Talek: a Private Publish-Subscribe Protocol
Modern applications share user-generated data over the cloud, often exposing sensitive information. Talek is a private publish-subscribe (pub/sub) system that shares user data through potentially untrustworthy servers, while hiding both data content and the communication patterns among its users. Talek is designed with two goals that distinguish it from the prior work in private messaging. First, Talek is designed with the strong security goal of access sequence indistinguishability, where clients leak no information to adversarial servers that might help an adversary distinguish between two arbitrary-length client access sequences. Second, our system aims to be practical for general-purpose workloads, from one-to-one messaging to one-to-many news feeds. To achieve these properties, we introduce two novel techniques. Oblivious logging is a mechanism for supporting private reads and writes to shared logs stored on servers without coordination between clients. Private notifications provide a private and efficient mechanism for subscribers to learn which topics have new messages without polling. We demonstrate a 3-server Talek cluster that achieves throughput of 566,000 messages/minute with 5.57-second end-to-end latency on commodity servers, a 3–4 order of magnitude improvement over related work with similar security goals.
Raymond Cheng is a PhD student working with Thomas Anderson and Arvind Krishnamurthy at the University of Washington. Previously, he spent several years conducting security research in the US government. Raymond's research area is in building practical systems for security and privacy.