traceback for end to end encrypted messaging
play

Traceback for End-to-End Encrypted Messaging Nirvan Tyagi Ian - PowerPoint PPT Presentation

Oct 16, 2022 •284 likes •1.03k views

Traceback for End-to-End Encrypted Messaging Nirvan Tyagi Ian Miers Tom Ristenpart CCS 2019 1 Setting: End-to-end encrypted (E2EE) messaging Hello Alice Bob Platform 2 Setting: End-to-end encrypted (E2EE) messaging Hello > 2

  1. Traceback for End-to-End Encrypted Messaging Nirvan Tyagi Ian Miers Tom Ristenpart CCS 2019 1

  2. Setting: End-to-end encrypted (E2EE) messaging Hello Alice Bob Platform 2

  3. Setting: End-to-end encrypted (E2EE) messaging Hello > 2 billion users Alice Bob Platform 3

  4. Problem: Viral forwarding of misinformation in E2EE messaging 4

  5. Problem: Viral forwarding of misinformation in E2EE messaging 5

  6. Content moderation for user-driven reports Moderation decision Action taken on User submits report based on content relevant parties 6

  7. Content moderation for user-driven reports Moderation decision Action taken on User submits report based on content relevant parties Combination of machine learning and human review 7

  8. Content moderation for user-driven reports Moderation decision Action taken on User submits report based on content relevant parties Combination of Ban fake/troll accounts machine learning and injecting misinformation human review into network Notify users that have previously shared or received misinformation 8

  9. Content moderation for user-driven reports Moderation decision Action taken on User submits report based on content relevant parties Combination of Ban fake/troll accounts machine learning and injecting misinformation human review into network Report must provide enough information to execute the Notify users that have following steps previously shared or received misinformation 9

  10. E2EE hides information useful for content moderation of misinformation 10

  11. E2EE hides information useful for content moderation of misinformation - Platform doesn’t see message content Message content is encrypted! 11

  12. E2EE hides information useful for content moderation of misinformation - Platform doesn’t see message content - Platform doesn’t see forwarding relationships Message content is encrypted! 12

  13. E2EE hides information useful for content moderation of misinformation - Platform doesn’t see message content - Platform doesn’t see forwarding relationships Forwarding traffic is muddled by other users and other messages Message content is encrypted! 13

  14. [TMR CCS’19] This work: Tracing in E2EE messaging - Message tracing : new cryptographic functionality for user-driven reporting of forwards in E2EE messaging - Path traceback: chain of messages from source to reporter - Tree traceback: entire forwarding tree of messages originating from source Moderation decision Action taken on User submits report based on content relevant parties 14

  15. [TMR CCS’19] This work: Tracing in E2EE messaging - Message tracing : new cryptographic functionality for user-driven reporting of forwards in E2EE messaging - Path traceback: chain of messages from source to reporter - Tree traceback: entire forwarding tree of messages originating from source - Formal confidentiality and accountability security notions for tracing - Implementation and evaluation of practicality Moderation decision Action taken on User submits report based on content relevant parties 15

  16. Prior work: Abuse reporting in E2EE messaging Message franking [FB white paper ’17], [GLR CRYPTO’17], [DGRW CRYPTO’18] 16

  17. Prior work: Abuse reporting in E2EE messaging Message franking [FB white paper ’17], [GLR CRYPTO’17], [DGRW CRYPTO’18] User reports received message to platform ! 17

  18. Prior work: Abuse reporting in E2EE messaging Message franking [FB white paper ’17], [GLR CRYPTO’17], [DGRW CRYPTO’18] User reports received message to platform ! m 18

  19. Prior work: Abuse reporting in E2EE messaging Message franking [FB white paper ’17], [GLR CRYPTO’17], [DGRW CRYPTO’18] Platform learns message and sender, but nothing more about where message came from or where it reached User reports received message to platform ! m 19

  20. [TMR CCS’19] This work: Tracing in E2EE messaging User reports received message to platform ! 20

  21. [TMR CCS’19] This work: Tracing in E2EE messaging - Two constructions for message tracing - Path traceback User reports received message to platform ! m 21

  22. [TMR CCS’19] This work: Tracing in E2EE messaging - Two constructions for message tracing - Path traceback - Tree traceback User reports received message to platform ! m 22

