Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Tor Rival Riffle Promises Anonymity Improvements

The Onion Router, better known as Tor, is the most popular anonymity network out there, but MIT researchers claim to have created an even better system, called Riffle.

The Onion Router, better known as Tor, is the most popular anonymity network out there, but MIT researchers claim to have created an even better system, called Riffle.

Researchers at MIT’s Computer Science and Artificial Intelligence Laboratory and the École Polytechnique Fédérale de Lausanne claim to have created an anonymity scheme capable of not only stronger security, but also of more efficient bandwidth usage compared to exiting solutions.

The newly created system leverages several existing cryptographic techniques and combines them in a novel manner, while also allowing researchers to securely transfer a large file between anonymous users in only one tenth of the time required by similarly secure experimental systems. The system relies on mixnets, verifiable shuffle, and authentication encryption to ensure the expected anonymity.

The new system uses a series of servers called a mixnet, where each server permutes the order in which it receives messages before sending them to the next one. Thus, adversaries tracking the messages’ points of origin would not be able to distinguish between them when they exit the last server. The reshuffling of messages it what inspired the new system’s name, researchers say.

The onion encryption used by other anonymity systems, including Tor, is employed by Riffle as well. This encryption relies on wrapping the message in several layers of encryption before it leaves the origin computer. Public-key encryption systems are used for this. Each of the servers used by Riffle will then remove one layer of encryption, meaning that only the last server will know the final destination of the message.

The use of a mixnet with onion encryption should prove effective against passive adversaries, because they can only keep an eye on network traffic, but proves vulnerable to active adversaries, which can infiltrate servers with their own code. When it comes to anonymity networks, the servers frequently are simply volunteers’ Internet-connected computers that have been loaded with special software.

Thus, an adversary that has commandeered a mixnet router can determine the destination of a particular message by replacing all of the other messages with its own, bound for a single destination. After that, the adversary would simply have to track one message that doesn’t follow its own pre-specified route.

To ensure that this doesn’t happen, Riffle uses a so-called verifiable shuffle technique. The use of onion encryption means that the messages forwarded by the server are completely different from those received, given that one layer of encryption was peeled off. However, the system can encrypt the message in such a way that the server generates a mathematical proof that the messages it sends are valid manipulations of the ones it receives.

Advertisement. Scroll to continue reading.

In Riffle, a user sends the initial message to all servers in the mixnet, at the same time, and servers can independently check for tampering. However, generating and checking proofs is a process that can slow down the network if repeated with every message, and Riffle uses authentication encryption to verify the authenticity of an encrypted message.

More efficient than verifiable shuffle, authentication encryption requires the sender and receiver to share a private cryptographic key. Thus, the verifiable shuffle is used only to establish secure connections through which each user and each mixnet server agree upon a key. Then, Riffle uses authentication encryption for the remainder of the communication session, and the system remains cryptographically secure as long as one mixnet server remains uncompromised.

Related: Tor Project Raises $200,000 in Crowdfunding Campaign

Related: Tor Browser Gets Multiple Security Enhancements

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.