Faculty Recruiting Support CICS

Cryptography for Content Moderation: Message Franking and Invisible Salamanders

06 Dec
Friday, 12/06/2019 11:00am to 12:00pm
Computer Science Building, Room 303
Seminar
Speaker: Paul Grubbs

A challenge in deploying end-to-end encrypted (E2EE) messaging is that it prevents the service provider from performing content moderation: identifying abusive or threatening messages and taking punitive action against parties that send them. In this talk, I'll discuss some new cryptographic tools that make moderating E2EE content possible. One example is message franking, a Facebook Messenger feature that enables verifiable reporting of abusive content in E2EE Messenger chats while preserving deniability.

First I will give a high-level overview of the security goals of moderation for E2EE content, using message franking as an example. Next, I'll describe a vulnerability in message franking that would have allowed a sender to bypass moderation by sending un-reportable abusive messages. I disclosed this vulnerability to Facebook, and they awarded me a bug bounty. The flaw stems from a misuse of the Galois/Counter Mode (GCM) authenticated encryption scheme: though secure in other settings, GCM lacks a security property that's crucial for content moderation. I'll briefly explain some work I've done to build committing authenticated encryption schemes that have the needed security.

Finally, we will turn to metadata-private messaging systems, where the service provider cannot see communication metadata. One such system is Signal, where senders can hide their identities from the server. Content moderation in these systems is especially challenging because metadata privacy is seemingly at odds with report verification and other security goals. For example, message franking wouldn't work at all without metadata, and other solutions based on digital signatures break deniability. I'll conclude by outlining a new cryptographic primitive, called asymmetric message franking, that enables content moderation for metadata-private messaging.

Joint work with Jiahui Lu, Thomas Ristenpart, Yevgeniy Dodis, Joanne Woodage, Nirvan Tyagi, Ian Miers, and Julia Len.

Paul Grubbs is a fifth-year PhD student at Cornell Tech, advised by Tom Ristenpart. In his research at the intersection of security, cryptography, and systems, he analyzes and builds systems that use encryption to protect data. He is the recipient of a 2017 NSF Graduate Research Fellowship.

Faculty Host
: