Strong Anonymity for Mesh Messaging

by   Neil Perry, et al.

Messaging systems built on mesh networks consisting of smartphones communicating over Bluetooth have been used by protesters around the world after governments have disrupted Internet connectivity. Unfortunately, existing systems have been shown to be insecure; most concerningly by not adequately hiding metadata. This is further complicated by the fact that wireless communication such as Bluetooth is inherently a broadcasting medium. In this paper, we present a new threat model that captures the security requirements of protesters in this setting. We then provide a solution that satisfies the required security properties, hides all relevant metadata, scales to moderately sized protests, and supports group messaging. This is achieved by broadcasting all messages in a way that limits the overhead of duplicate messages, ensuring that ciphertexts do not leak metadata, and limiting what can be learned by observing user behavior. We also build a model of our system and numerically evaluate it to support our claims and analyze how many users it supports. Finally, we discuss further extensions that remove potential bottlenecks in scaling and support substantially more users.


page 1

page 2

page 3

page 4


Zephyr: Hiding Metadata in a Messaging System

Private messaging over internet related services is difficult to impleme...

Talek: Private Group Messaging with Hidden Access Patterns

Talek is a private group messaging system that sends messages through po...

A low-overhead approach for self-sovereign identity in IoT

We present a low-overhead mechanism for self-sovereign identification an...

With a Little Help from My Friends: Transport Deniability for Instant Messaging

Traffic analysis for instant messaging (IM) applications continues to po...

EHAP-ORAM: Efficient Hardware-Assisted Persistent ORAM System for Non-volatile Memory

Oblivious RAM (ORAM) protected access pattern is essential for secure NV...

Please sign up or login with your details

Forgot password? Click here to reset