Yet Another Privacy Protocol End-user Reveal
Authors
Alstrup, Andreas Knudsen ; Gottlieb, Arthur August Osnes ; Justinussen, Martin de Fries
Term
4. term
Education
Publication year
2025
Submitted on
2025-06-14
Pages
48
Abstract
Dette speciale undersøger metadata-privatliv i instant messaging ved at implementere den Deniable Instant Messaging-protokol (DenIM) og udvikle et generelt simuleringsværktøj (IM-sim) til at generere og indfange netværkstrafik under realistisk brugeradfærd. DenIM er et hybridt design, hvor benægtelige beskeder skjules i almindelig trafik for at reducere metadata-lækage. Da den formelle analyse af DenIM antager, at benægtelig adfærd ikke påvirker normal brugeradfærd, svækker vi denne antagelse og designer trafikbaserede angreb inspireret af Statistical Disclosure Attacks med forskellige beskæringsstrategier for at afsløre benægtelig kommunikation. Vi implementerer DenIM oven på en eksisterende Signal-baseret infrastruktur, modellerer brugeradfærd ud fra litteraturen og kører simulationer på tværs af scenarier og varierende brugerantal. De empiriske resultater viser indledende succes med at identificere benægtelig kommunikation i små netværk, men at det hurtigt bliver vanskeligt at udlede deniable kontakter, når antallet af brugere øges. Arbejdet leverer en fungerende DenIM-implementering, et fleksibelt simulationsmiljø til IM-trafik og en empirisk evaluering af angreb under svækkede tillidsantagelser.
This thesis investigates metadata privacy in instant messaging by implementing the Deniable Instant Messaging (DenIM) protocol and developing a general simulation tool (IM-sim) to generate and capture network traffic under realistic user behavior. DenIM is a hybrid design that hides deniable messages within regular traffic to reduce metadata leakage. Because DenIM’s formal analysis assumes deniable behavior does not affect normal user behavior, we weaken this assumption and design traffic-based attacks inspired by Statistical Disclosure Attacks with different pruning strategies to reveal deniable communication. We implement DenIM atop an existing Signal-based infrastructure, derive user behavior from the literature, and run simulations across scenarios and varying user counts. Empirical results show initial success in identifying deniable communication in small networks, but it quickly becomes difficult to infer deniable contacts as the number of users increases. The work delivers a functional DenIM implementation, a flexible IM traffic simulation environment, and an empirical evaluation of attacks under weakened trust assumptions.
[This abstract was generated with the help of AI]
Keywords
Documents