mirror of https://github.com/vacp2p/research.git
55 lines
4.3 KiB
Markdown
55 lines
4.3 KiB
Markdown
Below, we analyze the security of the transport protocol of waku v2 i.e., WAKU2-Relay. In this analysis, we preclude the metadata included in the WakuMessage, as the unit of data transported using WAKU2-Relay. The waku message is treated as a black box. A privacy-respected application can provide the utmost level of security by encrypting the waku message before transportation.
|
|
The analysis of the metadata included in the WakuMessage will fall into the "conversational security" and deserves a separate issue.
|
|
|
|
# Required Privacy Features in a Private Trasnport Protocol
|
|
- Sender anonymity: No global entity except the sender knows which entity owns the message
|
|
- Recipient Anonymity: No global entity except the receiver knows which entity received the message
|
|
- Participation Anonymity: No global entity can discover which two entities are engaged in a conversation except the conversation participants.
|
|
- Unlinkability: No two protocol messages are attributable to the same conversation unless by the conversation participants.
|
|
|
|
# Threat Models
|
|
Based on the domain of knowledge, the following non-exclusive categories of adversary exist. Any collusion among the adversaries is perceivable.
|
|
- Local adversary (passive (HbC), active (malicious)): An adversary with the control of local network
|
|
- Global adversary (passive (HbC), active (malicious)): An adversary with the control of a larger portion of the network e.g., ISPs.
|
|
- Service Providers: Any centralized service operator and aid the messaging system e.g., public key directories.
|
|
|
|
In this treat model, the end-point security is assumed, hence malware or hardware attacks are precluded.
|
|
Also, the adversary has **NO** **Auxiliary** **Information** (background about users). The inclusion of such information would open up all sorts of inference attacks and a countermeasure demands research techniques like differential privacy which is going to be left out of scope for now.
|
|
|
|
# WAKU2 Relay analysis
|
|
|
|
**Recipient Anonymity**: No global entity except the receiver knows which entity received the message
|
|
- Level of privacy: K-anonymity
|
|
- Adversarial model: it holds against a global adversary
|
|
- Details: The number of topics transported within the same mesh determines recipient anonymity, e.g., if the mesh is used to transport k topics then the recipient anonymity of all the nodes within that mesh is k-Anonymity. That is, every message in that mesh belongs to a participant with 1/k probability.
|
|
- The anonymity level can be increased by generalizing the topics hence supporting more topics within a single mesh
|
|
- Increasing anonymity of recipient comes with the bandwidth penalty for all the participants i.e., nodes have to spend their bandwidth to relay messages not within their interests
|
|
|
|
The same analysis as above applies to **Participation Anonymity**.
|
|
|
|
**Sender anonymity:** No global entity except the sender knows which entity owns the message
|
|
- Adversarial model: local and global
|
|
- No sender anonymity against even local adversary
|
|
- Attack scenario: The adversary can eavesdrop on the incoming and outgoing traffic of a target node and realizes that some messages appear in the outgoing traffic but not in the incoming traffic. Those messages are the ones originated by that node.
|
|
|
|
|
|
**Unlinkability:** No non-global entities except the conversation participants can discover that two protocol messages belong to the same conversation.
|
|
- Level of privacy: K-anonymity
|
|
- Adversarial model: Global
|
|
- The number of topics transported within the same mesh determines unlinkability level, e.g., if the mesh is used to transport k topics then for every two messages m1 and m2 transported within that mesh, the probability that these two belong to the same conversation is 1/k
|
|
- The anonymity level can be increased by generalizing the topics hence supporting more topics within a single mesh
|
|
- Increasing anonymity of recipient comes with the bandwidth penalty for all the participants i.e., nodes have to spent their bandwidth to relay messages, not within their interests
|
|
|
|
|
|
# Comparison with Tor
|
|
Tor protocol provides the following privacy properties, however against an attacker with limited scope.
|
|
- sender anonymity
|
|
- participation anonymity
|
|
- unlinkability
|
|
|
|
A global adversary can break anonymity by statistical analysis based on
|
|
- content size
|
|
- Transmission direction
|
|
- counts
|
|
- timing
|