Traffic analysis for instant messaging (IM) applications continues to pose an important privacy challenge. In particular, transport-level data can leak unintentional information about IM -- such as who communicates with whom. Existing tools for metadata privacy have adoption obstacles, including the risks of being scrutinized for having a particular app installed, and performance overheads incompatible with mobile devices. We posit that resilience to traffic analysis must be directly supported by major IM services themselves, and must be done in a low-cost manner without breaking existing features. As a first step in this direction, we propose a hybrid messaging model that combines regular and deniable messages. We present a novel protocol for deniable instant messaging, which we call DenIM. DenIM is built on the principle that deniable messages can be made indistinguishable from regular messages with a little help from a user's friends. Deniable messages' network traffic can then be explained by a plausible cover story. DenIM achieves overhead proportional to the messages sent, as opposed to scaling with time or number of users. To show the effectiveness of DenIM, we implement a trace simulator, and show that DenIM's deniability guarantees hold against strong adversaries such as internet service providers.
翻译:用于即时信息(IM)应用的交通流量分析仍是一项重要的隐私挑战。 特别是, 运输层面的数据可以泄漏关于IM的无意信息, 比如谁与谁沟通。 元数据隐私的现有工具存在一些障碍, 包括被检查安装特定应用程序的风险, 和与移动设备不兼容的性能管理器。 我们假设对交通流量分析的复原力必须直接得到主要IM服务本身的支持, 并且必须以低成本方式完成, 而不是打破现有功能。 作为这个方向的第一步, 我们提议了一个混合信息发送模式, 将常规和可销信息结合起来。 我们为可销性即时信息提出了一个新颖的协议, 我们称之为 DenIM。 DenIM 是建立在这样的原则之上的, 即:在用户朋友的微小帮助下, 可将可销性信息与常规信息分割不相容。 可读的信息的网络流量可以用一个可信的封面故事来解释。 DenIM 实现了与发送的信息相对称是高的, 而不是与时间或数量相仿的用户比例。 为了显示 DenIM 的有效性, 我们实施一个追踪的Simulator, 并显示Dennialable practable practable spractable serable serable servilence serviews) 。
相关内容
微信扫码咨询专知VIP会员