What's a little leakage between friends?

09/01/2018
by   Sebastian Angel, et al.
0

This paper introduces a new attack on recent messaging systems that protect communication metadata. The main observation is that if an adversary manages to compromise a user's friend, it can use this compromised friend to learn information about the user's other ongoing conversations. Specifically, the adversary learns whether a user is sending other messages or not, which opens the door to existing intersection and disclosure attacks. To formalize this compromised friend attack, we present an abstract scenario called the exclusive call center problem that captures the attack's root cause, and demonstrates that it is independent of the particular design or implementation of existing metadata-private messaging systems. We then introduce a new primitive called a private answering machine that can prevent the attack. Unfortunately, building a secure and efficient instance of this primitive under only computational hardness assumptions does not appear possible. Instead, we give a construction under the assumption that users can place a bound on their maximum number of friends and are okay leaking this information.

READ FULL TEXT
research
10/23/2019

Zephyr: Hiding Metadata in a Messaging System

Private messaging over internet related services is difficult to impleme...
research
01/28/2022

Function Computation Without Secure Links: Information and Leakage Rates

Consider L users, who each holds private data, and one fusion center who...
research
04/23/2020

Measuring Information Leakage in Non-stochastic Brute-Force Guessing

We propose an operational measure of information leakage in a non-stocha...
research
11/18/2020

Privacy Leakage of Real-World Vertical Federated Learning

Federated learning enables mutually distrusting participants to collabor...
research
05/16/2018

Privacy Preservation in Location-Based Services: A Novel Metric and Attack Model

Recent years have seen rising needs for location-based services in our e...
research
03/30/2019

PILOT: Password and PIN Information Leakage from Obfuscated Typing Videos

This paper studies leakage of user passwords and PINs based on observati...
research
04/29/2019

Typer vs. CAPTCHA: Private information based CAPTCHA to defend against crowdsourcing human cheating

Crowdsourcing human-solving or online typing attacks are destructive pro...

Please sign up or login with your details

Forgot password? Click here to reset