Internet anonymity networks like Tor are designed to funnel your browsing habits through an “onion-like” mesh of nodes that conceal your browsing habits, an approach which until recently, was considered very safe. Current research suggests otherwise, stating that “adversaries” can deduct a substantial amount of information by monitoring a few select nodes in an anonymity network. To win back anonymity, MIT researchers have developed an untraceable text-messaging system whose underlying mathematics guarantees complete secrecy.
“Tor operates under the assumption that there's not a global adversary that's paying attention to every single link in the world,” says Nickolai Zeldovich, an associate professor of computer science at MIT, and lead researcher of the group developing the new system. “Maybe these days this is not as good of an assumption. Tor also assumes that no single bad guy controls a large number of nodes in their system. We're also now thinking, maybe there are people who can compromise half of your servers.”
Dubbed the Vuvuzela, after the annoying plastic stadium horn heard during the 2010 FIFA world cup, the system honors its namesake by drowning Internet traffic patterns in noise made up of false data.
Vuvuzela is basically an online dead-drop system: one user drops off a message at a predefined location, concealed somewhere within the memory address of an Internet-connected server, and another user retrieves it.
David Lazar, a PhD student in electrical engineering and computer science and Zeldovich’s co-author of the research, illustrates how Vuvuzela works by describing a scenario in which three users — Alice, Bob, and Charlie — seek to share text messages without leaving behind any evidence of them ever having communicated.
If Bob and Alice were to transmit messages directly to the dead-drop server, but Charlie did not, an outside observer would logically assume that Bob and Alice are communicating. For this reason, Vuvuzela’s first security layer requires that all users send messages to the server, regardless of whether or not they contain any information.
Yet, if a hacker infiltrated the server, they would still be unable to deduce whom is communicating with whom simply by observing which of the two users’ messages are routed to the same address. This is because Vuvuzela uses three server instead of one.
What’s more, each message traveling through the system is wrapped in three layers of encryption; the first server strips off the first layer but scrambles their order before passing it off to the second, which further scrambles the order. Meaning, if Bob’s message arrives first in the first server, it would arrive in a different order in the remaining two. At this point, only the third server sees which messages are intended for which memory address, so even if the first server was infiltrated, there’s no way to know the message’s final destination.
Under these circumstances alone, the observant hacker can still technically infer that the two users whose messages reached the first server with same window of time may be communicating; this is where the noise comes in. When forwarding the received messages to the second server, the first server inserts a slew of dummy messages to act as diversions, complete with their own encrypted destinations. Naturally, the second server does the same, making its nearly impossible for the hacker to confirm if any of the messages arriving within the same time window reached their final destination.
Cryptographically speaking, this kind of system falls under the “differential privacy” school of thought, a principle dictating that noise, or false data, is a key method of protecting users’ privacy within a database when the upper and lower limits are known. By obfuscating these bounds with artificial data, sensitive queries can no longer deduce a participant’s identity from the effect their removal has on the total dataset.
Source: Phys.org
Advertisement
Learn more about Electronic Products Magazine
