Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/3548606.3560679acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

How to Hide MetaData in MLS-Like Secure Group Messaging: Simple, Modular, and Post-Quantum

Published: 07 November 2022 Publication History

Abstract

Secure group messaging (SGM) protocols allow large groups of users to communicate in a secure and asynchronous manner. In recent years, continuous group key agreements (CGKAs) have provided a powerful abstraction to reason on the security properties we expect from SGM protocols. While robust techniques have been developed to protect the contents of conversations in this context, it is in general more challenging to protect metadata (e.g. the identity and social relationships of group members), since their knowledge is often needed by the server in order to ensure the proper function of the SGM protocol.
In this work, we provide a simple and generic wrapper protocol that upgrades non-metadata-hiding CGKAs into metadata-hiding CGKAs. Our key insight is to leverage the existence of a unique continuously evolving group secret key shared among the group members. We use this key to perform a group membership authentication protocol that convinces the server in an anonymous manner that a user is a legitimate group member. Our technique only uses a standard signature scheme, and thus, the wrapper protocol can be instantiated from a wide range of assumptions, including post-quantum ones. It is also very efficient, as it increases the bandwidth cost of the underlying CGKA operations by at most a factor of two.
To formally prove the security of our protocol, we use the universal composability (UC) framework and model a new ideal functionality ℱmhCGKA capturing the correctness and security guarantee of metadata-hiding CGKA. To capture the above intuition of a "wrapper'' protocol, we also define a restricted ideal functionality ℱctxt CGKA, which roughly captures a non-metadata-hiding CGKA. We then show that our wrapper protocol UC-realizes ℱmhCGKA in the ℱctxtCGKA -hybrid model, which in particular formalizes the intuition that any non-metadata-hiding CGKA can be modularly bootstrapped into metadata-hiding CGKA.

