With a Little Help from My Friends: Transport Deniability for Instant Messaging

TL;DR

This paper introduces DenIM, a low-overhead, user-assisted deniable messaging protocol that enhances privacy in instant messaging by making deniable messages indistinguishable from regular traffic, even against strong adversaries.

Contribution

It proposes a novel hybrid messaging model and a protocol enabling deniable instant messaging with minimal overhead and strong privacy guarantees, leveraging user cooperation.

Findings

DenIM provides effective deniability against ISPs.

Overhead scales with message volume, not time or user count.

Implementation shows practical feasibility and robustness.

Abstract

Traffic analysis for instant messaging (IM) applications continues to pose an important privacy challenge. In particular, transport-level data can leak unintentional information about IM -- such as who communicates with whom. Existing tools for metadata privacy have adoption obstacles, including the risks of being scrutinized for having a particular app installed, and performance overheads incompatible with mobile devices. We posit that resilience to traffic analysis must be directly supported by major IM services themselves, and must be done in a low-cost manner without breaking existing features. As a first step in this direction, we propose a hybrid messaging model that combines regular and deniable messages. We present a novel protocol for deniable instant messaging, which we call DenIM. DenIM is built on the principle that deniable messages can be made indistinguishable from regular messages with a little help from a user's friends. Deniable messages' network traffic can then be explained by a plausible cover story. DenIM achieves overhead proportional to the messages sent, as opposed to scaling with time or number of users. To show the effectiveness of DenIM, we implement a trace simulator, and show that DenIM's deniability guarantees hold against strong adversaries such as internet service providers.