What an experimental communication system can offer to protect against MITM attacks
Specialist at the University of Texas at Austin and New York University with an expert in the research unit MSR offered an original approach to the development of communication systems. We discuss the features and limitations of the trial protocol.
How can she work
The Pung protocol is able to protect not only the content of the correspondence, but also the metadata of all participants in the communication process: their number, the moment when the conversation starts and ends, the number of messages sent and the identifiers of those who communicated with each other.
It supports a larger number of users compared to its peers and is not afraid of compromising the systems serving the project. In the case of the experimental Pung cluster, these are four north with a throughput of 135 thousand user messages per minute.
The latter know the “label” of their box and can request information that is intended for them. To protect against traffic analysis attacks, the client communicates with the server and sends messages at regular intervals, even if the client is silent.
In this case, the system automatically generates messages so that by their basic characteristics they do not stand out from the total number of user messages. This solution has become a key feature and potential disadvantage of the protocol.
The cluster stores the box labels in the form of keys and encrypted correspondence in the key-value format. Labels are unique for each conversation and are not associated with user IDs for whom a shared secret is generated and based on it – two keys for generating box labels and encrypting messages.
To send “empty” messages, the randomizer generates text, and the system generates a random label of the correspondence and encrypts the content. Pung also provides service messages that do not differ in appearance from custom and empty ones. As the developers assure, the managing cluster cannot establish the fact of user communication.
Additional reading on our Habré:
“Due to statistics”: modernization of the US network infrastructure according to the new system
The fight against robocalls is reaching a new level – telecoms will limit their activity
It is worth noting that the development was published a long time ago, but this year it seems to have been updated repository… Anyway, at the time the article was published, the authors talked about the problem of “cold messages, when the user is identified with the recipient. For Pung, they didn’t come up with anything other than sending out invitations to all participants, which is not the most elegant solution. The system can also be subject to blocking on the side of the provider – and this point was indicated by the developers in the list of potential restrictions for a scientific project.
Why all this is needed
Earlier, we talked about MITM attacks on the side of some European providers, when law enforcement agencies downloaded software onto their network that could spoof software updates. Similar practices were noted in WikiLeaks. We also talked about how providers trade metadata clients, and the efforts of the Electronic Frontier Foundation (EFF) to regulate such practices. Implementing an optimized version of Pung or an alternative could protect user data at the protocol level.
Pung could also theoretically be adapted for media and social networks, where there is the possibility of publishing anonymous posts and exchanging messages. However, global projects in this area will most likely be forced to go along the path of introducing restrictions on end-to-end encryption, which is now being discussed by regulators and special services. In this case, conversations about the protection of metadata and the content of correspondence will lose any meaning for a while.
What else to read on our blog:
