SLIDE 1
Yodel: Strong Metadata Security for Real-Time Voice Calls
David Lazar, Yossi Gilad, Nickolai Zeldovich
- 1
MIT CSAIL
Metadata is data that can’t be encrypted
2
Chat Service src/dst msg size sent time
Yodel: Strong Metadata Security for Real-Time Voice Calls David - - PowerPoint PPT Presentation
Yodel: Strong Metadata Security for Real-Time Voice Calls David - - PowerPoint PPT Presentation
Yodel: Strong Metadata Security for Real-Time Voice Calls David Lazar , Yossi Gilad, Nickolai Zeldovich MIT CSAIL 1 Metadata is data that cant be encrypted src/dst msg size Chat Service sent time 2 What can you learn from
SLIDE 2
SLIDE 3
What can you learn from metadata?
3
Dan Guardian Erin NYT Alice Bob Carol Fred
Passive Network Adversary
Huawei Executive Saudi Dissident
SLIDE 4
Security goal: hide who is talking to whom
4
Active Network Adversary
?
?
?
Passive Network Adversary
SLIDE 5
Performance goal: sub-second latency
5
× millions
< 1s
SLIDE 6
Prior work doesn’t meet goals
Passive attacks Active attacks Performance Pung
[OSDI 2016]
Karaoke
[OSDI 2018]
Herd
[SIGCOMM 2015] Differential privacy 7s Trusted server
6
SLIDE 7
Contributions
Yodel: the first system for real-time voice calls with
- Strong protection against passive & active attacks
- Distributed trust (any-trust or fractional trust)
- Sub-second latency for 5M users with 100 servers
Two key insights
- Self-healing circuits & Guarded circuit exchange
7
SLIDE 8
Mixnets hide who sent which message
8
Server 1 Server 2 Server 3
x y
y x y
x y
x Onion-encrypted Message
SLIDE 9
9
Server 1 Server 2 Server 3
Mixing is expensive: public key
- peration for each message at every hop
gx gx gx gx gx gx gx gx gx
SLIDE 10
10
Yodel’s mixnet: send public key onions to setup symmetric key circuits
Circuit setup onion
SLIDE 11
11
Server 1 Server 2 Server 3
Circuit messaging
⨁ ⨁ ⨁ ⨁ ⨁ ⨁ ⨁ ⨁ ⨁
= circuit (symmetric key) onion
SLIDE 12
12
Server 1 Server 2 Server 3
Challenge: attacker has many chances to learn shuffle of honest server!
! !
SLIDE 13
Yodel’s key insight: self-healing circuits
13
Server 1 Server 2 Server 3
SLIDE 14
3
Users connect to circuits
14
Yodel round steps
1
Users establish circuits = random string x y
2
Users exchange circuits x y
External Messaging Service
4
Users send voice packets
Mixnet
SLIDE 15
Evaluation
Does Yodel achieve low latency for large numbers of users? Does Yodel offer acceptable voice quality?
15
SLIDE 16
Yodel achieves sub-second latency for 5M users
16
0.6s 0.8s 1.0s 1.2s 1.4s 1.6s 2M 4M 6M 8M Voice packet latency Number of users 100 servers, US & EU
SLIDE 17
17
- Joanna and I had a short conversation over Yodel, with
5M other “users” actively using the system
- She ran Yodel over her laptop speakers and recorded the
convo with her phone
- (phone records her voice directly)
- Some latency (~1s) is due to us waiting to not talk over
each other
Yodel achieves acceptable voice quality
SLIDE 18
18
Pre-recorded demo
SLIDE 19
Conclusion
Yodel: the first system for real-time voice calls with
- Strong metadata privacy (against passive & active attacks)
- Distributed trust (any-trust or fractional trust)
- Sub-second latency for 5M users with 100 servers
Full paper and code coming soon:
- vuvuzela.io
- davidlazar.org