References

[1]
[n.d.]. Orbot: Proxy with Tor. https://guardianproject.info/apps/org.torproject. android/ https://guardianproject.info/apps/org.torproject.android/.
[2]
2018. Technology preview: Sealed sender for Signal. https://signal.org/blog/ sealed-sender/ https://signal.org/blog/sealed-sender/.
[3]
2019. Technology Preview: Signal Private Group System. https://signal.org/ blog/signal-private-group-system/ https://signal.org/blog/signal-private-group-system/.
[4]
Joël Alwen, Benedikt Auerbach, Miguel Cueto Noval, Karen Klein, Guillermo Pascual-Perez, Krzysztof Pietrzak, and Michael Walter. 2022. CoCoA: Concurrent Continuous Group Key Agreement. To appear at EUROCRYPT 2022. https: //www.iacr.org/cryptodb/data/paper.php?pubkey=31956.
[5]
Joël Alwen, Sandro Coretti, and Yevgeniy Dodis. 2019. The Double Ratchet: Security Notions, Proofs, and Modularization for the Signal Protocol. In EURO- CRYPT 2019, Part I (LNCS, Vol. 11476), Yuval Ishai and Vincent Rijmen (Eds.). Springer, Heidelberg, 129--158. https://doi.org/10.1007/978-3-030-17653-2_5
[6]
Joël Alwen, Sandro Coretti, Yevgeniy Dodis, and Yiannis Tselekounis. 2020. Secu- rity Analysis and Improvements for the IETF MLS Standard for Group Messaging. In CRYPTO 2020, Part I (LNCS, Vol. 12170), Daniele Micciancio and Thomas Ristenpart (Eds.). Springer, Heidelberg, 248--277. https://doi.org/10.1007/978-3-030-56784-2_9
[7]
Joël Alwen, Sandro Coretti, Yevgeniy Dodis, and Yiannis Tselekounis. 2021. Mod- ular Design of Secure Group Messaging Protocols and the Security of MLS. In ACM CCS 2021, Giovanni Vigna and Elaine Shi (Eds.). ACM Press, 1463--1483. https://doi.org/10.1145/3460120.3484820
[8]
Joël Alwen, Sandro Coretti, Daniel Jost, and Marta Mularczyk. 2020. Continuous Group Key Agreement with Active Security. In TCC 2020, Part II (LNCS, Vol. 12551), Rafael Pass and Krzysztof Pietrzak (Eds.). Springer, Heidelberg, 261--290. https: //doi.org/10.1007/978-3-030-64378-2_10
[9]
Joël Alwen, Dominik Hartmann, Eike Kiltz, and Marta Mularczyk. 2021. Server- Aided Continuous Group Key Agreement. Cryptology ePrint Archive, Report 2021/1456. https://eprint.iacr.org/2021/1456.
[10]
Joël Alwen, Daniel Jost, and Marta Mularczyk. 2020. On The Insider Security of MLS. Cryptology ePrint Archive, Report 2020/1327. https://eprint.iacr.org/2020/ 1327.
[11]
Richard Barnes, Benjamin Beurdouche, Jon Millican, Emad Omara, Katriel Cohn- Gordon, and Raphael Robert. 2022. The Messaging Layer Security (MLS) Protocol. Internet-Draft draft-ietf-mls-protocol-13. Internet Engineering Task Force. https: //datatracker.ietf.org/doc/html/draft-ietf-mls-protocol-13 Work in Progress.
[12]
Karthikeyan Bhargavan, Richard Barnes, and Eric Rescorla. 2018. TreeKEM: Asynchronous Decentralized Key Management for Large Dynamic Groups A protocol proposal for Messaging Layer Security (MLS). Research Report. Inria Paris. https: //hal.inria.fr/hal-02425247
[13]
Karthikeyan Bhargavan, Benjamin Beurdouche, and Prasad Naldurg. 2019. Formal Models and Verified Protocols for Group Messaging: Attacks and Proofs for IETF MLS. Research Report. Inria Paris. https://hal.inria.fr/hal-02425229
[14]
Thomas Brewster. 2022. Meet The Secretive Surveillance Wizards Help- ing The FBI And ICE Wiretap Facebook And Google Users. Forbes. https://www.forbes.com/sites/thomasbrewster/2022/02/23/meet-the-secretive-surveillance-wizards-helping-the-fbi-and-ice-wiretap-facebook-and-google- users/.
[15]
Chris Brzuska, Eric Cornelissen, and Konrad Kohbrok. 2021. Cryptographic Security of the MLS RFC, Draft 11. Cryptology ePrint Archive, Report 2021/137. https://eprint.iacr.org/2021/137.
[16]
Ran Canetti, Uriel Feige, Oded Goldreich, and Moni Naor. 1996. Adaptively Secure Multi-Party Computation. In 28th ACM STOC. ACM Press, 639--648. https: //doi.org/10.1145/237814.238015
[17]
Bjorn Carey. 2015. Stanford computer scientists show telephone metadata can reveal surprisingly sensitive personal information. https://news.stanford.edu/2016/05/16/stanford-computer-scientists-show-telephone-metadata-can-reveal-surprisingly-sensitive-personal-information/.
[18]
Melissa Chase, Sarah Meiklejohn, and Greg Zaverucha. 2014. Algebraic MACs and Keyed-Verification Anonymous Credentials. In ACM CCS 2014, Gail-Joon Ahn, Moti Yung, and Ninghui Li (Eds.). ACM Press, 1205--1216. https://doi.org/ 10.1145/2660267.2660328
[19]
Melissa Chase, Trevor Perrin, and Greg Zaverucha. 2020. The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption. In ACM CCS 2020, Jay Ligatti, Xinming Ou, Jonathan Katz, and Giovanni Vigna (Eds.). ACM Press, 1445--1459. https://doi.org/10.1145/3372297.3417887
[20]
David Chaum. 1982. Blind Signatures for Untraceable Payments. In CRYPTO'82, David Chaum, Ronald L. Rivest, and Alan T. Sherman (Eds.). Plenum Press, New York, USA, 199--203.
[21]
Benny Chor, Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan. 1995. Private Information Retrieval. In 36th FOCS. IEEE Computer Society Press, 41--50. https: //doi.org/10.1109/SFCS.1995.492461
[22]
Katriel Cohn-Gordon, Cas Cremers, Benjamin Dowling, Luke Garratt, and Douglas Stebila. 2017. A Formal Security Analysis of the Signal Messaging Protocol. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P). 451--466. https://doi.org/10.1109/EuroSP.2017.27
[23]
Katriel Cohn-Gordon, Cas Cremers, Luke Garratt, Jon Millican, and Kevin Milner. 2018. On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees. In ACM CCS 2018, David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang (Eds.). ACM Press, 1802--1819. https://doi.org/10. 1145/3243734.3243747
[24]
