title={Security Analysis of BigBlueButton and eduMEET}, DOI={10.1007/978-3-031-54776-8_8}, booktitle={Applied Cryptography and Network Security}, publisher={Springer Nature Switzerland}, author={Heitmann, Nico and Siewert, Hendrik and Moog, Sven and Somorovsky, Juraj}, year={2024} }","ama":"Heitmann N, Siewert H, Moog S, Somorovsky J. Security Analysis of BigBlueButton and eduMEET. In: Applied Cryptography and Network Security. Springer Nature Switzerland; 2024. doi:10.1007/978-3-031-54776-8_8"},"_id":"54437","abstract":[{"lang":"eng","text":"Video conferencing systems have become an indispensable part of our world. Using video conferencing systems implies the expectation that online meetings run as smoothly as in-person meetings. Thus, online meetings need to be just as secure and private as in-person meetings, which are secured against disruptive factors and unauthorized persons by physical access control mechanisms.\r\n\r\nTo show the security dangers of conferencing systems and raise general awareness when using these technologies, we analyze the security of two widely used research and education open-source video conferencing systems: BigBlueButton and eduMEET. Because both systems are very different, we analyzed their architectures, considering the respective components with their main tasks, features, and user roles. In the following systematic security analyses, we found 50 vulnerabilities. These include broken access control, NoSQL injection, and denial of service (DoS). The vulnerabilities have root causes of different natures. While BigBlueButton has a lot of complexity due to many components, eduMEET, which is relatively young, focuses more on features than security. The sheer amount of results and the lack of prior work indicate a research gap that needs to be closed since video conferencing systems continue to play a significant role in research, education, and everyday life."}],"user_id":"74619","department":[{"_id":"632"}],"type":"conference","publisher":"Springer Nature Switzerland","conference":{"start_date":"2024-03-05","location":"Abu Dhabi","end_date":"2024-03-08"},"language":[{"iso":"eng"}],"author":[{"full_name":"Heitmann, Nico","last_name":"Heitmann","first_name":"Nico","id":"74619"},{"first_name":"Hendrik","full_name":"Siewert, Hendrik","last_name":"Siewert"},{"first_name":"Sven","full_name":"Moog, Sven","last_name":"Moog"},{"last_name":"Somorovsky","full_name":"Somorovsky, Juraj","id":"83504","orcid":"0000-0002-3593-7720","first_name":"Juraj"}],"publication_status":"published","main_file_link":[{"url":"https://link.springer.com/content/pdf/10.1007/978-3-031-54776-8_8.pdf"}],"title":"Security Analysis of BigBlueButton and eduMEET","year":"2024"}