To Signal or Not to Signal? Layering Traffic Analysis Resistance on Secure Instant Messaging

Traffic analysis for instant messaging (IM) applications continues to pose an important privacy challenge. In particular, transport-level data can leak unintentional information about IM -- such as who communicates with whom. Existing tools for metadata privacy have adoption obstacles, including the risks of being scrutinized for having a particular app installed, and performance overheads incompatible with mobile devices. We posit that resilience to traffic analysis must be directly supported by major IM services themselves, and must be done in a low-latency manner without breaking existing features. As a first step in this direction, we propose a hybrid model that combines regular network traffic and deniable messages. We present a novel protocol for deniable instant messaging that we call DenIM that is a variant of the Signal protocol. DenIM is built on the principle that deniable messages can be incorporated as part of padding in regular traffic. By padding traffic, DenIM achieves bandwidth overhead that scales with the volume of regular traffic, as opposed to scaling with time or the number of users. To show the effectiveness of DenIM, we construct a formal model and prove that DenIM's deniability guarantees hold against strong adversaries such as internet service providers, and implement and empirically evaluate a proof-of-concept version of DenIM.