Katriel Cohn-Gordon, Cas J. F. Cremers, and Luke Garratt. 2016. On Post- compromise Security. In CSF 2016 Computer Security Foundations Symposium, Michael Hicks and Boris Köpf (Eds.). IEEE Computer Society Press, 164--178. https://doi.org/10.1109/CSF.2016.19
[25]
Roger Dingledine, Nick Mathewson, and Paul F. Syverson. 2004. Tor: The Second- Generation Onion Router. In USENIX Security 2004, Matt Blaze (Ed.). USENIX Association, 303--320.
[26]
Ola Flisbäck. 2015. Stalking anyone on Telegram. https://oflisback.github.io/ telegram-stalking/.
[27]
Keitaro Hashimoto, Shuichi Katsumata, Eamonn Postlethwaite, Thomas Prest, and Bas Westerbaan. 2021. A Concrete Treatment of Efficient Continuous Group Key Agreement via Multi-Recipient PKEs. In ACM CCS 2021, Giovanni Vigna and Elaine Shi (Eds.). ACM Press, 1441--1462. https://doi.org/10.1145/3460120.3484817
[28]
Keitaro Hashimoto, Shuichi Katsumata, Eamonn Postlethwaite, Thomas Prest, and Bas Westerbaan. 2021. A Concrete Treatment of Efficient Continuous Group Key Agreement via Multi-Recipient PKEs. Cryptology ePrint Archive, Report 2021/1407. https://eprint.iacr.org/2021/1407.
[29]
Keitaro Hashimoto, Shuichi Katsumata, and Thomas Prest. 2022. How to Hide MetaData in MLS-Like Secure Group Messaging: Simple, Modular, and Post-Quantum. Cryptology ePrint Archive. Full version - https://eprint.iacr.org/2022.
[30]
Andreas Hulsing, Daniel J. Bernstein, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag, Panos Kampanakis, Stefan Kolbl, Tanja Lange, Martin M Lauridsen, Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, Peter Schwabe, Jean-Philippe Aumasson, Bas Westerbaan, and Ward Beullens. 2020. SPHINCS. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum- cryptography/round-3-submissions.
[31]
Shuichi Katsumata, Kris Kwiatkowski, Federico Pintore, and Thomas Prest. 2020. Scalable Ciphertext Compression Techniques for Post-quantum KEMs and Their Applications. In ASIACRYPT 2020, Part I (LNCS, Vol. 12491), Shiho Moriai and Huaxiong Wang (Eds.). Springer, Heidelberg, 289--320. https://doi.org/10.1007/ 978-3-030-64837-4_10.
[32]
Karen Klein, Guillermo Pascual-Perez, Michael Walter, Chethan Kamath, Margarita Capretto, Miguel Cueto, Ilia Markov, Michelle Yeo, Joël Alwen, and Krzysztof Pietrzak. 2021. Keep the Dirt: Tainted TreeKEM, Adaptively and Actively Secure Continuous Group Key Agreement. In 2021 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 268--284. https://doi.org/10. 1109/SP40001.2021.00035
[33]
Andy Kroll. 2021. FBI Document Says the Feds Can Get Your WhatsApp Data - in Real Time. Rolling Stone. https://www.rollingstone.com/politics/politics-features/whatsapp-imessage-facebook-apple-fbi-privacy-1261816/.
[34]
Kaoru Kurosawa. 2002. Multi-recipient Public-Key Encryption with Shortened Ciphertext. In PKC 2002 (LNCS, Vol. 2274), David Naccache and Pascal Paillier (Eds.). Springer, Heidelberg, 48--63. https://doi.org/10.1007/3-540-45664-3_4
[35]
Vadim Lyubashevsky, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, Damien Stehlé, and Shi Bai. 2020. CRYSTALS-DILITHIUM. Technical Report. National Institute of Standards and Technology. available at https: //csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions.
[36]
Moxie Marlinspike and Trevor Perrin. 2016. The double ratchet algorithm. https://signal.org/docs/specifications/doubleratchet/ https://signal.org/docs/ specifications/doubleratchet/.
[37]
Ian Martiny, Gabriel Kaptchuk, Adam Aviv, Dan Roche, and Eric Wustrow. 2021. Improving Signal's sealed sender. (2021). To appear at NDSS 2021.
[38]
Susan E. McGregor, Polina Charters, Tobin Holliday, and Franziska Roesner. 2015. Investigating the Computer Security Practices and Needs of Journalists. In USENIX Security 2015, Jaeyeon Jung and Thorsten Holz (Eds.). USENIX Association, 399--414.
[39]
Susan E. McGregor, Franziska Roesner, and Kelly Caine. 2016. Individual versus Organizational Computer Security and Privacy Concerns in Journalism. PoPETs 2016, 4 (Oct. 2016), 418--435. https://doi.org/10.1515/popets-2016-0048
[40]
Vaishnavi Krishna Mohan. 2021. Whats App's New Privacy Policy: Collect- ing Metadata and Its Implications. https://www.globalviews360.com/articles/whatsapps-new-privacy-policy-collecting-metadata-and-its-implications.
[41]
Ben Morris, Phillip Rogaway, and Till Stegers. 2018. Deterministic Encryption with the Thorp Shuffle. Journal of Cryptology 31, 2 (April 2018), 521--536. https: //doi.org/10.1007/s00145-017-9262-z
[42]
Kurt Opsahl. 2013. Why Metadata Matters. https://www.eff.org/deeplinks/2013/ 06/why-metadata-matters.
[43]
Trevor Perrin. [n.d.]. The Noise Protocol Framework. The Noise Protocol Framework. http://www.noiseprotocol.org/noise.pdf.
[44]
Thomas Prest, Pierre-Alain Fouque, Jeffrey Hoffstein, Paul Kirchner, Vadim Lyuba- shevsky, Thomas Pornin, Thomas Ricosset, Gregor Seiler, William Whyte, and Zhenfei Zhang. 2020. FALCON. Technical Report. National Institute of Stan- dards and Technology. available at https://csrc.nist.gov/projects/post-quantum- cryptography/round-3-submissions.
[45]
Charlie Savage. 2013. Court Rejects Appeal Bid by Writer in Leak Case. The New York Times. http://www.nytimes.com/2013/10/16/us/court-rejects-appealbid- by-writer-in-leak-case.html.
[46]
Victor Shoup. 1997. Lower Bounds for Discrete Logarithms and Related Problems. In EUROCRYPT'97 (LNCS, Vol. 1233), Walter Fumy (Ed.). Springer, Heidelberg, 256--266. https://doi.org/10.1007/3-540-69053-0_18
[47]
Matthew Weidner, Martin Kleppmann, Daniel Hugenroth, and Alastair R. Beresford. 2021. Key Agreement for Decentralized Secure Group Messaging with Strong Security Guarantees. In ACM CCS 2021, Giovanni Vigna and Elaine Shi (Eds.). ACM Press, 2024--2045. https://doi.org/10.1145/3460120.3484542

