Organizer: Thomas Schneider, ENCRYPTO / CROSSING
Messaging applications are in wide use, but users are rightfully concerned about commercial and governmental surveillance. Popular messaging applications provide end-to-end encryption for data, but leave the sensitive metadata exposed – at least to the service providers. Existing proposals and systems for anonymous messaging are either impractical, due to excessive costs and complexity, or insecure, with anonymity depending on trusted provider(s).
We report on our research towards truly anonymous, yet practical, messaging systems. We present the Anonymous Post-office Protocol (AnonPoP), a messaging protocol ensuring strong anonymity to senders and recipients, even against powerful adversaries. AnonPoP utilizes two kinds of (possibly corrupt) servers: mixes and post-offices. AnonPoP is practical, scalable and efficient, with reasonable overhead in latency and communication. Furthermore, it is appropriate even for use in mobile devices, with modest, reasonable energy consumption (validated experimentally).
The AnonPoP design is not yet sufficient for a complete anonymous system. We discuss some of the additional required work, including several research directions (and some early results). These include an efficient anonymous notification protocol (AnoNotify), protocol to mitigate malicious mix servers, and investigation of mechanisms to securely setup the anonymous keying materials.
Joint work with George Danezis, Nethanel Gelernter, Hemi Leibowitz and Ania Piotrowska.