As part of our efforts on the DARPA RACE program we developed Kestrel, which is designed to address the inherent tension between the following two features of covert communication:
- Covert communication is mission critical.
- Using secure communication channels is itself conspicuous (thus undermining covertness).
Kestrel aims to enable covert communication in adversarial settings that is safe, reliable, and undetectable.
While there exist myriad technologies that purport to provide secure communication, there is currently no single solution with the breadth and depth of Kestrel. For example, for non-Kestrel solutions:
- Each solution addresses only part of the problem
- End-to-end encrypted client chat (such as Signal, WhatsApp, or Wickr) relies on a central service to route messages, and thus there is a single point of failure if this service is blocked.
- Mixnets (such as Nym) provide distributed routing and message diffusion through combinatorics but rely on ordinary network traffic or blockchains.
- Secure Multiparty Computation Mixing solutions, called MPC mixers (such as Riposte, PowerMix, and Blinder) provide cryptographic mixing properties but are centralized.
- Anonymous browsing mechanisms, such as onion routing, do not easily support an end-to-end chat ecosystem and can still be detected.
In contrast to other existing solutions, Kestrel provides users with a more complete end-to-end solution with high fidelity and low risk of detection, including security features based on our Carma engine:
- Client and server software are both included and easy to deploy, thereby encouraging a decentralized system of ordinary users
- End-to-end encryption
- Careful routing, ensuring efficient and robust delivery of messages
- MPC mixer that operates on small decentralized clusters of servers
- Transport-agnostic channels, e.g. can operate at high or low performance and covertness levels, which enables communication to evade detection and blocking
Deployment and Utility
We deployed a small Kestrel system, which included:
-
100 Clients running with Kestrel Client software
-
200 Servers running Kestrel Server software
-
Deployed to many cloud servers, geographically dispersed, running on different Cloud providers (AWS, Azure) and different operating systems
-
Client and Server software are lightweight, and can even run on mobile devices and single-board computers (SBCs).
We then demonstrated the system’s ability to incorporate server and client refresh and to handle the loss of inactive servers, and we also demonstrated robustness of message delivery by removing an active server mid-execution and showing that the message automatically re-routes via active servers.
This work was supported by the United States Air Force and DARPA under contract number FA8750-19-C-0031, Distribution Statement A: “Approved for Public Release, Distribution Unlimited. If you have any questions, please contact the Public Release Center”. The views, opinions and/or findings expressed are those of the author and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.