Yodel: Strong Metadata Security for Real-Time Voice Calls
David Lazar
Abstract:
Protecting metadata (e.g., who is communicating with whom) is critical to achieving privacy, but is challenging in an era of pervasive network monitoring. By monitoring or tampering with network traffic, an attacker can correlate the times when messages are sent and received to uncover which users are communicating. One way to defend against these traffic analysis attacks is by generating cover traffic. For example, if all users communicate through a single server, users can simply send messages at a fixed rate to this server to hide their network patterns.
In our work, we aim to distribute trust among many servers so that an attacker can't target any single server to uncover a particular user's metadata. With many servers, generating cover traffic that is indistinguishable from real traffic is a challenge. We also aim to support interactive applications like voice calls, which means the system must provide high throughput with sub-second latency.
This talk presents Yodel, the first system for real-time voice calls that hides metadata from adversaries that observe and tamper with all network traffic and control some fraction of the system's servers. Yodel introduces the idea of `self-healing circuits`, reusable paths through a mix network that only use fast symmetric cryptography. Once created, these circuits are resilient to passive and active attacks from network adversaries. Yodel achieves acceptable voice quality with 970ms of latency for 4.8 million users. The authors have used Yodel to talk on several occasions.
Bio:
David Lazar (https://davidlazar.org) is a graduating PhD student at MIT CSAIL, advised by Nickolai Zeldovich. His research in systems security has focused on the problem of metadata privacy: how can two users communicate over the internet without anyone finding out about it? The systems he's built, including Vuvuzela, Alpenhorn, and Karaoke, take an approach based on differential privacy to provide strong metadata protection without sacrificing performance. David is in the process of deploying his work at https://vuvuzela.io, and otherwise spends his time climbing mountains or running.