What's a Little Leakage Between Friends?

Angel, Sebastian; Lazar, David; Tzialla, Ioanna

doi:10.1145/3267323.3268958

Cited by 4 publications

(5 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We focus on the global adversary threat model as that is the real-world adversary to combat today in the context of MPCS. We include systems that are secure even when a client's correspondent is adversarial and those that are not [6].…”

Section: Metadata-protecting Communication Systems (Mpcs)mentioning

confidence: 99%

“…Atom uses the square network by Håstad [34], which can permute 𝑚 elements using √ 𝑚 nodes with each shuffling √ 𝑚 ciphertexts and connects to √ 𝑚 nodes in the subsequent layer. 6 In Atom each logical server in this network is realized by a group of physical servers such that the anytrust assumption holds over the group. The number of servers in each group is tuned to ensure that given the total number of servers, and knowledge that up to a bounded fraction of them can be malicious, at least one server in each group should be honest with very high probability.…”

Section: Mixnet Based Systemsmentioning

confidence: 99%

“…They assume honesty of a particular server (as opposed to any one server of a pool like anytrust), and the defence fails if that server is adversarial. This leads us to use the term heuristic security 6. This network only requires constant iterations of mixing to produce a near-uniform random permutation, and in their work they use 10 iterations of mixing.…”

mentioning

confidence: 99%

See 2 more Smart Citations

SoK: Metadata-Protecting Communication Systems

Sasy,

Goldberg

2024

PoPETs

View full text Add to dashboard Cite

Protecting metadata of communications has been an area of active research since the dining cryptographers problem was introduced by David Chaum in 1988. The Snowden revelations from 2013 resparked research in this direction. Consequently over the last decade we have witnessed a flurry of novel systems designed to protect metadata of users' communications online. However, such systems leverage different assumptions and design choices to achieve their goal; resulting in a scattered view of the desirable properties, potential vulnerabilities, and limitations of existing metadata-protecting communication systems (MPCS). In this work we survey 31 systems targeting metadata-protected communications, and present a unified view of the current state of affairs. We provide two different taxonomies for existing MPCS, first into four different categories by the precise type of metadata protections they offer, and next into six families based on the core techniques that underlie them. By contrasting these systems we identify potential vulnerabilities, as well as subtle privacy implications of design choices of existing MPCS. Furthermore, we identify promising avenues for future research for MPCS, and desirable properties that merit more attention.

show abstract

Section: Metadata-protecting Communication Systems (Mpcs)mentioning

confidence: 99%

Section: Mixnet Based Systemsmentioning

confidence: 99%

See 1 more Smart Citation

SoK: Metadata-Protecting Communication Systems

Sasy,

Goldberg

2024

PoPETs

View full text Add to dashboard Cite

show abstract

“…Prior works on MPMs have shown that the proposed contact discovery, add-friend, dialing, and conversation protocols are secure and leak little information (negligible or bounded) on their own, but surprisingly, none had carefully looked at their composition. Indeed, recent work by Angel et al [9] shows that existing dialing and communication protocols do not actually compose in the presence of compromised friends. The reason is that the number of communication channels (k) is usually smaller than the number of friends that could dial the user at any one time.…”

Section: A Channel Allocation Can Leak Informationmentioning

confidence: 99%

“…This is significant because MPMs are designed precisely to avoid side-channel attacks. In particular, Angel et al [9] show that these systems are secure only if none of the contacts with whom a user communicates are compromised by an adversary; otherwise, compromised contacts can learn information about the user's other conversations. We expand on Angel et al's observation in Section II, and show that it is an instance of an allocation-based side-channel attack.…”

Section: Introductionmentioning

confidence: 99%

Private resource allocators and their applications

Angel

Kannan

Ratliff

2020

2020 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

This paper introduces a new cryptographic primitive called a private resource allocator (PRA) that can be used to allocate resources (e.g., network bandwidth, CPUs) to a set of clients without revealing to the clients whether any other clients received resources. We give several constructions of PRAs that provide guarantees ranging from information-theoretic to differential privacy. PRAs are useful in preventing a new class of attacks that we call allocation-based side-channel attacks. These attacks can be used, for example, to break the privacy guarantees of anonymous messaging systems that were designed specifically to defend against side-channel and traffic analysis attacks. Our implementation of PRAs in Alpenhorn, which is a recent anonymous messaging system, shows that PRAs increase the network resources required to start a conversation by up to 16× (can be made as low as 4× in some cases), but add no overhead once the conversation has been established.

show abstract