CoverDrop: A secure messaging system for newsreader apps

Summary

CoverDrop: a secure messaging system for newsreader apps CoverDrop is a system designed to allow users of news organisations' mobile apps to contact journalists confidentially and without leaving evidence that they are doing so. Overview The CoverDrop system consists of four major components: A module within the news organisation's regular mobile apps A cloud-based API The CoverNode: a set of services run from a secured location A desktop application used by journalists at the news organisation CoverDrop provides strong plausible deniability by making every instance of the news organisation's public mobile app behave the same way, whether it is used for secure communication or for normal news consumption: Overview of the full architecture including mobile devices and the back-end components. The web services are either provided by third-parties (gray); written by us and running on third-party cloud infrastructure (blue); or services running on on-premises hardware (green). The arrows in this chart indicate logical flow of messages that include messages and cryptographic key information. The on-premises services do not allow any incoming connection and instead use a pull-based approach. In a CoverDrop implementation, at regular intervals, every copy of the news organisation's app exchanges small quantities of encrypted information with that news organisation's servers. These "cover messages" usually contain meaningless ciphertext. When a source writes a message for a journalist, their message plus that source's automatically generated public key is encrypted using the public key of the journalist. That ciphertext is then swapped in for one of the routine cover messages. Both source and cover messages are encrypted in the same way, are the same length, and are sent at the same times. So from the perspective of a network observer they are indistinguishable. These messages are appended to a Kinesis stream via a microservice behind the CDN. The secure servers at the news...