Reducing Metadata Leakage from Encrypted Files and Communication with PURBs

Open access

Abstract

Most encrypted data formats leak metadata via their plaintext headers, such as format version, encryption schemes used, number of recipients who can decrypt the data, and even the recipients’ identities. This leakage can pose security and privacy risks to users, e.g., by revealing the full membership of a group of collaborators from a single encrypted e-mail, or by enabling an eavesdropper to fingerprint the precise encryption software version and configuration the sender used.

We propose that future encrypted data formats improve security and privacy hygiene by producing Padded Uniform Random Blobs or PURBs: ciphertexts indistinguishable from random bit strings to anyone without a decryption key. A PURB’s content leaks nothing at all, even the application that created it, and is padded such that even its length leaks as little as possible.

Encoding and decoding ciphertexts with no cleartext markers presents efficiency challenges, however. We present cryptographically agile encodings enabling legitimate recipients to decrypt a PURB efficiently, even when encrypted for any number of recipients’ public keys and/or passwords, and when these public keys are from different cryptographic suites. PURBs employ Padmé, a novel padding scheme that limits information leakage via ciphertexts of maximum length M to a practical optimum of O(log log M) bits, comparable to padding to a power of two, but with lower overhead of at most 12% and decreasing with larger payloads.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Ring-road: Leaking sensitive data in security protocols. http://www.ringroadbug.com/.

  • [2] Michel Abdalla Mihir Bellare and Phillip Rogaway. The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES. In Cryptographers’ Track at the RSA Conference pages 143–158 2001.

  • [3] Diego F Aranha Pierre-Alain Fouque Chen Qian Mehdi Tibouchi and Jean-Christophe Zapalowicz. Binary Elligator Squared. In International Workshop on Selected Areas in Cryptography pages 20–37 2014.

  • [4] Adam Barth Dan Boneh and Brent Waters. Privacy in Encrypted Content Distribution Using Private Broadcast Encryption. In International Conference on Financial Cryptography and Data Security pages 52–64 2006.

  • [5] Tal Be’ery and Amichai Shulman. A Perfect CRIME? Only TIME Will Tell. Black Hat Europe 2013.

  • [6] Mihir Bellare Alexandra Boldyreva Anand Desai and David Pointcheval. Key-Privacy in Public-Key Encryption. In Advances in Cryptology – ASIACRYPT 2001 pages 566–582 2001.

  • [7] Mihir Bellare Alexandra Boldyreva Kaoru Kurosawa and Jessica Staddon. Multi-Recipient Encryption Schemes: Efficient Constructions and Their Security. IEEE Transactions on Information Theory 53(11):3927–3943 2007.

  • [8] Mihir Bellare and Chanathip Namprempre. Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. Journal of Cryptology 21(4):469–491 2008.

  • [9] Mihir Bellare and Björn Tackmann. The Multi-user Security of Authenticated Encryption: AES-GCM in TLS 1.3. In Annual International Cryptology Conference pages 247–276 2016.

  • [10] Daniel J Bernstein Mike Hamburg Anna Krasnova and Tanja Lange. Elligator: Elliptic-curve points indistinguishable from uniform random strings. In ACM Conference on Computer and Communications Security CCS ’13 2013.

  • [11] Alex Biryukov Daniel Dinu and Dmitry Khovratovich. Argon2: New Generation of Memory-Hard Functions for Password Hashing and Other Applications. Technical report 2015.

  • [12] Tor Blog. Tor at the heart: Bridges and pluggable transports. https://blog.torproject.org/tor-heart-bridges-and-pluggable-transports Dec 2016.

  • [13] Dan Boneh Craig Gentry and Brent Waters. Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In Advances in Cryptology – CRYPTO pages 258–275 2005.

  • [14] J. Callas L. Donnerhacke H. Finney D. Shaw and R. Thayer. OpenPGP Message Format. RFC 4880 Nov 2007.

  • [15] Yu-Chun Chang Kuan-Ta Chen Chen-Chi Wu and Chin-Laung Lei. Inferring speech activity from encrypted Skype traffic. In IEEE Global Telecommunications Conference GLOBECOM pages 1–5 2008.

  • [16] Giovanni Cherubin Jamie Hayes and Marc Juarez. Website Fingerprinting Defenses at the Application Layer. In Privacy Enhancing Technologies Symposium PETS ’17 pages 2:186–2:203 2017.

  • [17] George Danezis and Richard Clayton. Introducing Traffic Analysis. 2007.

