Wink: Deniable Secure Messaging

TL;DR

Wink introduces a plausible deniability system for end-to-end encrypted messaging, enabling hidden communication within existing apps by leveraging trusted execution environments, thus protecting message confidentiality even under device compromise.

Contribution

It presents the first plausible deniability messaging system that works with existing E2EE apps by embedding hidden messages in cryptographic elements using TEEs.

Findings

Successfully integrated with Telegram and Signal

Minimal overhead and no change to message formats

Provides strong plausible deniability even under device compromise

Abstract

End-to-end encrypted (E2EE) messaging is an essential first step in providing message confidentiality. Unfortunately, all security guarantees of end-to-end encryption are lost when keys or plaintext are disclosed, either due to device compromise or (sometimes lawful) coercion by powerful adversaries. This work introduces Wink, the first plausibly-deniable messaging system protecting message confidentiality from partial device compromise and compelled key disclosure. Wink can surreptitiously inject hidden messages in standard random coins (e.g., salts, IVs) used by existing E2EE protocols. It does so as part of legitimate secure cryptographic functionality deployed inside the widely-available trusted execution environment (TEE) TrustZone. This results in hidden communication using virtually unchanged existing E2EE messaging apps, as well as strong plausible deniability. Wink has been demonstrated with multiple existing E2EE applications (including Telegram and Signal) with minimal (external) instrumentation, negligible overheads, and crucially, without changing on-wire message formats.