Abstract
Instant messaging (IM) applications, even with end-to-end encryption enabled, pose privacy issues due to metadata and pattern leakage. Our goal is to develop a model for a privacy preserving IM application, by designing an IM application that focuses on hiding metadata and discussion patterns. To solve the issue of privacy preservation through the obfuscation of metadata, cryptographic constructions like Oblivious Random Access Machines (ORAM) have been proposed in recent years. However, although they completely hide the user access patterns, they incur high computational costs, often resulting in excessively slow performance in practice. We propose a new federated model, FedORAM, which is the first ORAM scheme that uses a federation of servers to hide metadata for an IM use case. In order to investigate the trade-off between security and performance, we propose two versions of FedORAM: Weak FedORAM and Strong FedORAM. Strong FedORAM uses a tree-based federation architecture to ensure strong obliviousness, but with an increased overhead cost. Weak FedORAM has a more simple federated architecture that only uses Oblivious Transfer (OT) to increase communication speed, but with security consequences. Our results show that both constructions are faster than a similar client-server ORAM scheme. Furthermore, Weak FedORAM has a response time of less than 2 seconds per message for a middle-sized federation.
Highlights
Privacy is an ever growing concern in society; as more and more of our lives are lived online, protecting the privacy of our data and online activity is of utmost importance, in sensitive contexts
Our results show that both FedORAM schemes can support reasonable response times, and can be considered more practical for use in real-world Instant Messaging (IM) applications than classic Oblivious Random Access Machines (ORAM) schemes
The results presented are the average response times calculated based on a 7-server federation for FedORAM and the 2-server construction of Square Root ORAM (SqrORAM), where 100 messages were sent from one user to another user
Summary
Privacy is an ever growing concern in society; as more and more of our lives are lived online, protecting the privacy of our data and online activity is of utmost importance, in sensitive contexts. It is our data that needs to be protected; metadata, describing our online activity, can be observed on servers hosting the applications we interact with on a daily basis. This metadata can be gathered over time to infer sensitive knowledge about the users on the system. With free licenses and usage, multi-platform Instant Messaging (IM) applications are becoming the first choice for many people wishing to communicate via text. While some of these popular applications have well-known and attractive security features, they are still vulnerable in terms of privacy attacks. Even though data are kept safe with the help of encryption when stored or in transit, an attacker or an untrustworthy service provider, with full access to the server, could still have many possibilities for obtaining sensitive information by looking at the metadata discussion patterns
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
