In our paper “Metadata Privacy beyond Tunneling for Instant Messaging” (EuroS&P’24), we introduce the DenIM protocol, prove its security, and assess its performance. The paper has already received recognition from the scientific community: it was chosen as a runner-up for the distinguished paper award at the conference it was presented at.
Our results include the protocol itself, and we also introduce a new technique to prove security for metadata private protocols. These techniques have previously been used in the domain of programming languages and information flow, but have not been used to reason about metadata privacy in network protocols. The next step is to further the understanding of how generalizable our technique is: can we use it to prove security for any metadata private protocol? Additionally, the DenIM protocol itself has the potential to be impactful for instant messaging platforms, if they decide to offer metadata privacy to their users.
Another insight from designing DenIM is that it is not enough to protect communication on the network layer. Essentially, the communication is merely a symptom of a user’s interaction with an app, the real source of the communication is the user’s behavior. In other words, what we really want to achieve is privacy by hiding a user’s behavior. Our technical insight is that in order to treat the source rather than the symptoms, protocols need to be designed such that they are aware of a user’s behavior—otherwise the protocol cannot determine which information needs to be protected. The next step in this direction is inevitable to design more tailored protocols for metadata privacy, such that all internet communication is possible to hide.