Tor is the household name in anonymous networks but the system has vulnerabilities, especially when it comes to an attacker finding out who is sending and receiving messages. Researchers at MIT and the École Polytechnique Fédérale de Lausanne think they have found a better way in a system called Riffle. You can dig into the whitepaper but the MIT news article does a great job of providing an overview.
The strength at the core of Tor is the Onion Routing that makes up the last two letters the network’s name. Riffle keeps that aspect, building upon it in a novel way. The onion analogy has to do with layers of skins — a sending computer encrypts the message multiple times and as it passes through each server, one layer of encryption is removed.
Riffle starts by sending the message to every server in the network. It then uses Mix Networking to route the message to its final destination in an unpredictable way. As long as at least one of the servers in the network is uncompromised, tampering will be discovered when verifying that initial message (or through subsequent authenticated encryption checks as the message passes each server).
The combination of Mix Networking with the message verification are what is novel here. The message was already safe because of the encryption used, but Riffle will also protect the anonymity of the sender and receiver.
[via Engadget]
that’s pretty neat, but when can we actually use it?
As soon as they’re finished developing tools to circumvent the protections, for the NSA, FBI, et al.
So true
Sent to every server in the network? How can that scale?
The network will DDOS itself into equilibrium? That’s a bold move, Cotton. Let’s see if it pays off for them.
Why not? With some IP TTL equivalent packet will simply die itself. And network “noise” with today’s network speed is nothing.
by increasing latency via a mixing process at the server where all incoming packets are mixed and then sent out in random order over x period of time.
this can lead to very high latencies in extreme situations but with enough mix servers it shouldn’t be too bad.
I thought the same. Here it says if at least one is not compromised. Therefore “every server” could be relative. That is, you could have groups of servers. If you only have 3 onions in Tor, you are trading anonymity for latency. With this, if you have 20 servers you have a level of protection against timing attacks, if you have 200 servers, you have more, but higher overheads, and vice versa. So if my understanding is correct, trust within the group of servers becomes important. And of course with all of these, the network effect – getting a lot of people is paramount. Trust and uptake will require a miracle of a trusted organisation and good PR. A US Military department started Tor (kick starting the network effect and with some trust), you would need Tor to either adopt this new measure or publicly support a second network if they believe their current one will eventually become obsolete.
This isn’t a new Tor but instead is a tweaked Freenet.
Whatever it takes to get drugs to suburbia and let terrorists plan and fund themselves….
Don’t forget about my^H^H the contract killing scams!!!
they seem to be able to do that even with todays encryption with known ways to break it
Just clutch your assault rifle extra tight at night
I don’t think there’s anyone who thinks using an “assault rifle” (I assume you mean some form of automatic weapon) for home defense is a good idea. I will, however, cuddle my AR15 as I fall asleep at night. It’s so cute when it’s fast asleep :3
Seriously? I bet I can find 100K people who will call it a good idea in as fast as google can deliver the results.
Also, it depends on the type of place you call home I guess.
Make your own mix/router in your vpn-enabled ddwrt,router, simply cycle the server name as follows:
while :
do
ps | grep open | awk ‘{print “kill -9 ” $1}’ | sh
PORT=1194
PROTOCOL=udp
n=$(/dev/null);n=$((n % 12))
case “$n” in
0) SERVER=”bogus1″;;
1) …
esac
….
echo tls-auth /tmp/openvpncl/ta.key 1 >> /tmp/openvpncl/openvpn.conf
openvpn –config /tmp/openvpncl/openvpn.conf –ca /tmp/openvpncl/ca.crt &
n=$(/dev/null)90
echo “Sleep:$n”
i=0
while [ $i -le $n ]
do
echo “TICK: $i/$n”
sleep 15
i=$((i + 15))
done
done
God bless American At least a few groups are still out there trying to protect our rites everybody else is so scared to get hurt or get offended that they won’t hardly go out and do anything . Get out there kick some ass offend somebody don’t be afraid to change something that’s what makes this country great . Good job MIT!!!!
A ‘rite’ is a religious or other solemn ceremony or act.
Rights however are the thing you were thinking of – I hope
Strictly speaking they’re protecting rites as well.
Pedophiles rejoice-swap pics without fear of reprisal, that’s what makes this country great. Good job MIT!!!!
FTFY
That’s the nature of a free country, bud. You either let everyone be free, and police illegal things after they occur, or you restrict everything and monitor everyone, and become the Fourth Reich. Your choice, but I’ll take the former.
Praise Poseidon!
Sounds pretty slow. How will child molesters get their highres photos through that?
slowly…
They’ll just back up to your kid’s school.
Well.. We now know what you look forward for… LOL.
Quite right, we should instead make all walls transparent and install cameras and trackers in everybody’s head (I know they all already carry them everywhere, but in their heads is even better).
Then we can also finally get rid of people asking for rights and the LGBT deviants and socialist and communist and atheists and people who like cats. Oh and jews of course, and mexicans and negroes and such. And people who question executing civilians from other countries or who complain about torture.
And let’s not forget the poor! Those bastards make our great democracy look bad! It’s not like they’re real people anyway.
Can’t believe I forgot the poor, luckily the cops are already on that right now so they got our backs.
As the original article says, creds must also be given to École Polytechnique Fédérale de Lausanne (EPFL)…
Quite right, thanks. I’ve updated the article.
I haven’t read the white paper but…. when they talk about uncompromised servers… smells like… like everywhere, if you have a compromised server, you will have a leak… i dont know how they invert that to only need one good server… and that fast and scalable thing using multicast… do they mean flooding scalable??
I have many doubts about it…