Metadata Privacy Beyond Tunneling for Instant Messaging
Paper in proceeding, 2024

Transport layer data leaks metadata unintentionally - such as who communicates with whom. While tools for strong transport layer privacy exist, they have adoption obstacles, including performance overheads incompatible with mobile devices. We posit that by changing the objective of metadata privacy for all traffic, we can open up a new design space for pragmatic approaches to transport layer privacy. As a first step in this direction, we propose using techniques from information flow control and present a principled approach to constructing formal models of systems with metadata privacy for some, deniable, traffic. We prove that deniable traffic achieves metadata privacy against strong adversaries- this constitutes the first bridging of information flow control and anonymous communication to our knowledge. Additionally, we show that existing state-of-the-art protocols can be extended to support metadata privacy, by designing a novel protocol for deniable instant messaging (DenIM), which is a variant of the Signal protocol. To show the efficacy of our approach, we implement and evaluate a proof-of-concept instant messaging system running DenIM on top of unmodified Signal. We empirically show that the DenIM on Signal can maintain low-latency for unmodified Signal traffic without breaking existing features, while at the same time supporting deniable Signal traffic.

anonymous communication

information flow

metadata privacy

Author

Boel Nelson

Aarhus University

Elena Pagnin

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Aslan Askarov

Aarhus University

Proceedings - 9th IEEE European Symposium on Security and Privacy, Euro S and P 2024

697-723
9798350354256 (ISBN)

9th IEEE European Symposium on Security and Privacy, Euro S and P 2024
Vienna, Austria,

Subject Categories

Computer Science

Computer Systems

DOI

10.1109/EuroSP60621.2024.00044

More information

Latest update

9/23/2024