Yodel: Strong Metadata Security for Real-Time Voice Calls David Lazar , Yossi Gilad, Nickolai Zeldovich MIT CSAIL � 1
Metadata is data that can’t be encrypted src/dst msg size Chat Service sent time � 2
What can you learn from metadata? Bob Alice Carol Huawei Executive Dan Guardian Saudi Dissident Erin NYT Passive Network Fred Adversary � 3
Security goal: hide who is talking to whom ? ? ? Passive Network Active Network Adversary Adversary � 4
Performance goal: sub-second latency × millions < 1s � 5
Prior work doesn’t meet goals Passive attacks Active attacks Performance Pung [OSDI 2016] Karaoke [OSDI 2018] Di ff erential privacy 7s Herd [SIGCOMM 2015] Trusted server � 6
Contributions Yodel: the first system for real-time voice calls with • Strong protection against passive & active attacks • Distributed trust (any-trust or fractional trust) • Sub-second latency for 5M users with 100 servers Two key insights • Self-healing circuits & Guarded circuit exchange � 7
Mixnets hide who sent which message Onion-encrypted Message x x y x x y y y Server 1 Server 2 Server 3 � 8
Mixing is expensive: public key operation for each message at every hop gx gx gx gx gx gx gx gx gx Server 1 Server 2 Server 3 � 9
Yodel’s mixnet: send public key onions to setup symmetric key circuits Circuit setup onion � 10
Circuit messaging ⨁ ⨁ ⨁ ⨁ ⨁ ⨁ ⨁ ⨁ ⨁ Server 1 Server 2 Server 3 = circuit (symmetric key) onion � 11
Challenge: attacker has many chances to learn shuffle of honest server! ! ! Server 1 Server 2 Server 3 � 12
Yodel’s key insight: self-healing circuits Server 1 Server 2 Server 3 � 13
Yodel round steps 1 3 Users establish circuits Users connect to circuits x Mixnet y 4 Users send voice packets = random string 2 Users exchange circuits y x External Messaging Service � 14
Evaluation Does Yodel achieve low latency for large numbers of users? Does Yodel o ff er acceptable voice quality? � 15
Yodel achieves sub-second latency for 5M users 1.6s Voice packet latency 100 servers, US & EU 1.4s 1.2s 1.0s 0.8s 0.6s 0 2M 4M 6M 8M Number of users � 16
Yodel achieves acceptable voice quality • Joanna and I had a short conversation over Yodel, with 5M other “users” actively using the system • She ran Yodel over her laptop speakers and recorded the convo with her phone • (phone records her voice directly) • Some latency (~1s) is due to us waiting to not talk over each other � 17
Pre-recorded demo � 18
Conclusion Yodel: the first system for real-time voice calls with • Strong metadata privacy (against passive & active attacks) • Distributed trust (any-trust or fractional trust) • Sub-second latency for 5M users with 100 servers Full paper and code coming soon: • vuvuzela.io • davidlazar.org
Recommend
More recommend
