Selected Publications

We describe SYM-GOTR, a protocol for secure Group Off-The-Record (GOTR) messaging. In contrast to previous work, SYM-GOTR is the first protocol to offer confidential, authenticated, and repudiable conversations among a dynamic group with the additional properties of message unlinkability and the guarantee that all users see the same conversation, while providing efficient use of network and CPU resources. SYM-GOTR achieves these properties through the use of a novel optimistic consistency check protocol that either determines that all users agree on a transcript with constant-size messages or identifies at least one user that has not followed the protocol. We provide an implementation of SYM-GOTR as a Java library along with a plugin for the Jitsi instant messaging client. We analyze the performance of SYM-GOTR in a real world deployment scenario and discuss the challenges of providing a usable implementation without compromising the security of the conversation.
PETS’18

Demand for end-to-end secure messaging has been growing rapidly and companies have responded by releasing applications that implement end-to-end secure messaging protocols. Signal and protocols based on Signal dominate the secure messaging applications. In this work we analyze conversational security properties provided by the Signal Android application against a variety of real world adversaries. We identify vulnerabilities that allow the Signal server to learn the contents of attachments, undetectably re-order and drop messages, and add and drop participants from group conversations. We then perform proof-of-concept attacks against the application to demonstrate the practicality of these vulnerabilities, and suggest mitigations that can detect our attacks. The main conclusion of our work is that we need to consider more than confidentiality and integrity of messages when designing future protocols. We also stress that protocols must protect against compromised servers and at a minimum implement a trust but verify model.
WPES’17

Recent Publications

Consistent Synchronous Group Off-The-Record Messaging with SYM-GOTR
Privacy Enhancing Technologies Symposium, 2018

PDF

MP3: A More Efficient Private Presence Protocol
Financial Cryptography and Data Security, 2018

PDF

Is Bob Sending Mixed Signals?
Workshop on Privacy in the Electronic Society, 2017

PDF

The Cost of the Path Not Taken
Global Communications Confernece Exhibition & Industry Forum, 2016

PDF

ABRA CADABRA: Magically Increasing Network Utilization in Tor by Avoiding Bottlenecks
Workshop on Privacy in the Electronic Society, 2016

PDF

Anarchy in Tor: Performance Cost of Decentralization
arXiv preprint arXiv:1606.02385

Preprint

Facet: Streaming over Videoconferencing for Censorship Circumvention
Workshop on Privacy in the Electronic Society, 2014

PDF