Metadata Privacy Beyond Tunneling for Instant Messaging
Paper i proceeding, 2024

Transport layer data leaks metadata unintentionally - such as who communicates with whom. While tools for strong transport layer privacy exist, they have adoption obstacles, including performance overheads incompatible with mobile devices. We posit that by changing the objective of metadata privacy for all traffic, we can open up a new design space for pragmatic approaches to transport layer privacy. As a first step in this direction, we propose using techniques from information flow control and present a principled approach to constructing formal models of systems with metadata privacy for some, deniable, traffic. We prove that deniable traffic achieves metadata privacy against strong adversaries- this constitutes the first bridging of information flow control and anonymous communication to our knowledge. Additionally, we show that existing state-of-the-art protocols can be extended to support metadata privacy, by designing a novel protocol for deniable instant messaging (DenIM), which is a variant of the Signal protocol. To show the efficacy of our approach, we implement and evaluate a proof-of-concept instant messaging system running DenIM on top of unmodified Signal. We empirically show that the DenIM on Signal can maintain low-latency for unmodified Signal traffic without breaking existing features, while at the same time supporting deniable Signal traffic.

anonymous communication

information flow

metadata privacy

Författare

Boel Nelson

Aarhus Universitet

Elena Pagnin

Chalmers, Data- och informationsteknik, Informationssäkerhet

Aslan Askarov

Aarhus Universitet

Proceedings - 9th IEEE European Symposium on Security and Privacy, Euro S and P 2024

697-723
9798350354256 (ISBN)

9th IEEE European Symposium on Security and Privacy, Euro S and P 2024
Vienna, Austria,

Ämneskategorier

Datavetenskap (datalogi)

Datorsystem

DOI

10.1109/EuroSP60621.2024.00044

Mer information

Senast uppdaterat

2024-09-23