Onion routing for the next generation
Next week, boffins will unveil a new anonymous internet tool that they say is both faster and more reliable against attack than Tor, while still keeping online use impenetrable to spies.
Dubbed Riffle, the new system was developed by MIT and the École Polytechnique Fédérale de Lausanne in Switzerland.
It uses the same Onion encryption system as Tor, which wraps messages in layers of encryption to preserve privacy.
Riffle [PDF], like Tor, also uses servers set up as a mixnet – a way of scrambling the nature of a message as it passes from system to system.
But the special sauce in Riffle is that it toughens up the network against those seeking to track users.
Such attacks are a big concern for Tor users, especially since last year researchers at Carnegie Mellon University apparently found a way to deanonymize sections of the Tor network by using a series of infected nodes.
The research team got a reported $1m bounty from the Feds for that research – but Riffle could render the technique moot.
“Riffle uses a technique called a verifiable shuffle.
Because of the onion encryption, the messages that each server forwards look nothing like the ones it receives; it has peeled off a layer of encryption,” MIT explained.
“But the encryption can be done in such a way that the server can generate a mathematical proof that the messages it sends are valid manipulations of the ones it receives.
Verifying the proof does require checking it against copies of the messages the server received.
So with Riffle, users send their initial messages to not just the first server in the mixnet but all of them, simultaneously.
Servers can then independently check for tampering.”
It’s a very secure system, but also one that’s very resource-intensive.
So Riffle uses a technique dubbed authentication encryption, whereby every server works together so that as long as one of the routing computers remains uncompromised, the encryption of the message stays secure.
“The idea of mixnets has been around for a long time, but unfortunately it’s always relied on public-key cryptography and on public-key techniques, and that’s been expensive,” says Jonathan Katz, director of the Maryland Cybersecurity Center and a professor of computer science at the University of Maryland.
“One of the contributions of this paper is that they showed how to use more efficient symmetric-key techniques to accomplish the same thing.
They do one expensive shuffle using known protocols, but then they bootstrap off of that to enable many subsequent shufflings.”
As a result, the system is both strong and efficient.
The development team says it takes a tenth of the resources to send large files as other anonymizing services and provides much better protection against active and passive monitoring.
Riffle will be released at next week’s Privacy Enhancing Technologies Symposium in Germany. ®
Sponsored: 2016 Cyberthreat defense report