Short Bytes: Researchers at MIT and EPFL have come up with a new anonymity network that is said to be more secure than Tor. It’s a mix network which implements methods like verifiable shuffle and Authentication Encryption. The researchers will showcase it at a tech symposium later this month.
The new anonymity network will consume less bandwidth than other networks of similar type while transferring data. Albert Kwon, who is the prime author of the research paper, says that “the initial use case that we thought of was to do anonymous file-sharing, where the receiving end and sending end don’t know each other”.
Kwon, an electrical engineering and computer science graduate, talked about problems like honeypotting in which users are lured into the traps placed inside anonymity networks and the needs of users of websites like Twitter who share their thoughts with other people while hiding behind a digital camouflage.
MIT’s Riffle uses the onion routing used in TOR coupled with other advancements
Riffle is the name of the new network. It uses the same onion routing technique that’s implemented in Tor. So, what’s the buzz all about?
Riffle is kind of a mix network in which the messages sent from different sources are permuted. It is just like a card game where a player shuffles the cards before distributing them to other players. Same happens with messages — If three people send a message, they will be reshuffled each time the message reaches a successive server. Imagine, if there are thousands of such messages present–which is the actual scenario to be dealt with–no one will be able to tell which message came from where.
One problem that exists in Tor is that a stalker can flood a server with his own dummy messages destined to a predefined node and observe the path of a single message which is to be tracked. Obviously, the single message would traverse a different path than the dummy. This enables the stalker to trace its path, even though, he may not be able to access what’s written inside the message.
To overcome this problem, Kwon and his team has proposed a solution verifiable shuffle. Instead of sending the message to a single server, the message will be sent to all the servers along with a mathematical proof which can be used to verify each message independently. So, any alterations made to a message by any server would be tracked with ease.
Now, the verifiable shuffle has its own drawbacks. The method sounds like a child’s play if the servers have to deal with 5 or 10 messages. But the real situation would be far worse than expected if the verification is to be done for millions of messages spread over thousands of servers.
A workaround has also been proposed, namely Authentication Encryption. This involves generation of a unique private key to encrypt the message which is done by the user who initiates the message. The private key is sent to all servers and then the subsequent operation is carried out by verifying the message at each new server against the unique private key.
Both the mix networks and the private key encryption have been in existence for years but their individual shortcomings have prevented them from being used effectively. Kwon and his team worked hard to make effective use of these methods and came up an effective and secure anonymity network known as Riffle.
Devin Coldewey writes for TechCrunch,
“There’s no downloadable version of Riffle right now — Kwon said he’d like to clean up the code a bit first, since it’s really just a prototype at present. There’s no plan to commercialize it, either, nor will it be a replacement for Tor, even though it does some things vastly better.”
Maybe Kwon doesn’t want to put up Riffle as a prime competitor to Tor but we do have something more reliable than the existing technologies, at least, on paper. The advent of Riffle could cause sleepless nights to the security agencies like NSA and FBI. And, we may see more whistleblowers like Edward Snowden.