  23. Goal: Act like standard E2EE messaging before report 23

  24. Goal: Act like standard E2EE messaging before report Before report Platform view : encrypted content and metadata (participants, length, and timing) 24

  25. Goal: Act like standard E2EE messaging before report Before report Platform view : encrypted content and metadata (participants, length, and timing) User view : messages they receive or send 25

  26. Goal: Act like standard E2EE messaging before report Before report Platform view : encrypted content and metadata (participants, length, and timing) User view : messages they receive or send m m m User shouldn’t learn forwarding info of received messages 26

  27. Goal: Act like standard E2EE messaging before report Before report Platform view : encrypted content and metadata (participants, length, and timing) User view : messages they receive or send m m ? m User shouldn’t learn forwarding info of received messages 27

  28. Goal: Reveal limited information after report 28

  29. Goal: Reveal limited information after report After report Platform view : message content and forward links of traceback target (e.g. path, tree) ! m 29

  30. Goal: Report consists of accurate information ! m 30

  31. Goal: Report consists of accurate information Trace accountability An honest user cannot be framed for an action they didn’t perform ! m 31

  32. Goal: Report consists of accurate information Trace accountability An honest user cannot be framed for an action they didn’t perform ! m Malicious user can partition trace, but will be blamed as source 32

  33. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie 33

  34. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m E2EE channel 34

  35. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m E2EE channel - E2EE channel that is decoupled from message tracing 35

  36. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m E2EE channel k AB “tracing” key - E2EE channel that is decoupled from message tracing - Unique per-message “tracing” key shared between communication partners 36

  37. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m k AB E2EE channel k AB k AB “tracing” key - E2EE channel that is decoupled from message tracing - Unique per-message “tracing” key shared between communication partners 37

  38. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m k AB E2EE channel k Ø k AB k AB “null pointer” key randomly generated 38

  39. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m k AB E2EE channel k Ø k AB ct AB = Enc( k AB , k Ø ) k AB id AB = F( k AB , m ) 39

  40. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m k AB E2EE channel k Ø k AB ct AB = Enc( k AB , k Ø ) k AB id AB = F( k AB , m ) “encrypted pointer” 40

  41. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m k AB E2EE channel k Ø k AB ct AB = Enc( k AB , k Ø ) k AB id AB = F( k AB , m ) “encrypted pointer” PRF that is also CR (e.g., HMAC) 41

  42. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m k AB E2EE channel k Ø k AB ct AB = Enc( k AB , k Ø ) k AB id AB = F( k AB , m ) Table stored on platform id AB ct AB 42

  43. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m k AB E2EE channel k Ø id AB k AB ct AB = Enc( k AB , k Ø ) k AB id AB = F( k AB , m ) Table stored on platform id AB ct AB 43

  44. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m k AB m E2EE channel k Ø id AB id BC k AB ct AB = Enc( k AB , k Ø ) ct BC = Enc( k BC , k AB ) k AB id AB = F( k AB , m ) id BC = F( k BC , m ) k BC k BC Table stored on platform id AB ct AB id BC ct BC 44

  45. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie m k AB m E2EE channel k Ø id AB id BC k AB ct AB = Enc( k AB , k Ø ) ct BC = Enc( k BC , k AB ) k AB id AB = F( k AB , m ) id BC = F( k BC , m ) k BC k BC Table stored on platform id AB ct AB id BC ct BC 45

  46. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie ! m k AB m E2EE channel k BC m k Ø id AB id BC k AB ct AB = Enc( k AB , k Ø ) ct BC = Enc( k BC , k AB ) k AB id AB = F( k AB , m ) id BC = F( k BC , m ) k BC k BC Table stored on platform id AB ct AB id BC ct BC 46

  47. Path traceback Idea: Linked list of encrypted pointers A lice B ob C harlie ! m k AB m E2EE channel k BC m k Ø id AB id BC k AB ct AB = Enc( k AB , k Ø ) ct BC = Enc( k BC , k AB ) k AB id AB = F( k AB , m ) id BC = F( k BC , m ) k BC k BC Table stored on platform id AB ct AB id BC ct BC F( k BC , m) 47

Recommend

in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University Messaging is Popular 2 Major Effort: E2E-Encrypted Messaging Government surveillance and/or coercion

