Poster: No safety in numbers: traffic analysis of sealed-sender groups in Signal

Abstract

Secure messaging applications often offer privacy to users by protecting their messages from would be observers through end-to-end encryption techniques. However, the metadata of who communicates with whom cannot be concealed by encryption alone. Signal's Sealed Sender mechanism attempts to enhance its protection of this data by obfuscating the sender of any message sent with the protocol. However, it was shown by Martiny et al. that due to the message delivery protocols in Signal, the record of who receives messages can be enough to recover this metadata. In this work we extend the attack presented from deanonymizing communicating pairs to deanonymizing entire group conversations.