Teams from MIT and EPFL are working together to build a network system using a combination of security protocols.
Tor has long been the go to service for users looking to access the web without eyes peering over their shoulder. However, researchers at the Massachusetts Institute of Technology (MIT) and the École polytechnique fédérale de Lausanne (EPFL) in Switzerland are looking to develop their own anonymous network, even better than that of Tor. And they just might have that cracked.
Called “Riffle”, the network employs several existing cryptographic techniques in combination. Riffle uses a series of servers called a mixnet, that each switch the order of the packets being transmitted. For example, three different users, A, B, and C, reach the first server in that order. The server might then send them on to the next server in a different order, perhaps user C arriving before A, followed by B. The second server then changes that order once more, and so on. Any group attempting to trace a point of origin, would be unable to pinpoint it thanks to the mixnet. This reshuffling of the data packets thus gave it the name Riffle.
Aside from that, Riffle also uses the same onion encryption as Tor. Here, the sending computer wraps each message in several layers of encryption, using a public-key encryption system like those that safeguard most financial transactions online. Each server in the mixnet only decrypts one layer of that encryption. This way, only the final server knows the packet’s destination.
The team says that these two systems together protect from someone who can observe network traffic. What then protects users from an active observer, who can infiltrate a server? For example, someone who has managed to get a hold of a mixnet router? In this case, Riffle uses another technique called a verifiable shuffle.
Because of the way onion encryption works, each message forwarded from a server looks different from the one it received, but it’s follows a specific modification pattern. The verifiable shuffle means that the user’s original encrypted message is sent not just to the first server, but to every one of them. This way, the servers can independently compare the original to the post-decryption message, to ensure a spy isn’t replacing data packets to track a user’s source.
The researchers behind the project claim that, not only is Riffle more secure than Tor, it also uses bandwidth more effectively. “The idea of mixnets has been around for a long time, but unfortunately it’s always relied on public-key cryptography and on public-key techniques, and that’s been expensive,” says Jonathan Katz, director of the Maryland Cybersecurity Center. “One of the contributions of this paper is that they showed how to use more efficient symmetric-key techniques to accomplish the same thing. They do one expensive shuffle using known protocols, but then they bootstrap off of that to enable many subsequent shufflings.
It's still in the developmental stage, however, so don't expect to see any Riffle protocol services soon. You can read more on MIT's website here.
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "dnaTechLaunch, online privacy, online security, Tor, Riffle, Massachusetts Institute of Technology (MIT), Onion Router")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}