Description
Billions of messages are sent through messaging services like WhatsApp,
Facebook Messenger and Signal every day. While popular services protect
the content of messages through end-to-end encryption, such protection
often does not cover metadata like timestamps and IP addresses. Metadata
can reveal sensitive information about users, including routines, social
networks, and locations, which poses serious risks, especially for
vulnerable groups like activists and minorities. In this thesis, we
study the anonymizing wrapper introduced by Bienstock et al. at CCS 2023
which removes metadata from the communication of existing messaging
protocols, thereby making the communication anonymous. We first use
game-based definitions to formally capture and prove that the exchanged
ciphertexts of the construction by Bienstock et al. are anonymous in
two-party communication. We then analyze the sender and receiver state
in this construction and find that the states reveal information about
which messages were processed. To minimize the metadata leakage even
when the communicating parties are compromised, we propose a refined
construction which contains less structured data in the sender and
receiver state. Finally, we develop a simulation-based definition to
describe the security guarantees of the updated construction.
|