Cited By

View all
  • (2024)Group Oblivious Message Retrieval2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00115(4367-4385)Online publication date: 19-May-2024
  • (2024)DeCAF: Decentralizable CGKA with Fast HealingSecurity and Cryptography for Networks10.1007/978-3-031-71073-5_14(294-313)Online publication date: 10-Sep-2024
  • (2023)Quantum-resistant End-to-End Secure Messaging and Email CommunicationProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605049(1-8)Online publication date: 29-Aug-2023

Index Terms

  1. How to Hide MetaData in MLS-Like Secure Group Messaging: Simple, Modular, and Post-Quantum

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
      November 2022
      3598 pages
      ISBN:9781450394505
      DOI:10.1145/3548606
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 07 November 2022

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. continuous group key agreement
      2. generic construction
      3. messaging layer security
      4. metadata-hiding
      5. post-quantum security
      6. secure group messaging

      Qualifiers

      • Research-article

      Funding Sources

      • JSPS KAKENHI
      • JST AIP Acceleration Research

      Conference

      CCS '22
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

      Upcoming Conference

      CCS '25

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)94
      • Downloads (Last 6 weeks)9
      Reflects downloads up to 28 Dec 2024

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Group Oblivious Message Retrieval2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00115(4367-4385)Online publication date: 19-May-2024
      • (2024)DeCAF: Decentralizable CGKA with Fast HealingSecurity and Cryptography for Networks10.1007/978-3-031-71073-5_14(294-313)Online publication date: 10-Sep-2024
      • (2023)Quantum-resistant End-to-End Secure Messaging and Email CommunicationProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605049(1-8)Online publication date: 29-Aug-2023
      • (2023)On the Cost of Post-compromise Security in Concurrent Continuous Group-Key AgreementTheory of Cryptography10.1007/978-3-031-48621-0_10(271-300)Online publication date: 29-Nov-2023

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media