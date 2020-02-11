Talek’s system and threat model. The researchers assume that the opponent can control all but one of the l servers in the system (here l = 3). Clients send network requests directly to the servers. Adversarial servers are free to collect additional data such as source, type, parameters, time and size of all requests in order to connect users who are likely to communicate with each other. Photo credit: Cheng et al.

Encrypted messaging services that prevent cyber attackers from reading the content of messages exchanged by their users have become increasingly popular in the past decade. While these services hide the content of messages, malicious users can often use network metadata to infer other information, e.g. For example, the identity of the users who exchange messages as they communicate, where their messages are sent, and how much data is transferred between them.

To prevent this and ensure even greater security, researchers from the University of Washington and Carnegie Mellon University have recently developed Talek, a messaging system that hides both the content of messages and general communication patterns between users, including their identities. This new messaging system, which was featured in an article pre-published on arXiv, uses a technique called “Private Information Retrieval” (PIR) to further improve the security of online communications.

The researchers who developed Talek have been studying techniques that can improve data protection and user security on the Internet for several years. In the past, they also worked with Google teams to develop uProxy (now Outline), a private VPN solution.

“More and more of our online communications are encrypted, making it more difficult for opponents to see the content of our statements,” Raymond Cheng, one of the researchers who conducted the study, told TechXplore. “Talek goes one step further and makes it difficult for the same opponents to find out who is talking to whom.”

The new messaging system developed by Cheng and his colleagues enables users to communicate with each other without sharing their identity with the server. This is achieved by hiding information requests in random looking requests.

The execution of the theoretical constructs in the core of Talek’s function traditionally requires considerable computing processes. A key advantage of Talek is that, although it is computationally intensive, it can run efficiently on GPUs. In addition, its unique design allows users to hide ongoing conversations as well as their entire communication pattern.

“Previous work on developing new messaging systems offered either strong security guarantees with prohibitive computing costs or weaker security guarantees with practical performance,” said Cheng. “Our work aims to provide a middle ground that provides strong security guarantees (i.e., a security goal where any two access patterns are indistinguishable between users for the server) with a performance that would satisfy many real messaging workloads. “

To hide user communication patterns, Talek uses a technique known as PIR that securely reads messages from a server without specifying which message was read. However, PIR alone is not enough to create a fully functional messaging service. The researchers therefore added a new component to their system, the so-called “forgotten protocol”.

Talek’s client interface. The client library translates application calls into scheduled messages with parameters and contents of the same size that appear randomly to an opponent. From the point of view of any server, clients behave identically. Photo credit: Cheng et al.

In Talek, message groups essentially share secret protocol handles, which are then used to create a random-looking sequence of addresses. Users can then save the messages they write to others in this order of addresses, much like a digital dead drop. On the other hand, those who receive the messages can read them privately and securely with PIR.

“Compared to existing Mixnet-based systems, we show that we offer a stronger security goal of the indistinguishability of access sequences than security goals based on k-anonymity or differentiated confidentiality, which by definition disclose information,” said Cheng.

Cheng and his colleagues have already created a working Talek prototype with three servers and shown that it can be scaled to support real messaging workloads. With 32,000 active users and an end-to-end latency of 1.7, a throughput of 9,433 messages per second is achieved seconds. In addition, unlike most other private messaging systems, Talek can achieve remarkable performance while ensuring a high level of data protection.

“We are excited about the prospect of offering a messaging service with strict security goals based on distinguishable access patterns and sufficient performance for real messaging workloads,” said Cheng. “We hope these ideas can be applied directly to messaging services to improve user privacy.”

The messaging system has additional functions. For example, users can learn when their private logs and conversations contain new messages without querying them (i.e. continually checking the status of their device).

In the future, Talek could be used to create new secure, discreet, and powerful messaging services that can hide both message content and user metadata. These services can prove to be particularly beneficial for people performing activities that require a high degree of anonymity, e.g. B. investigative journalists and activists.

“Data protection technologies have come a long way, but there are still a number of difficult technical challenges to provide strong security guarantees to the multitude of applications that we rely on every day,” said Cheng. “We look forward to continuing our research into data protection technology technologies.”

More information:

Talek: Private Group Messaging with hidden access patterns. arXiv: 2001.08250 (cs.CR). arxiv.org/abs/2001.08250