  • [18] George Danezis and Ian Goldberg. Sphinx: A Compact and Provably Secure Mix Format. In IEEE Symposium on Security and Privacy S&P ’09 pages 269–282 2009.

  • [19] Cécile Delerablée. Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys. In International Conference on the Theory and Application of Cryptology and Information Security pages 200–215 2007.

  • [20] T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 Aug 2008.

  • [21] Kevin P Dyer Scott E Coull Thomas Ristenpart and Thomas Shrimpton. Peek-a-Boo I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. In IEEE Symposium on Security and Privacy S&P ’12 pages 332–346 2012.

  • [22] Nelly Fazio and Irippuge Milinda Perera. Outsider-Anonymous Broadcast Encryption with Sublinear Ciphertexts. In International Workshop on Public Key Cryptography pages 225–242 2012.

  • [23] Sergey Frolov and Eric Wustrow. The use of TLS in Censorship Circumvention. In Network and Distributed System Security (NDSS) Symposium 2019.

  • [24] Craig Gentry and Brent Waters. Adaptive Security in Broadcast Encryption Systems (with Short Ciphertexts). In Antoine Joux editor Annual International Conference on the Theory and Applications of Cryptographic Techniques pages 171–188 2009.

  • [25] Yoel Gluck Neal Harris and Angelo Prado. BREACH: reviving the CRIME attack. Black Hat USA 2013.

  • [26] B. Greschbach G. Kreitz and S. Buchegger. The devil is in the metadata 2014 – New privacy challenges in Decentralised Online Social Networks. In IEEE International Conference on Pervasive Computing and Communications Workshops pages 333–339 March 2012.

  • [27] Dominik Herrmann Rolf Wendolsky and Hannes Federrath. Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-bayes Classifier. In ACM Workshop on Cloud Computing Security CCSW ’09 pages 31–42 2009.

  • [28] P. Hoffman and J. Schlyter. The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698 August 2012.

  • [29] Amir Houmansadr Chad Brubaker and Vitaly Shmatikov. The parrot is dead: Observing unobservable network communications. In IEEE Symposium on Security and Privacy S&P ’13 pages 65–79 2013.

  • [30] IDRIX. Veracrypt. https://www.veracrypt.fr/en/Home.html.

  • [31] Jonathan Katz and Yehuda Lindell. Introduction to modern cryptography. CRC press 2014.

  • [32] John Kelsey. Compression and information leakage of plaintext. In International Workshop on Fast Software Encryption Lecture Notes in Computer Science pages 263–276 2002.

  • [33] Hugo Krawczyk. Cryptographic extraction and key derivation: The HKDF scheme. In Annual Cryptology Conference pages 631–648 2010.

  • [34] Kaoru Kurosawa. Multi-recipient public-key encryption with shortened ciphertext. In International Workshop on Public Key Cryptography pages 48–63 2002.

  • [35] Stevens Le Blond Chao Zhang Arnaud Legout Keith Ross and Walid Dabbous. I Know Where You Are and What You Are Sharing: Exploiting P2P Communications to Invade Users’ Privacy. In ACM SIGCOMM Conference on Internet Measurement Conference IMC ’11 2011.

  • [36] Jonathan Mayer Patrick Mutchler and John C. Mitchell. Evaluating the privacy properties of telephone metadata. Proceedings of the National Academy of Sciences 113(20):5536–5541 2016.

  • [37] Hooman Mohajeri Moghaddam Baiyu Li Mohammad Derakhshani and Ian Goldberg. SkypeMorph: Protocol Obfuscation for Tor Bridges. In ACM Conference on Computer and Communications Security CCS ’12 pages 97–108 2012.

  • [38] Rebekah Overdorf Mark Juarez Gunes Acar Rachel Greenstadt and Claudia Diaz. How Unique is Your .onion?: An Analysis of the Fingerprintability of Tor Onion Services. In ACM Conference on Computer and Communications Security CCS ’17 pages 2021–2036 2017.

  • [39] Andriy Panchenko Lukas Niessen Andreas Zinnen and Thomas Engel. Website fingerprinting in onion routing based anonymization networks. In ACM Workshop on Workshop on Privacy in the Electronic Society pages 103–114 2011.

  • [40] Jeffrey Pang Ben Greenstein Ramakrishna Gummadi Srinivasan Seshan and David Wetherall. 802.11 User Fingerprinting. In ACM International Conference on Mobile Computing and Networking MobiCom ’07 pages 99–110 2007.

