AurisMeta

Inspiration

The idea to do it was driven by the understanding that having encryption cannot ensure privacy, as even messaging applications, such as WhatsApp and Signal, still show routing metadata that can tell who chats with whom and when, how frequently. This is the gap, the attackers can execute correlation attacks without decryption of any content, and systems are not designed to repair this gap because of trade-offs between latency and cost.

What it does

AurisMeta is a routing metadata security layer that conceals pattern of communication in encrypted message systems with four synchronized routing techniques, namely adaptive batching, dummy traffic injection, lightweight relay routing, and message padding. It also has an AI adversarial testing, an environment where an LLM-based attacker trains on live metadata through a real-time RAG pipeline to proceed to test the system continuously, and measure the risk of reductions in metadata linkability and correlation risk.

How we built it

The combination of real-time data processing and AI-based adversarial modeling was done with Python to simulate, Python to use privacy logic, Pathway to stream and live updates, Streamlit to create an interactive dashboard, and scikit-learn to use lightweight adversarial attacker modeling. On the top of this, an LLM attacker module and Pathway supported RAG are used to establish an adaptive testing system and form a closed loop pipeline that emulates traffic, defends against attacks, and end to end privacy testing.

Challenges we ran into

The major issues were to balance both privacy and latency when adding dummy traffic and relay routing, and to combine real-time RAG with the LLM attacker in such a way that it remains dynamic rather than fixed. We also needed to make meaningful attack diversity, conceptualize useful metadata linkability reduction metrics and a system capable of scaling to large throughput messaging with narrow latency constraints.

Our achievements that we are proud of.

Our model refers to an adaptive adversarial testing environment that operates beyond the scope of a static analysis through the implementation of an LLM attacker that can adapt strategies on the fly. Together with the latter, we introduced an end to end pipeline with the capability to learn live data, privacy metrics, a four-layer defense (batching, dummies, relays, padding) collaborating as a coherent protection stack.

What we learned

We got to understand how robust and sensitive routing metadata is, even in the case where message contents are completely encrypted, and why production systems so often compromise the privacy of metadata (in favor of performance). We also received practical exposure to streaming RAG to perform live, adaptive AI streamlining, designing attackers based on the LLM to perform security testing, and different ways in which various forms of obfuscation each close particular channels of metadata leakage.

What's next for AurisMeta

Then, we will consider deploying AurisMeta in test systems to WhatsApp and Signal, and we will train specialized LLMs to attack metadata patterns to a higher degree. Our vision is to scale the system to enterprise traffic and respond within less than a second, provide interactive dashboards to tune the privacy-latency trade-off and provide protection to group chats, voice calls, and metadata of file-transfer.