585 views • 40 slides
Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal Computational, Statistical, Optimal Lior Rotem Gil Segev Hebrew University Major Effort: E2E-Encrypted Messaging Government surveillance and/or coercion

577 views • 32 slides
A Network Coding Approach A Network Coding Approach to IP Traceback Pegah Sattari, Minas Gjokas,

A Network Coding Approach A Network Coding Approach to IP Traceback Pegah Sattari, Minas Gjokas,

A Network Coding Approach A Network Coding Approach to IP Traceback Pegah Sattari, Minas Gjokas, Athina Markopoulou EECS, UC Irvine Outline Outline o Background on Traceback o Background on Traceback o Main idea PPM+NC o Practical PPM+NC

490 views • 28 slides
TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1

TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1

TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1 DISCLAIMER: THIS IS NOT FULLY-BAKED We just fleshed out this idea yesterday, so its hand-wavy. Insufficient analysis has been done. IETF 94 TLS 1.3

886 views • 11 slides
Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
on WhatsApp Kiran Garimella , Dean Eckles 1 WhatsApp Peer to peer messaging platform 1.5

on WhatsApp Kiran Garimella , Dean Eckles 1 WhatsApp Peer to peer messaging platform 1.5

Image based Misinformation on WhatsApp Kiran Garimella , Dean Eckles 1 WhatsApp Peer to peer messaging platform 1.5 Billion monthly active users Multimedia heavy roughly 50% is images and video End-to-end encrypted Image

423 views • 19 slides
Dataflow acceleration of Smith- Waterman with Traceback for high throughput Next Generation

Dataflow acceleration of Smith- Waterman with Traceback for high throughput Next Generation

Dataflow acceleration of Smith- Waterman with Traceback for high throughput Next Generation Sequencing Konstantina Koliogeorgi*, Nils Voss , Sotiria Fytraki , Sotirios Xydis*, Georgi Gaydadjiev , Dimitrios Soudris* * National

174 views • 6 slides
Instant Message Delivery Notification (IMDN) for Common Presence and Instant Messaging (CPIM)

Instant Message Delivery Notification (IMDN) for Common Presence and Instant Messaging (CPIM)

Instant Message Delivery Notification (IMDN) for Common Presence and Instant Messaging (CPIM) Messages draft-burger-sipping-imdn-02 Open Issues Issue 1: Requiring IMDNs to be end-to- end encrypted. Issue 2: Sender keeping state

338 views • 10 slides
YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I

YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I

YOUR MESSAGING ISNT ABOUT YOU 7 Steps to Messaging that Connects Who am I? Why am I here? Hundreds of product launches. Dozens of corporate launches. One top-funded Kickstarter campaign The Tool: The Message Map

655 views • 22 slides
BBM Messaging is the new social media More than 85% of 13-34 year olds use messaging apps every

BBM Messaging is the new social media More than 85% of 13-34 year olds use messaging apps every

BBM Messaging is the new social media More than 85% of 13-34 year olds use messaging apps every day Why 13-34 year olds love messaging 1. Trust Young adults dont trust social networks 2. Intimacy They want to be able to share

465 views • 34 slides
Three classes based model of traceback system between ASs IETF59th Korea INCH-WG Toshifumi Kai

Three classes based model of traceback system between ASs IETF59th Korea INCH-WG Toshifumi Kai

Three classes based model of traceback system between ASs IETF59th Korea INCH-WG Toshifumi Kai (kai@trc.mew.co.jp), Hiroshige Nakatani (nakatani@trc.mew.co.jp) Naohiro Fukuda(fukuda@trc.mew.co.jp) Matsushita Electric Works, Ltd. Akira

157 views • 11 slides
Challenges With Building End-to-End Encrypted Challenges With Building End-to-End Encrypted

Challenges With Building End-to-End Encrypted Challenges With Building End-to-End Encrypted

Challenges With Building End-to-End Encrypted Challenges With Building End-to-End Encrypted Applications Learnings From Etesync Applications Learnings From Etesync stosb.com/talks Tom Hacohen tom@stosb.com FOSDEM 2019 @TomHacohen

361 views • 32 slides
Using Messaging Protocols to Build Mobile and Web Applications Jeff Mesnil Jeff Mesnil

Using Messaging Protocols to Build Mobile and Web Applications Jeff Mesnil Jeff Mesnil