  • [41] Colin Percival. Stronger key derivation via sequential memory-hard functions. Self-published pages 1–16 2009.

  • [42] Damian Poddebniak Christian Dresen Jens Müller Fabian Ising Sebastian Schinzel Simon Friedberger Juraj Somorovsky and Jörg Schwenk. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. In USENIX Security Symposium USENIX ’18 2018.

  • [43] Andrew Reed and Benjamin Klimkowski. Leaky streams: Identifying variable bitrate DASH videos streamed over encrypted 802.11n connections. In IEEE Consumer Communications & Networking Conference (CCNC) pages 1107–1112 2016.

  • [44] Andrew Reed and Michael Kranch. Identifying HTTPS-protected Netflix videos in real-time. In ACM Conference on Data and Application Security and Privacy pages 361–368 2017.

  • [45] E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 Aug 2018.

  • [46] Ivan Ristić. HTTP client fingerprinting using ssl handshake analysis. https://blog.ivanristic.com/2009/06/http-client-fingerprinting-using-ssl-handshake-analysis.html Jun 2009.

  • [47] Tom Ritter and Daniel Kahn Gillmor. Protecting the TLS Handshake. IETF Interim May 2014.

  • [48] Juliano Rizzo and Thai Duong. The CRIME attack. Ekoparty 2012.

  • [49] Phillip Rogaway. Nonce-based symmetric encryption. In International Workshop on Fast Software Encryption pages 348–358 2004.

  • [50] Roei Schuster Vitaly Shmatikov and Eran Tromer. Beauty and the Burst: Remote Identification of Encrypted Video Streams. In USENIX Security Symposium USENIX ’17 pages 1357–1374 2017.

  • [51] Mehdi Tibouchi. Elligator squared: Uniform points on elliptic curves of prime order as uniform random strings. In International Conference on Financial Cryptography and Data Security pages 139–156 2014.

  • [52] Thiago Valverde. Bad life advice - replay attacks against https. http://blog.valverde.me/2015/12/07/bad-life-advice/ Dec 2015.

  • [53] Guido Vranken. HTTPS Bicycle Attack. https://guidovranken.com/2015/12/30/https-bicycle-attack/ Dec 2015.

  • [54] Liang Wang Kevin P Dyer Aditya Akella Thomas Ristenpart and Thomas Shrimpton. Seeing through network-protocol obfuscation. In ACM Conference on Computer and Communications Security CCS ’15 2015.

  • [55] Qiyan Wang Xun Gong Giang TK Nguyen Amir Houmansadr and Nikita Borisov. Censorspoofer: asymmetric communication using IP spoofing for censorship-resistant web browsing. In ACM Conference on Computer and Communications Security pages 121–132 2012.

  • [56] Tao Wang and Ian Goldberg. Improved Website Fingerprinting on Tor. In ACM Workshop on Workshop on Privacy in the Electronic Society pages 201–212 2013.

  • [57] Tao Wang and Ian Goldberg. On realistically attacking Tor with website fingerprinting. In Privacy Enhancing Technologies Symposium PETS ’16 pages 4:21–4:36 2016.

  • [58] Tao Wang and Ian Goldberg. Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks. In USENIX Security Symposium USENIX ’17 pages 1375–1390 2017.

  • [59] Zachary Weinberg Jeffrey Wang Vinod Yegneswaran Linda Briesemeister Steven Cheung Frank Wang and Dan Boneh. StegoTorus: a camouflage proxy for the Tor anonymity system. In ACM Conference on Computer and Communications Security pages 109–120 2012.

  • [60] Philipp Winter Tobias Pulls and Juergen Fuss. Scramble-Suit: A polymorphic network protocol to circumvent censorship. In ACM Workshop on Workshop on Privacy in the Electronic Society pages 213–224 2013.

  • [61] Charles V Wright Lucas Ballard Fabian Monrose and Gerald M Masson. Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob? In USENIX Security Symposium USENIX ’07 pages 43–54 2007.

  • [62] Charles V. Wright Scott E. Coull and Fabian Monrose. Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis. In Network and Distributed Security Symposium pages 237–250 2009.

  • [63] Fan Zhang Wenbo He Xue Liu and Patrick G. Bridges. Inferring Users’ Online Activities Through Traffic Analysis. In ACM Conference on Wireless Network Security WiSec ’11 pages 59–70 2011.

  • [64] Philip R. Zimmermann. The Official PGP User’s Guide. MIT Press Cambridge MA USA 1995.

Search
Journal information
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 173 173 59
PDF Downloads 81 81 24