Periodic Reporting for period 1 - ProPriM (Provable Privacy for Metadata)
Reporting period: 2023-08-01 to 2025-07-31
Metadata, such as who talks to whom, how often and what time, is by default exposed on a network, enabling anyone monitoring the network to collect metadata about connected people, or devices. While defenses exist, they are typically designed to obfuscate that communication took place by hiding network communication. Our insight is that metadata still can leak from the application itself—rendering network protections insufficient. This lack of defenses poses a serious cybersecurity threat: society as a whole is practically defenseless against metadata collection.
Our goal is to design new solutions, called network protocols, to guarantee that metadata is protected during transit. An added challenge of designing these protocols is that they need to be efficient enough for anyone to use—it would be unacceptable to use a protocol that will immediately drain your phone’s battery, and it would also not be acceptable if for example a website took several minutes to load. As a consequence, protocols need to be designed with a suitable trade-off between the protection they offer, and the performance they offer.
Our goal is to design new solutions, called network protocols, to guarantee that metadata is protected during transit. An added challenge of designing these protocols is that they need to be efficient enough for anyone to use—it would be unacceptable to use a protocol that will immediately drain your phone’s battery, and it would also not be acceptable if for example a website took several minutes to load. As a consequence, protocols need to be designed with a suitable trade-off between the protection they offer, and the performance they offer.
We have designed a novel metadata privacy protocol for instant messaging, which we call Deniable Instant Messaging, DenIM for short. DenIM is intended to be used in existing instant messaging platforms, which is why we have designed DenIM as an extension of the popular instant messaging protocol Signal. The Signal protocol provides protection for message contents on its own and provides end-to-end encryption, and is used in apps like WhatsApp, Facebook Messenger, and the Signal app. As a result, our DenIM protocol both enjoys the confidentiality for message content it inherits from Signal, and additionally adds metadata privacy.
To reason about the privacy of our DenIM protocol, we have formally proved that DenIM maintains privacy against a potential attacker both able to listen to network communication and actively communicate with users.
To reason about the privacy of our DenIM protocol, we have formally proved that DenIM maintains privacy against a potential attacker both able to listen to network communication and actively communicate with users.
In our paper “Metadata Privacy beyond Tunneling for Instant Messaging” (EuroS&P’24), we introduce the DenIM protocol, prove its security, and assess its performance. The paper has already received recognition from the scientific community: it was chosen as a runner-up for the distinguished paper award at the conference it was presented at.
Our results include the protocol itself, and we also introduce a new technique to prove security for metadata private protocols. These techniques have previously been used in the domain of programming languages and information flow, but have not been used to reason about metadata privacy in network protocols. The next step is to further the understanding of how generalizable our technique is: can we use it to prove security for any metadata private protocol? Additionally, the DenIM protocol itself has the potential to be impactful for instant messaging platforms, if they decide to offer metadata privacy to their users.
Another insight from designing DenIM is that it is not enough to protect communication on the network layer. Essentially, the communication is merely a symptom of a user’s interaction with an app, the real source of the communication is the user’s behavior. In other words, what we really want to achieve is privacy by hiding a user’s behavior. Our technical insight is that in order to treat the source rather than the symptoms, protocols need to be designed such that they are aware of a user’s behavior—otherwise the protocol cannot determine which information needs to be protected. The next step in this direction is inevitable to design more tailored protocols for metadata privacy, such that all internet communication is possible to hide.
Our results include the protocol itself, and we also introduce a new technique to prove security for metadata private protocols. These techniques have previously been used in the domain of programming languages and information flow, but have not been used to reason about metadata privacy in network protocols. The next step is to further the understanding of how generalizable our technique is: can we use it to prove security for any metadata private protocol? Additionally, the DenIM protocol itself has the potential to be impactful for instant messaging platforms, if they decide to offer metadata privacy to their users.
Another insight from designing DenIM is that it is not enough to protect communication on the network layer. Essentially, the communication is merely a symptom of a user’s interaction with an app, the real source of the communication is the user’s behavior. In other words, what we really want to achieve is privacy by hiding a user’s behavior. Our technical insight is that in order to treat the source rather than the symptoms, protocols need to be designed such that they are aware of a user’s behavior—otherwise the protocol cannot determine which information needs to be protected. The next step in this direction is inevitable to design more tailored protocols for metadata privacy, such that all internet communication is possible to hide.