Using Messaging Protocols to Build Mobile and Web Applications Jeff Mesnil Jeff Mesnil Software Engineer at Red Hat Core developer on WildFly Application Server, lead for its messaging component Developed messaging brokers (HornetQ,

965 views • 82 slides
SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel

SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel

SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel Solutions What are we covering off today? Who we are - communigator relationship Power of using SMS What does good look like? What is

342 views • 19 slides
STRATEGIC STRATEGIC MESSAGING MESSAGING BUILDING A BETTER CORE PITCH TORYTELLING FOR STARTUPS:

STRATEGIC STRATEGIC MESSAGING MESSAGING BUILDING A BETTER CORE PITCH TORYTELLING FOR STARTUPS:

STRATEGIC STRATEGIC MESSAGING MESSAGING BUILDING A BETTER CORE PITCH TORYTELLING FOR STARTUPS: Andy Raskin Andy Raskin Strategic Messaging & Positioning Strategic Messaging & Positioning http://andyraskin.com The great

690 views • 45 slides
Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONEs Security Anders Dalskov

Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONEs Security Anders Dalskov

Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONEs Security Anders Dalskov Claudio Orlandi Aarhus University RWC 2018 Agenda I A Threat Model for Encrypted Cloud Storage (ECS). I A high-level look into a modern ECS service

770 views • 47 slides
Garrett Robinson and Yan Zhu Real World Crypto 2015 Goal i dunno how to PGP [encrypted]

Garrett Robinson and Yan Zhu Real World Crypto 2015 Goal i dunno how to PGP [encrypted]

Garrett Robinson and Yan Zhu Real World Crypto 2015 Goal i dunno how to PGP [encrypted] [encrypted] Who uses it? https://freedom.press/securedrop/directory Threat Model Assets Sources identity Confidentiality & integrity

782 views • 35 slides
BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha

BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha

BETTER MESSAGING, FTF Conference BETTER MARKETING 2014 Julia Wilber Dr. Anupama Pasricha Introduction Messaging Matters OUTLINE Research Observations Recommendations Small Group Discussion Large Group Q&A Introduction Messaging

580 views • 25 slides
Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical Order-Revealing Encryption Nate Chenette ICERM conference on Encrypted Search June 12, 2019 Project Background Baffle Inc. https://baffle.io/

407 views • 23 slides
Todays topics Trevor Perrier, SMS Computing and Global Health Phone messaging Lecture

Todays topics Trevor Perrier, SMS Computing and Global Health Phone messaging Lecture

2/11/2015 Todays topics Trevor Perrier, SMS Computing and Global Health Phone messaging Lecture 6 Messaging technologies Patient Support Example Projects Messaging studies Winter 2015 Adherence Richard Anderson

765 views • 7 slides
Encrypted DNS Privacy? A Traffic Analysis Perspective Sandra Siby, Marc Juarez, Claudia

Encrypted DNS Privacy? A Traffic Analysis Perspective Sandra Siby, Marc Juarez, Claudia

Encrypted DNS Privacy? A Traffic Analysis Perspective Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, Carmela Troncoso NDSS, 25 February 2020 Encrypted DNS > Privacy? Can encrypting DNS protect users from tra ffi

533 views • 40 slides
Key Messaging Exploration Talking about trueU and communicating with trueU members Why was this

Key Messaging Exploration Talking about trueU and communicating with trueU members Why was this

Key Messaging Exploration Talking about trueU and communicating with trueU members Why was this document created? Establish messaging consistencynow and in the future Help trueU partners/vendors align with the brand Understand the

598 views • 43 slides
100% Encrypted Web New Challenges for TLS Kirk Hall Dir Policy & Compliance, Certificate

100% Encrypted Web New Challenges for TLS Kirk Hall Dir Policy & Compliance, Certificate

#RSAC P D AC-W10 SESSION ID: SESSION ID: 100% Encrypted Web New Challenges for TLS Kirk Hall Dir Policy & Compliance, Certificate Services Entrust Datacard #RSAC We are moving toward a 100% encrypted web but can we get it right?

857 views • 58 slides
Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security

Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security

Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security (600/650.624) Introduction Searching usually done over plaintext But what if we could search encrypted data? Bloom Filters Efficient

459 views • 30 slides

More recommend